Published on: 2022-02-11T02:39:15+00:00
A proposal has been made to make the protocol design completely interactive for the Validating Lightning Signer project. In this proposal, the client sends a nonce over DNS and the oracle responds by signing the nonce. However, it was pointed out that using quantized timestamps could mitigate many issues regarding denial of service and make fault proofs stronger.The oracles' messages can be delivered over a write-only channel like Kryptoradio or Blockstream Satellite, which would scale well. When the oracles produce agreeing messages, the additional data is only 64 bytes per additional signer, so it makes sense to broadcast any a client may want to trust.To reduce their attack surface, it is suggested that the oracles be non-interactive. Instead of signing over a client-provided timestamp, they could pre-quantize the timestamp and emit attestations for each quantum time step.This proposal is related to the design doc available at https://gitlab.com/lightning-signer/docs/-/blob/master/oracle.md.The use of oracles to provide a moderate level of confidence to lightweight clients in the filters they have received from an untrusted source has been outlined in a design document which inspired Neutrino. The determinism of the filter headers allows for them to be simply and compactly attested by a potentially large number of authoritative sources with minimal loss in privacy. These sources could be exchanges, hardware wallet manufacturers, block explorers, or other well-known parties.DNS is the most obvious transport for these oracles, and several implementations of tools exist which provide either headers or raw filter data to clients by encoding it in record responses. This allows oracles to operate with low resource requirements and attack surface while providing a privacy-maximizing service to their clients. Other tools can also aggregate the signatures into other formats as required.Clients can consider their view of the current network state to be strong when several of their oracle sources present agreeing signatures, or display an error to their user if no suitable number of attestations could be found. Fault or fraud proofs can be generated by any party by simply collecting differing signatures, making errors readily apparent and provable.Host names and their associated keys would be baked into the binaries of client software supporting the system, but their location and credentials could be attested in a text file of their primary domain. Oracles would return the current block hash, hash of the tip of the neutrino header chain, and an ECDSA signature over the data including the requesting quantized timestamp. This provides the client with sufficient and portable evidence that their view of the state of the network has not been tampered with, while maintaining as much privacy as possible.This proposal would be very useful for the Validating Lightning Signer project as it allows the signer to ensure that the channel is still active. The related design doc can be found at https://gitlab.com/lightning-signer/docs/-/blob/master/oracle.md.
Updated on: 2023-08-02T05:34:25.680202+00:00