Latest Strikes 48 - July 31st-August 6th 2023

Latest Strikes 48 - July 31st-August 6th 2023

Welcome to Latest Strikes, your weekly recap of all the things happening in the Lightning world. Last week got us splicing in Core Lightning, some nice wallet releases, and the beginning of the work on experimenting with reputation-based mitigation against channel jamming. Let's dive in!


Stacker News "Hacked"

An update in Stacker News introduced a bug that led to rewards paying too much sats to users (concatenating numbers instead of adding them). The bug has been fixed, but one user managed to withdraw some of the sats, before returning them. The regained funds will be gradually redistributed to all users as rewards over the coming months.

A useful reminder that secure development and operation of Lightning applications is hard!

Nodeless Goes Open Source

The Nodeless payment processing platform is now open source! As Nodeless' developer explains, their initial decision to not open source the software right away was based on fear that it could drive away investors. Since no investor showed up anyway, they decided to open source the thing!

Nodeless allows you to easily accept Bitcoin and Lightning payment. All you need is an email to sign up, and the first thing you'll notice on the website is a little alert urging you to fill your withdrawal information. Indeed, Nodeless supports automatic withdrawals to Lightning Address or on-chain, where any amount you receive is automatically withdrawn every minute (or every 30 minutes if using on-chain), which helps reduce the trust you need to put into Nodeless. Finally, the fee model is pretty straight forward: 100 sats fixed and 1%, on every transaction.

I'll always be advocating for trustless, self-custodial and sovereign solutions, but Nodeless is a nice first step in that direction thanks to its automatic withdrawal feature. However, it'll really shine once it supports alternative static Lightning payment codes (such as keysend or Bolt12), since a Lightning Address itself requires running a web server, and the whole point of using Nodeless is to not have to run one.

Wallets & Tools

Facilitating Access To Lightning Nodes For Dissidents And NGOs

The Human Rights Foundation (HRF) and Voltage announced a partnership aimed at facilitating access to BTCPay server instances to NGOs and dissidents worldwide. The HRF was previously working with members of the BTCPay team to help such profiles integrate BTCPay into their online presence (notably to funnel donations and support), but the hardware part always remained a hard part of the process.

With Voltage joining the effort, activists will enjoy easy node and liquidity management, high uptime, and efficient troubleshooting.

The Mutiny team also shared how they're improving their users privacy with Voltage, by having any invoice generated by a Mutiny user automatically wrapped by Voltage[1]. From the sender's perspective, the invoice seems like it's paying Voltage's node, but as the preimage is known only the user, Voltage has no choice but to forward the payment to them.

BTC <> LN Swaps In Peach

Peach added a feature to swap Lightning sats against on-chain in a peer-to-peer fashion. Nice!

The v3 of Alby was released, mostly bringing new nice features to use one's Alby account with the extension. As a reminder, there are two several concepts: an Alby account is a custodial account, which features a dedicated Lightning Address ; while Alby itself is a browser extension that facilitates the usage of Lightning in the browser and can be connected to a variety of Lightning backends (an Alby account, a LNBits account, one's own Lightning node, etc.).

With this update, if you use an Alby account, you'll be able to generate a master key (backed up as a 12 words seed) from which your private keys for Nostr, on-chain Bitcoin and LNURL login will be derived. If you already imported a Nostr private key it will be kept by default, but you can later decide to use the new one (derived from the master key) if you wish. Also note that generating the master key will change the private key used for LNURL login, and hence what account you're connecting to on services that use such a login method (such as lnmarkets). The Alby team put out a guide to help you migrate from your old "LNURL identity" to the new one.

On a different note, the Blink custodial wallet also added Lightning Addresses for all their users.

Mash Wallet

The Mash team released their custodial mobile Lightning wallet last week. They went with a Progressive Web App (PWA) to circumvent any current of future app store censorship, and the app provides a dedicated Lightning Address for each user. It has all the traditional features we expect from a Lightning wallet, but ultimately the goal of the app is to reduce friction when browsing websites that use Mash for monetization (such as Love is Bitcoin and The Bitcoin Manual, to name a few), by making a user's Mash wallet accessible from the browser. With the Mash app installed, you'll be able to access your wallet from any Mash-enabled website and donate with only a few taps, without leaving the browser. That's a net improvement over the current mobile experience, where donating to a content creator (for example, on a blog) usually requires to copy and paste an invoice or a Lightning Address into a distinct wallet app. Nicely done!

LOOP Update

Lightning Labs' submarine swap protocol Loop got a new update, enabling users to "loop out" (i.e. perform a reverse submarine swaps, where they send Lightning funds and receive on-chain coins) to an external wallet. To do so, the external xpub must first be registered and given a custom name in the loop client. Then, any loop out can be made to a new address derived from this xpubs, even when "autolooping" (where the loop client follows a set of rules and thresholds to automatically perform swaps, for example to rebalance channels).

This new feature could prove extremely useful in a variety of situations, by performing in only one transaction what previously required two. For example, putting coins back to cold storage ; or in multiple nodes setups, where the loop-out of one node could feed another node's on-chain wallet.

Spec & Implems

Splicing Into Core Lightning

Splicing has been merged into Core Lightning! So, where are we at ?...

  • ✅ Eclair
  • ✅ Core Lightning
  • ⏳ LND
  • ⏳ LDK

Who will be next?

Jamming Mitigation Dry Run

Preliminary work has begun to gather real-world data to assess the practicality and effectiveness of a local reputation system based on HTLC endorsement to mitigate channel jamming, as well as devise sensible configuration defaults. The first step would be to collect anonymized data on payment forwarding, with a standardized format so that node runners that decide to partake in the experiment can run the analysis tools locally and only export aggregated data to researchers. Typical data would the time between a HTLC enters a channel and the moment it is settled, the rate of success, liquidity availability, etc. This data would be collected without any reputation system in the beginning, until participating nodes start propagating their experimental endorsement signal along each HTLC they forward. This endorsement signal will from then on be taken into account, but will only later feed the reputation algorithms that will be rolled out in the third phase of the experiment.

Of course the raw data being examined here contains very private information, such as channel and node ids, or even HTLC resolution times which could be used in timing correlation attacks. Hence the emphasis on providing node runners with the appropriate toolkit to allow them to process the data locally, and only export aggregate anonymized data (for example, instead of the resolution time of each forwarded payment, provide the median resolution time for each channel, with the channel id being anonymized).

This experiment, conducted across all major implementations (Core Lightning, Eclair, LDK and LND) will help validate the behavior of local reputation algorithms using real-world data (notably in the "steady state" where everything is fine), enhance synthetic data for attack simulations, and gather liquidity and slot utilization insights for setting resource defaults.

Closing Bit

La rue s'étrécit
Sa fraîcheur est celle
D'un col qu'on franchit.

De l'autre côté la place
Dore ses pénitents
Au soleil de midi.

  1. Every Mutiny user has its own self-custodial node, but uses Volatge's LSP Flow to get inbound liquidity. They can also open their own channels, at their sole discretion. ↩︎

Privacy Policy