[lalaland1125]

Lightning appears to add more problems than solutions. It has a whole bunch of critical issues. Here is a short list.

1. You need to have a computer constantly online or your counter party can easily steal all your money. This leaves you vulnerable to all sorts of attacks.

2. The lightning network works by routing payments through a network to your destination. The issue here is that the routing for the lightning network is extremely complicated and is currently an unsolved (and probably unsolvable) problem. The core issue is that you have to route money though a network where channel capacities are changing with each and every transaction. Imagine trying to route internet packets if the size of the links changed thousands of times per second.

3. It's relatively expensive to create and destroy channels at about two transactions per channel. Lightning proponents claim that this will be rare, but that can only be the case if there is minimal net flow of money. This is trivially not the case because users will be sending bitcoin more than they recieve and the reverse for retailers.

4. Lightning has huge capital costs. You need to lock up large amounts of bitcoin in these channels for significant amounts of time. There is a real cost for this in terms of the lost interest. Channels are certainly not anywhere close to free.

[EthanHeilman]

>1. You need to have a computer constantly online or your counter party can easily steal all your money. This leaves you vulnerable to all sorts of attacks.

This isn't not the case. You can outsource channel monitoring to other peers in the network such that if anyone attempts to cheat you, they can punish the cheater and claim a reward. Bitcoin makes various security assumptions such as 51% of the mining power is honest, users have access to perfect information about the blockchain, etc... The LN, if the software is designed correctly, is likely to more realistic security assumptions than Bitcoin itself.

>3. It's relatively expensive to create and destroy channels at about two transactions per channel. Lightning proponents claim that this will be rare, but that can only be the case if there is minimal net flow of money. This is trivially not the case because users will be sending bitcoin more than they recieve and the reverse for retailers.

Channel factories[0] address this problem such that you can move channels between participants without touching the blockchain. There are also ways to do this whereby you switch n channels for a single transaction that spends log n outputs.

[0]: Scalable Funding of Bitcoin Micropayment Channel Networks https://www.tik.ee.ethz.ch/file/a20a865ce40d40c8f942cf206a7c...

[Klathmon]

Don't channel factories only allow you to move channels between users who were a part of the original multiparty transaction?

It's a fantastic idea, but I feel it more has usecases between popular hubs and less for actual users.

Although they also have the side effect of making the initial transaction on the blockchain up to 90% cheaper, so they are useful there too!

[EthanHeilman]

>It's a fantastic idea, but I feel it more has usecases between popular hubs and less for actual users.

Won't actual users be connected to popular hubs? For instance Alice's connects to Hub1, Hub2, and Hub3 via a channel factory.

[Klathmon]

That is true! The biggest downside with channel factories is that noncompliance from one party forces the whole factory to close and reopen without them, which gets much more likely with every added participant. But if there is only one participant which is "untrustworthy" (on some level, in the sense that they aren't trusted to stay online as much as well known nodes are), then the system could work fine.

That's really interesting, and opens up a lot of ideas. Still, I think we should avoid trying to bring up channel factories for now. They are still a few steps away as they add more complexity to an already complex system. Focus on getting LN up and working, then add in nice-to-haves like channel factories slowly once vendors are on-board.

[EthanHeilman]

I agree there is enough to do with getting the LN up and running. However the future of layer two protocols is extremely bright and the current limitations of the system are clearly surmountable. Add op code support for channel factories and you can change key sets on an arbitrary number of factories with one 200 byte on-chain transaction.

Given all the money flying around ICOs, it is pretty amazing that there isn't more money flowing into layer two. Hopefully that will change in 2018-2019.

[Klathmon]

2 isn't true at all, routing isn't nearly that complicated and I don't know why everyone thinks it is. Most routes are expected to be under a few hops. But regardless we will find out soon as the number of nodes on the live system is very rapidly growing.

3 doesn't really apply, as channels can be used as middle hops to rebalance.

If I give money to you for a good/service and drain my channel. Then I buy more Bitcoin from coinbase, coinbase can route that BTC to me through you to rebalance our channel so it is all on my side.

4 isn't true, as "locking the BTC up" is basically making it available. Would you consider depositing cash into a checking account "locking it up"? Because that's the equivalent here. But also locktimes are normally a few days.

[lalaland1125]

2. Where is the evidence of this? Sure, routing can be easy and short if it's centralized and the number of hops is small. But, if it's centralized, then what's the point of using Bitcoin? Where is this mystical routing algorithm that will work in the presence of constant capacity changes over a decentralized network?

3. The issue here is that the flow for all channels across the entire network needs to be about balanced for things to work out properly. Once someone starts either net accumulating bitcoin or net dispersing bitcoin, then there will be problems somewhere on some link.

4. I can take money out of my checking account at any time at no expense.

[Klathmon]

About 2, like I said we should know soon if it will work. I just don't think that most channels will be updating as quickly as you think, and even if they are, a channel will know of someone is trying to route through it, so it can avoid trying to route another tx for the duration of the first.

3. Fees can and will help balance things out. If a channel is really unbalanced, negative fees can strongly incentivize rebalancing in many cases. If it starts to get unbalanced again, fees can increase to help reduce the speed that it unbalances.

4. You can also take money out of LN at any time (assuming your counterparty I cooperative). Only in the case of non-cooperation do you need to wait for locks to expire, and in that case you get ALL money from both sides of the channel, and need to wait for the lock to expire.

Id love it if my bank could give me 2x my money if it takes more than 3 days for me to get my money...

[JumpCrisscross]

> You can also take money out of LN at any time (assuming your counterparty I cooperative)

This isn’t what people mean when they imply liquidity. Needing consent and being able to unilaterally demand cash are different domains. The former is e.g. a holding in a fund or coins in a LN, the latter is a consumer checking account.

> Id love it if my bank could give me 2x my money if it takes more than 3 days for me to get my money

Or lost 90%. We had this in the era of free banking, i.e. pre Federal Reserve. We then split the speculation and transfer functions of our financial system and ended up better for it.

[Klathmon]

>This isn’t what people mean when they imply liquidity. Needing consent and being able to demand cash are different domains.

I don't understand what you are trying to say here. You don't need "consent" if you want to wait the 3 days, but if you get "consent" from your counterparty you can get it instantly. 3-days is about as fast as ACH. But if you want, you can feel free to open channels with shorter locktimes if needed.

>Or lost 90%. We had this in the era of free banking, i.e. pre Federal Reserve. That history is one Bitcoin is presently replaying.

But you can't lose money if LN is working correctly. The whole idea is that you sign the transactions saying "if this is broadcast under these conditions, you get all of my money" when you open the channel. It's literally not possible to fractionally lend on LN, because all money MUST be there, and signed, for you to use it.

I've had conversations with you before, and I'm fairly sure you don't understand the basics of Bitcoin as you keep repeating these things as fact, so I'm going to stop replying here. Please make an effort to understand it before you start denouncing it. Or at least explain why you think these apply to the conversation in ways that someone like myself who isn't well-versed in traditional banking systems but understands Bitcoin technically will understand.

[JumpCrisscross]

> if you get "consent" from your counterparty you can get it instantly. 3-days is about as fast as ACH

You said, like a checking account, one “can also take money out of LN at any time.” I clarified that when people say “take money out at any time,” they mean unilateral liquidity. You can unilaterally demand cash or an instantaneous Fedwire transfer, the latter which costs 3 to 69 cents [1] (though some banks heftily upcharge this service), against your checking account balance. It takes a good deal longer to settle a LN balance (theoretically).

TL; DR The Lightning Network has some neat features, but pitching its liquidity as analogous to a checking account’s is disingenuous.

> you can't lose money if LN is working correctly

This applies to anything. In finance, things never work correctly because someone, somewhere, can be trusted to be an arsehole.

> It's literally not possible to fractionally lend on LN

The number of Americans who have lost a single U.S. dollar to this threat since the FDIC was formed is basically zero. The number of Americans who have nuked substantial fractions of their net worths speculating on Bitcoin is significantly greater.

[1] https://www.federalreserve.gov/paymentsystems/fedfunds_corep...

[wan23]

> This isn’t what people mean when they imply liquidity. Needing consent and being able to unilaterally demand cash are different domains. The former is e.g. a holding in a fund or coins in a LN, the latter is a consumer checking account.

Is it really true that you can get easily the money out of your checking account if your bank declines to give it to you? In a traditional bank account, it is possible to place a hold on an account for various reasons, mostly when compelled by the government.

[JumpCrisscross]

> In a traditional bank account, it is possible to place a hold on an account for various reasons, mostly when compelled by the government

The traditional hierarchy of liquidity goes first cash, then Treasuries then checking accounts. Checking account balances (i.e. senior, registered claims on a bank) are junior to the first two (i.e. senior, registered claims on the U.S. Treasury and senior, unregistered claims on the Federal Reserve, respectively) for the reason you specified. I still contend a checking account will more reliably produce immediately-available funds quicker than a LN "deposit," even if one is a criminal.

This sidelines into why I believe illegal markets are the only place blockchains have a shot at being a currency. Shadow economies are substantial, between $1 and 3 trillion in the U.S. alone [1]. It's a different pitch from "replace the U.S. dollar," but it's more realistic. (I am not advocating anyone do anything illegal.)

Stepping back, it's pertinent to look at the Two Generals' Problem [2] which Satoshi's paper solved. It's a problem of exchanging information, not value per se. Blockchains are here to stay, but not--in my opinion--as currencies. Libor on a blockchain or legal documents "Docusigned" on a blockchain are far more compelling than "we'll make our light-speed payments system less reversible and better for illegal activity". They're also use cases which become difficult to justify if the "tokens" underlying them rise in value.

[1] http://www.imf.org/en/Publications/WP/Issues/2018/01/25/Shad... Table 4, page 11

[2] https://en.wikipedia.org/wiki/Two_Generals%27_Problem

[freejulian]

Lightning uses the same routing algorithm as tor — it’s an onion router. It has the added benefit of no one in the network knowing where transactions are from or whom they’re to.

With regards to channel capacity — fees in lightning are proportional to the amount of the transaction. If you are sending a transaction which consumes a large amount of capacity, you pay a high fee. Note how this is a fundamental difference from onchain transactions where fees are proportional to the amount of block space used.

Lightning is more akin to an atm. You pay a fee to take out cash, but you can then transact instantly all day with nearly no fees.

[philipwhiuk]

Tor has a centralised list of exit nodes.

[Klathmon]

which doesn't apply to tor hidden services, which work fine without an exit node.

[shazow]

Sounds like you're familiar with the tech, maybe you could answer a couple of questions:

> If I give money to you for a good/service and drain my channel. Then I buy more Bitcoin from coinbase, coinbase can route that BTC to me through you to rebalance our channel so it is all on my side.

Could you point me to details about how cross-channel rebalancing happens?

Since lightning network channels are purely 1:1 (per the whitepaper); say you drained your channel to me, how does your channel with Coinbase allow you to route BTC to our channel without reopening a channel (requiring on-chain transactions)?

The whitepaper mentions hops, but I can't find any details on how they actually work.

> But also locktimes are normally a few days.

Does that imply that every channel needs to make an on-chain transaction every few days to reopen/keep the channel open?

[Klathmon]

>Could you point me to details about how cross-channel rebalancing happens?

Lightning transactions are less like TCP packets, and more like water in a pipe. If I put 1 ml of water in a pipe full of water, 1 ml comes out the other end, but it's not the same water.

It works like this:

I can give you 1 apple, but I contractually obligate you to give 1 apple to my friend Bob, and if you don't you get penalized. You won't actually give Bob the apple I gave you, you'll give him another apple that you have, and if you don't know exactly where bob is, you could give an apple to someone else, telling them to eventually give an apple to bob "or else". (in LN, the "or else" is actually cryptographically secure pre-created transactions)

Because of this, each 1:1 channel is actually a network of 1:1 channels that can move in both ways.

In my first example, there was an unwritten implication that you would have a connection to coinbase somehow through another channel. So if I paid you 1 BTC for something, and you have a connection with coinbase (either directly, or through another channel), then if I buy from coinbase they can send that money "through" you to recharge our channel, without you really "spending" any money. And you are more than happy that happened, because now I can buy more from you directly through our channel, so you might incentivize that kind of routing by setting an extremely low, or even zero, or even NEGATIVE! fee.

>Does that imply that every channel needs to make an on-chain transaction every few days to reopen/keep the channel open?

No, locktimes only come into play in the case of non-compliance. If we have a channel with a 3-day locktime, on day 2 we can agree to re-up our lock for another 3 days (really at any time we can), we can also agree to close it right now if we want, all off the blockchain. Only when you either try to cheat, or become non-responsive do locktimes come into play.

[shazow]

Sorry, I didn't mean in layman metaphors but the actual mechanics. (I am technical and fairly familiar with Bitcoin, I'm just having a hard time convincing myself from reading the Lightning whitepaper and I'm hoping to find some alternative explanations that are clearer.)

Like what kind of transactions/operations need to happen between nodes for two channels to get rebalanced?

> No, locktimes only come into play in the case of non-compliance. If we have a channel with a 3-day locktime, on day 2 we can agree to re-up our lock for another 3 days (really at any time we can), we can also agree to close it right now if we want. Only when you either try to cheat, or become non-responsive do locktimes come into play.

Right, I understand that it's for non-compliance, that's why I was assuming that this part has to happen on-chain.

Aren't timelocks enforced on chain? How can we agree to extend our timelock without committing that agreement to the blockchain?

I understand that the premise of timelocks is that if there's a conflict, the channel collapses and the timelock buffer period allows the victim a period to claim restitution (hence needing to stay online or have a service do it on their behalf).

[Klathmon]

>Like what kind of transactions/operations need to happen between nodes for two channels to get rebalanced?

So "rebalancing" is kind of a word for a side-effect of normal routing.

It's all based on fees. So if you have a channel with "the network" (either through 1 or more channels to a big hub, or some other way), and I have a single channel with you, then another channel with "the network".

Our channel started off with .5 BTC from each of us. Then I paid you .4 BTC so the channels are:

You: .9 BTC, Me: .1 BTC.

Nodes broadcast fees, so you would broadcast that for me to send money from me to you (either directly, or through a "hop"), it will cost 20 satoshis. But you can also broadcast that for someone to send money the opposite direction (from you to me), it's free right now. Someone that wanted to pay a 3rd party unrelated to us would try to find a route that went from you to me then to the rest of the network.

So really "rebalancing" is just incentivizing someone else to rebalance your channel by exploiting their selfishness and want of low transaction fees and to include you as part of a hop. Fees can even go negative, which would make it super beneficial for someone else to include your channel in their transaction (even if it's out of the way, or doesn't serve any real purpose) to get a bit of money from it!

Who actually broadcasts the fees can be found by looking through popular node software (each node only broadcasts one direction of the channel, and I don't remember which it is right now), as well as the broadcast system (which I genuinely don't know off the top of my head).

>Aren't timelocks enforced on chain? How can we agree to extend our timelock without committing that agreement to the blockchain?

Yes and no. They are "enforced" on chain in the sense that they can't be accepted into a block until a specific block number. But they aren't ever broadcast to anyone else until you are ready to use them. In essence all LN transactions are created, but kept secret until ready to be used. The whole concept of LN relies on the fact that if we make a transaction but never broadcast it, did it really happen? If you and me agree to make a new transaction saying "this expires in 3 days from right now", technically the original transaction is now valid once 3 days pass from it, but if you try to broadcast the tx that forces all the money to you, I can broadcast the transaction that proves that we did something else after that (our second "update the locktime"), and then gives all the money to me.

Every time we do something to transact, we also create a set of transactions that serve as proof that the old transactions are in fact "old" and shouldn't be accepted, and if anyone tries to broadcast them, we can invalidate them (and enforce a "penalty" to dissuade anyone from trying to cheat).

[IncRnd]

That's fine, but if #1 is true, Lightning is far from workable.

[Klathmon]

#1 isn't strictly true, you don't need to be "always online", only online at some point within the locktime (normally 3 days right now).

You can also hand your "revocable delivery" transactions to a 3rd party (or multiple 3rd parties) who can monitor and broadcast them in the case of cheating, but can't actually spend any of your money themselves.

So you could have a group of people watching the blockchain always online that can punish non-compliance, but you yourself are only online when you want to transact.

[lalaland1125]

Of course, someone could pay off that third party to stop watching your channel.

[Klathmon]

And you could have multiple "watching" services that can prevent any one "watching" service from betraying you.

Obviously controlling your own "watching" system is most secure, but the vast majority of people aren't going to want to do it themselves.

And again, if the biggest worry is that someone will pay off multiple "watchers" then publish a previous version of a channel to steal money from you and hope that your proper node isn't online at any point during the locktime (or DoS your node to prevent you from seeing the bad transaction) to punish the thief and "steal" all the money back. I think we are doing a pretty good job!

[IncRnd]

According to you own words, the answer to poor transaction times is to make transactions less reliable and to introduce centralization.

I have to ask the million dollar question. Has this been threat modeled?

[binarybits]

(1) is false. If you're not online, counterparties might decide to close open channels. But that just means you get your share of the funds in that channel refunded to you. You would need to pay a transaction fee to the bitcoin network for the on-chain transaction, but the other party doesn't get any of your money.

[lalaland1125]

See section 9.5 of the lightning whitepaper:

> 9.5 Forgetting to Broadcast the Transaction in Time

> If one does not broadcast a transaction at the correct time, the counterparty may steal funds.

You need to be online all the time (or at least frequently enough) so that you can publish a penalty transaction if your counter party tries to steal coins from you.

[gruez]

This can be easily be solved by pre-signing that transaction and having a third party service broadcast that transaction if you're not online.

[throwaway2048]

if you have to trust third parties, whats the point?

[gruez]

you don't. you're not handing over the private keys. you sign the transaction locally, and give them to the third party to broadcast in case you're not online. it can even be multiple third parties so you're not trusting a single one. this provides better reliability than broadcasting it yourself on your home/vps/colo connection.

[lalaland1125]

You are trusting those third parties to react accordingly. They could be paid off or attacked in other ways.

[binarybits]

I see what you mean. Three thoughts on this:

* The time lock on commitment transactions is typically set to be a few days, so you don't need to be online "constantly." At most you need to check in about once a day.

* As the white paper says, you can delegate this function to a third party, without giving the third party the ability to steal your funds.

* If the other party tries to steal your funds and you catch him, you get to steal all of his funds. So in practice I don't expect this to be a common situation. If the other guy believes there's at least a 90 percent chance that you'll check the blockchain on any given day, then the expected value of broadcasting a revoked transaction is going to be heavily negative.

[lalaland1125]

One interesting comment about the third point is that once a channel gets sufficiently depleted (say down to 10% of the balance on one side), then there is an increased incentive to cheat (because the potential losses are lower). So you will usually have to keep channels at above a certain balance for security reasons.

[freejulian]

Sure, but there’s services you can outsource that to. Furthermore, if you only use lightning for sending payments (the majority of us) then publishing an earlier version of the channel benefits you!

[philipwhiuk]

Are those services called banks?

[Klathmon]

You could call them that if you want, but they are significantly different than traditional banks.

These services won't actually hold your money, just a transaction that sends all the money to you if someone tries to cheat. It's more of an escrow service than a bank, but the escrow service again doesn't actually hold anything valuable.

[r3demon]

Not exactly banks, but there's a huge chance they will be big corps with a money transmitter license, KYC, AML. What if they refuse your channel or transaction?

[ericb]

> You would need to pay a transaction fee to the bitcoin network

So a micro-transaction is a 10 cent payment that can turn into a 20 dollar fee plus 10 cent payment?

[UncleEntity]

> Lightning has huge capital costs. You need to lock up large amounts of bitcoin in these channels for significant amounts of time.

Isn't that kind of the point?

You conduct your day to day transactions outside the bitcoin network and (presumably) only need to hit the blockchain on rare occasions. Or so I assume not having read the whitepaper.

Having studied the history of money and banking in a previous lifetime I'd say it's more akin to gold backed deposit certificates with guarantees against double-spending and fractional reserves.

[grubles]

"You need to lock up large amounts of bitcoin in these channels for significant amounts of time."

That's actually false. The protocol actually limits channels to a fraction of a bitcoin currently (something like 0.1 or maybe even 0.01 BTC).

[UncleEntity]

I think they mean across all channels implying some "velocity of money" fallacy harming the bitcoin network.

[kbody]

Wow, I guess it's dead then /s

It's an evolving software still in pre-alpha state. But the core idea is solid and if you follow the development you'll see the strides of progress that is being done on all fronts.

To your points.

1. Depending on the options you set to your channels, you could have a window of days (or anything the two parties agree to), to act in case the other party tries to broadcast outdated TXs i.e. steal funds. Also you don't need to have a computer constantly online, you can offload the task to Watchtowers, software dedicated to do that for multiple users concurrently. (You also can have multiple Watchtowers as backups). Also, I imagine it could even be a mobile app. So this is a non-issue.

2. Routing will keep being improved but it's already pretty good and the way you present it screams FUD.

3. Currently crazy low fees aside, LN basically enables the multiplication of on-chain TXs population. I think your assumption is that the retailer will close and reopen a channel for every LN payment they receive which it makes no sense whatsoever from any point of view.

4. If by huge you mean $100 of which the fee is $0.5, sure. You can add any amount you want on an LN channel. Basically it's like a hot-wallet, e.x you can add $1500 for $0.5 fee, and casually spend it for coffees and other small expenses with lower TX fees than a satoshi (since LN supports fees at the millisatoshi = 1/1000 satoshi level).

P.S: This FUD-wave is pretty pitiful, at least get some real arguments. I hope even more people start to recognize that a lot of people have incentives to attack new tech in order to push their narratives for their altcoins or w/e.

[JumpCrisscross]

> It's an evolving software still in pre-alpha state

Now imagine a start-up in this state was hocking shares to college students and grandmas at a $140 billion valuation.

[kbody]

I was talking about Lightning Network nodes, not Bitcoin. Bitcoin at one point was at this stage but through iterations and continuous improvement it evolved to being able to secure all those funds.

The point is that it's disingenuous to deem a new tech dead, while the engineers working on it sill say that it's not yet fully-ready for production.

The implementation and the protocol still evolves, but the core idea behind it is rock solid and the most promising way forward to help with scaling AND enable use-cases that would be otherwise impossible (see microtransactions & realtime millisecond scale monetary transactions etc.)

[JumpCrisscross]

> I was talking about Lightning Network nodes, not Bitcoin

The latter being useless as a currency, per the article, without the former.

[kbody]

I fail to see how this moves the discussion forward, we're talking about how effective LN could be regarding helping with scaling.

Also, note the core idea of LN (updatable non-broadcasted Bitcoin TXs with incentive-based security and eventual broadcast to the blockchain network) is a powerful idea and as we explore this scheme and more engineers get accustomed I am sure we will see even more exciting things.

[lalaland1125]

Do you happen to know where I can find the code or white paper for the current, working, routing algorithm?

[kbody]

Sure.

- Onion Routing Protocol: https://github.com/lightningnetwork/lightning-rfc/blob/maste...

- P2P Node and Channel Discovery https://github.com/lightningnetwork/lightning-rfc/blob/maste...

This repo contains specs for a lot of parts of the LN, although probably there may be changes I imagine.

As for code, one of the implementations, LND (Go): https://github.com/lightningnetwork/lnd/tree/master/routing but there are at least 3 other implementations in the works.

https://github.com/ElementsProject/lightning (clang) https://github.com/ACINQ/eclair (Scala) https://github.com/mit-dci/lit (Go)

[DennisP]

5. With channel networking, you have to be online to receive funds. Unlike (1) you can't really outsource this, unless you're willing to trust someone else to hold your funds for you.

[api]

Wow. I didn't know about #1. That is absolutely, categorically fatal. If that's true then lightning is DOA.

Nothing to see here.

[notsrg]

As long as you solve transaction malleability (segwit), #1 is a non-issue.

[api]

At that point haven't you just reinvented fiat currency?

[notsrg]

I'm not sure how you can come to that conclusion.

[wyager]

Literally none of these are true except for #4. It’s remarkable to have this many incorrect assertions stated so confidently in a single post.

As for #4, I view it like a checking account. You need to have a bit of money set aside in liquid form in case you want to buy something.