From thomasv at electrum.org  Fri Aug 18 11:54:55 2023
From: thomasv at electrum.org (Thomas Voegtlin)
Date: Fri, 18 Aug 2023 13:54:55 +0200
Subject: [Lightning-dev] Resumable channels using OP_CHECKSIGFROMSTACK
In-Reply-To: <CACdvm3Nh67Gq_U5LZUDDFxK4k4eov6gpcT4O30xuDbeg+y-uiw@mail.gmail.com>
References: <0f84f9be-b68e-47db-46b6-3230e4509811@electrum.org>
 <CACdvm3N_ZdNiy9LRmoyz5ThimhigvaoTuCSTVf5FkbjZKQvx9A@mail.gmail.com>
 <fa10c4f4-ec90-cc67-17dc-f967ef827120@electrum.org>
 <CACdvm3Nh67Gq_U5LZUDDFxK4k4eov6gpcT4O30xuDbeg+y-uiw@mail.gmail.com>
Message-ID: <45dd8c27-e0e6-ef0a-1f33-e51bc104d97d@electrum.org>

On 17.08.23 16:20, Bastien TEINTURIER wrote:
> Hi Thomas,
>
>
> I don't think this is an attack wallet providers can reasonably attempt.
> The mobile wallet can check at every connection that the provider isn't
> trying to cheat, and the provider doesn't have any way of knowing when
> the mobile wallet has lost data: it would thus be a very risky move to
> try to cheat, because it is very unlikely to succeed and will result in
> reputation loss for the provider.


I believe your idea of a "wallet provider" conflates two roles:
- the entity that distributes the wallet application.
- the entity that has channels with the user.

Phoenix does not allow users to open channels with arbitrary nodes, thus
these entities are the same for you, and that might be why you think that
the loss of reputation is a sufficient deterrent.

However, if Phoenix was allowing users to open channels and have backup
stored with arbitrary nodes, would you still be comfortable with the idea
that this is an attack these nodes cannot reasonably attempt?

I would not. I think the reputation loss would harm the software
distributor more than the lightning node operator.

Please do not misunderstand me: I have nothing against the fact that
Phoenix users cannot connect to arbitrary nodes. In fact, without
OP_CHECKSIGFROMSTACK or a similar solution available, we will probably
have to adopt a similar development model for Electrum, as far as peer
backup storage is concerned.

However, when we discuss protocol improvements, it would be good to consider
a more decentralized model, where users are free to connect to whatever node
they want, without the permission of their software provider.


cheers,

Thomas