-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support future removal of redundant per-HTLC signatures in CMU
s
#2101
Support future removal of redundant per-HTLC signatures in CMU
s
#2101
Conversation
CMU
sCMU
s
Codecov ReportPatch coverage:
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more Additional details and impacted files@@ Coverage Diff @@
## main #2101 +/- ##
==========================================
+ Coverage 91.14% 91.63% +0.48%
==========================================
Files 101 101
Lines 48888 55401 +6513
Branches 48888 55401 +6513
==========================================
+ Hits 44561 50767 +6206
- Misses 4327 4634 +307
... and 37 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
@@ -493,6 +493,9 @@ impl_writeable_tlv_based_enum_upgradable!(OnchainEvent, | |||
pub(crate) enum ChannelMonitorUpdateStep { | |||
LatestHolderCommitmentTXInfo { | |||
commitment_tx: HolderCommitmentTransaction, | |||
/// Note that the signature is redundant, and can be loaded from the `commitment_tx` as of | |||
/// LDK 0.0.115. After some time it should be set to `None` to reduce the size of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we be more specific with "after some time"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, not really? We haven't really decided at what interval we can break backwards compat for different parts of the API. I'd imagine for this we could consider doing it in two years - having monitor updates lying around isn't all that common anyway, but two years is probably about as big a gap as we'd ever want to reasonably support.
b0367ec
to
2e869df
Compare
`vec_type` is confusing - it is happy to have a missing entry, "reading" an empty `Vec` instead, but always writes something, making a serialization round-trip different. This is a problem for writing a new `Vec` which is backwards-incompatible, but only if filled in. In that case we'd really like the same read behavior, but not write anything if the `Vec` is empty. Here we introduce such semantics via a new `optional_vec` TLV format.
2e869df
to
6f7b3c2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI is not happy:
error[E0599]: no method named `possibly_matches_output` found for enum `HTLCSource` in the current scope
--> lightning/src/chain/channelmonitor.rs:2204:27
|
2204 | debug_assert!(source.possibly_matches_output(htlc));
| ^^^^^^^^^^^^^^^^^^^^^^^ method not found in `HTLCSource`
|
::: lightning/src/ln/channelmanager.rs:268:1
|
268 | pub(crate) enum HTLCSource {
| -------------------------- method `possibly_matches_output` not found for this enum
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM after squash
`ChannelMonitorUpdate`s are our most size-sensitive objects - they are the minimal objects which need to be written to disk on each commitment update. Thus, we should be careful to ensure we don't pack too much extraneous information into each one. Here we add future support for removing the per-HTLC explicit `Option<Signature>` and `HTLCInCommitmentUpdate` for non-dust HTLCs in holder commitment tx updates, which are redundant with the `HolderCommitmentTransaction`. While we cannot remove them entirely as previous versions rely on them, adding support for filling in the in-memory structures from the redundant fields will let us remove them in a future version. We also add test-only generation logic to test the new derivation.
1b90060
to
b72f6b1
Compare
Squashed without further changes. |
CI apparently failed to download electrs, I kicked it:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -2160,7 +2165,53 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> { | |||
/// is important that any clones of this channel monitor (including remote clones) by kept | |||
/// up-to-date as our holder commitment transaction is updated. | |||
/// Panics if set_on_holder_tx_csv has never been called. | |||
fn provide_latest_holder_commitment_tx(&mut self, holder_commitment_tx: HolderCommitmentTransaction, htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Signature>, Option<HTLCSource>)>, claimed_htlcs: &[(SentHTLCId, PaymentPreimage)]) -> Result<(), &'static str> { | |||
fn provide_latest_holder_commitment_tx(&mut self, holder_commitment_tx: HolderCommitmentTransaction, mut htlc_outputs: Vec<(HTLCOutputInCommitment, Option<Signature>, Option<HTLCSource>)>, claimed_htlcs: &[(SentHTLCId, PaymentPreimage)], nondust_htlc_sources: Vec<HTLCSource>) -> Result<(), &'static str> { | |||
if htlc_outputs.iter().any(|(_, s, _)| s.is_some()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comprehension check: do dust HTLCs not have signatures because there wouldn't be a point since they have no output to ever spend/enforce on-chain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. There's simply nothing to sign.
let mut separate_nondust_htlc_sources = false; | ||
#[cfg(all(feature = "std", any(test, fuzzing)))] { | ||
use core::hash::{BuildHasher, Hasher}; | ||
// Get a random value using the only std API to do so - the DefaultHasher | ||
let rand_val = std::collections::hash_map::RandomState::new().build_hasher().finish(); | ||
separate_nondust_htlc_sources = rand_val % 2 == 0; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I get how this would work well with fuzzing, but for normal tests would you just have to run them a couple times to be confident the new implementation got tested? I guess this may be a temporary solution for testing so it's not a big deal?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yea, we have a bit of randomness in tests which avoids having to run every test five times but ensures over time we will hit any issues.
ChannelMonitorUpdate
s are our most size-sensitive objects - they are the minimal objects which need to be written to disk on each commitment update. Thus, we should be careful to ensure we don't pack too much extraneous information into each one.Here we add future support for removing the per-HTLC explicit
Option<Signature>
in holder commitment tx updates, which are redundant with theHolderCommitmentTransaction
.While we cannot remove them entirely as previous versions rely on them, adding support for filling in the in-memory structures from the redundant fields will let us remove them in a future version.