Bitcoin Forum

Antoine Riard, one of the core Lightning Network developers publicly announced his resignation from the project, citing some serious concerns.

https://talkimg.com/images/2023/10/22/TZ31C.jpeg

This puts some serious doubt on the future of lightning and the viability of it as a scaling solution.
What are your thoughts? Is there a path of recovery for developing scaling solutions?
And how about the years of waiting and supposed progress of development on the lightning network? Does it all go to waste?
For many, lightning network was the go to solution to bircoin's scaling issues.

Peter Todd mentioned potential fixes requiring soft forks on the mailing list - https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-October/022042.html

Shinobi says that the problem can be solved just with a few tweaks - https://twitter.com/brian_trollz/status/1715743794098753952

Not sure why some people are calling it dead already.

1. While he's a core dev, he's definitely not the only dev

2. Lightning has never been perfect. But while it technically works, it's simply not ready yet. There's a reason why I never recommended it to normies yet as of yet. But, let's not forget that —

3. Software can be improved

Exactly.
Why even speculate about that when 1 person is leaving the team.

Sure lightning didn't have as much success as it once was hoping for, after all it started very promising. I also never really used it, just tried it out for a split second. The idea behind it is great but it still needs a lot of improvement to be done in the near future fur it to actually succeed.

And from what I understand, they have known it already since 2022. And it require some technical know how to be able to pull this one out successful. So far the exploits haven't been seen in the wild.

Obviously, he is not the only developer, so it this has been found out already, a patch can be made. Just a matter of time.

So the future still looks bright for LN, this is just another bump in the road, and just like any other softwares, there could be bugs to be fixed.

The resignation of one developer does not mean the death of the Bitcoin Lightning Network. It will certainly have a negative impact, especially since there have been many years of waiting, but let us hope that this is not actually the end.

Yes, the Lightning network was the perfect solution to the problems of scaling Bitcoin for many, but unfortunately it did not gain the necessary widespread popularity and remained limited to a few Bitcoin fans, perhaps because Lightning is not as easy to use as the regular Bitcoin network.

I hope that the years of waiting and development will not be wasted without any benefit, but unfortunately the Lightning Network, although it gave everyone high hopes, was faltering from the beginning and it appears that the problems are greater than the solutions it provides.

While this is a disappointment you need to understand that Lightning network is pretty new tech and new tech is usually full of bugs. Look how many hacks are happening on the ethereum network every couple of weeks. So this is understandable. The fact is that it will get fixed as long as the soft fork passes.

Soft forks are very controversial with bitcoin, remember Segwit? So hopefully there will be enough consensus and after we patch all the bugs and holes, we can run the new code and all is well. And keep in mind this is just LN not Bitcoin itself.

franky1 will happy to see lightning network is dead :P

As been mentioned by above users if lightning network is new and Riad isn't the only one developer in this project, similar like Satoshi disappeared and many developers are still develop Bitcoin.

So if you want to use lightning network due to it's cheap fee, you should only use or hold small amount of money, hold the most in on chain.

What exactly is the issue with LN the dev is talking about?

Somebody, who is an expert in LN should explain to us the problem in a simple and easy to understand way.
What are "replacement cycling attacks"? Most of the people here aren't experts.
1.AFAIK, the Lighting Network is a centralized offchain solution and it will always remain centralized.
2.The Lightning Network isn't user-friendly at all. There's plenty of room for improvement in making LN more user-friendly.
3.This guy is simply a developer. He is not "the CEO of Lighting Network". He mentioned in his post that there are senior LN developers.
There's no need to make clickbait forum titles about "the end of LN".

Since I'm not familiar with LN at a technical level I can't comment on the technical matter, however I would like to remind everyone that this is not the first time someone acts like this.
There have been a couple of them in the short time Bitcoin has existed like Mike Hearn, one of the main Bitcoin developers who basically called bitcoin dead as he left the project back in 2016 while referring to Bitcoin as "a failed experiment". We are 7 years later and Bitcoin is going even stronger.

From Jan 14, 2016

the developer @mononautical (https://twitter.com/mononautical) has published the following 4 slides on twitter (x) to go into more detail about the whole thing. the whole mechanism around the newly discovered vulnerability is a bit more difficult to understand. under the link below he gives us (in several tweets) a detailed insight into the whole story

https://www.talkimg.com/images/2023/10/22/Tn1So.jpeg https://www.talkimg.com/images/2023/10/22/TnL3T.png
https://www.talkimg.com/images/2023/10/22/Tnc9l.png https://www.talkimg.com/images/2023/10/22/TnoX1.png
https://twitter.com/mononautical/status/1715736832950825224 (https://twitter.com/mononautical/status/1715736832950825224)

In most cases, you will not get a technical answer here. Ask again in the technical department or https://bitcoin.stackexchange.com/, but if a project fails due to the departure of one developer, then the project is a failure. In addition, the Lightning Network is one of the second network solutions to solve the scalability problem, and there are many side networks.


I was looking for his reply, it seems he hasn't read the thread yet.

Bitcoin is open source and it can be developed by many developers.

Did Bitcoin network stopped or Bitcoin Core wallet software stopped its development after Satoshi Nakamoto disappeared years ago?

In reality, Bitcoin has been continuing its growth and Bitcoin Core has been developed with many more versions after Satoshi Nakamoto disappearance.

Antoine Riad is only one of developers and thanks to his contributions so far, good luck to him in future with his new journey but Bitcoin Lightning Network will not die because of this decision to resign.

LN has alot more flaws then this.
but when it comes to them on another network making demands to need a bitcoin network fork, just to make their network work. it shows their network has bigger problems they cant even resolve themselves on their own network
the issue at hand of this particular flaw it to force bitcoin miners to reject a new softfork transaction format if it uses a expiry that has passed. BUT thus needing a hard fork upgrade on the bitcoin network to ensure its enforced, bitcoin has become easy to let in soft nonsense, unchecked data.. but to strengthen the rules to reject transactions of a certain format requires a hard fork

some of them wanted work arounds like having centralised services to manage funds or watch for abuses. but these do not help the decentralisation promise..
the great thing about code is you can write your own rules on their own network, but if their code has a problem. putting a plaster on it or asking another network to provide them a feature, just shows their are problems at their root

they have became too lax about their scripts. where they have not thought about security, but instead malleability. having a mindset that everything should be soft and not hard has meant many people can find exploits. and even if they try to fork bitcoin to add in a output deadline. it wont fix the issues, there are many other scripting exploits people can use to perform the same attack, the latest one relates to how participants of p2tr do not know all the scripting conditions of all methods to spend. they just blindly sign a part not realising that part can be used against them

i am not going to explain all the flaws(giving scammers ammo) nor logical fixes due to simply not liking their network so they dont deserve help. but atleast now the flaws are starting to get noticed.. best suggestion .. start afresh and use a different payment system model.. make a subnetwork that actually meets its 6yo promises

there are millions of people that tried LN and experienced its flaws and instead moved over to other subnetworks. this is not just one guy leaving. but just a notable guy of millions leaving

i might actually respect core devs again if they made a subnetwork that is truly functional without having to mess with bitcoins rules just to fit. because messing with bitcoins rules has made bitcoin soft. and thats something we should not allow, just to populate someone elses network

Actually it's very technical, that's why no one even attempted to do this exploit.

In any case, here is the paper, author by Antoine Riad himself - https://github.com/ariard/mempool-research/blob/2023-10-replacement-paper/replacement-cycling.pdf

I hope I will see drops of #open channels and sum of channels value.  ::)
https://txstats.com/d/000000012/lightning-network?orgId=1&from=1517011200000&to=1698019199000

Why? Rejecting transactions is not a problem in any soft-fork. Accepting more transactions than usual is a problem.

Imagine an extreme soft-fork, that would reject all transactions, and would allow only coinbase transactions. Peter Todd described it there, it is perfectly valid soft-fork: https://petertodd.org/2016/forced-soft-forks

Which means, adding any kind of "expiration" to the transaction is not a problem at all. You have a node, you receive a transaction, you see "Oh, it's five o'clock! That's all for today!", and then you simply reject that transaction. And then, if most nodes do the same thing, then you cannot send transactions after 5 PM, because it is a soft-fork rule, and if some miner will include it anyway, then the soft-forked network will reject that block. And if soft-fork has 51%, then it becomes a consensus rule.

But yes, the hardest way to reject a transaction, is to include a double-spend. Then, all other transactions, spending the same coins, will be always rejected in the future, because of already existing network rules.

Yes, of course. If you sign a TapScript branch with any OP_SUCCESS, it can be always used to attack. The same will happen, if some soft-fork will not reach 51%. And yes, signing a blind TapScript branch is stupid, because it could be just "OP_TRUE" or even simply "<attackerKey> OP_CHECKSIG". In general, it is the first time, when OP_SUCCESS was introduced, and it can be painful to prove, that "there is no OP_SUCCESS".

Yes, it seems some things are getting more and more soft. And that process will continue. It started with soft-forks, instead of hard-forks, and soon we will reach another stage: no-forks, instead of soft-forks. People will start building more and more stuff, without going through soft-fork signalling, and all of that. The most recent case was Ordinals, that could be somewhat-safe if deployed as a soft-fork, but was deployed as a completely unsafe no-fork instead.

Well, you can always start with unidirectional payment channels, and just disable routing. Then, if Alice has 1 BTC, and Bob has nothing, Alice can give more and more coins into Bob, but she cannot take any coins from him. And then, everything is simple: if you sent some signed transaction, then you passed some coins. It is irreversible. Bob will always get the last transaction, because it gives him the most coins. That model meets all assumptions, but has one drawback: it requires more on-chain transactions than LN, so it will not be deployed. But the funny thing is that some Bitcoin ATM operators supported that proposal more than LN (https://shitcoins.club/resources/pdf/stand_LN_en.pdf).

You can deploy payment channels, that I described above, even without Segwit. The only thing you need is to eliminate malleability. And you don't even need multisig, because Paillier Homomorphic Encryption can do the trick even on P2PK: https://duo.com/labs/tech-notes/2p-ecdsa-explained

I put this in the same pile as the Wormhole attack discussed here: https://bitcointalk.org/index.php?topic=5466886
Yes it can be done, but the cost and effort are so high as to not be worth it.

There are a lot of ways to attack BTC and the Lightning Network. Most of them are so esoteric / expensive / just about impossible to implement as to not be worth it.

Want to destroy LN or at least set it back years and years? Heck I can do that for you for less then BTC20000 / $600 million USD
As of now LN has about 5500BTC in it.
Just start spinning up nodes and connecting to other nodes and charge 0 fees. Just keep adding and adding and adding.
People will connect to you, you connect to others and soon just about every lowest cost route is running thought you.
There are people who have 10+ connections to other nodes but they are all yours.

But you now have 45000 nodes which is 3x as many as there are now and those 20000 BTC are all in LN so you own control 75% of the LN. Probably take about a year and everyone would be amazed at it's growth. Then you come in one morning and close all the channels to nodes that are not yours at once. Insane high fees so they are all in the next hundred blocks. Then when you have time you close the channels between your nodes, sit back and watch the chaos.

But, nobody has done it.

So worrying about some other attack that requires some extreme programming and other things is not a real worry.

-Dave

Why? You can just turn off your nodes. You don't have to close those channels. Let your users do that, so they will start betting, by closing their channels in panic, and setting higher and higher on-chain fees, and reaching levels, where a proper fee to get it included in the next block, will reach the holy "1000 satoshis per virtual byte" limit, or will exceed the amount locked in the channel.

And then, your side would be clear. Being offline is less serious crime than closing the channels by yourself, even if the final outcome is exactly the same. It is sad, that LN can be attacked just by being offline, but it is true, and many attacks can be done in this way.

This is what I thought.
I've not used it before but I've read a lot about it and it seems interesting. Technologies don't just become perfect from inception, it goes through phases. If you're waiting for a thing to be perfect before inventing it then we might actually not have any inventions at all.
This is a software that can get better with time and would always be updated. And we know how innovative technology can get so that means it would always be updated and worked on even after it's starts working perfectly.
Saying it's dead is reaching.

Just flipping the power switch and making everyone else force close would probably cause a lot more disruption since your nodes are offline. And a ton of speculation as to what happened.

Closing down the channels would show that you attacked it.

In the end it does not matter, it would take a while for the LN to recover.

Flipping the switch would also cost you since you get the force close penalty from the nodes that are not yours.

Shrug, as I said. Not something to worry about. Could also do the same thing with mining in general.

-Dave

Lightning's fucked, but not dead. I don't see why it would be. There's just too much support for the network, and they're filled with capable devs that could take from where Riard will leave. Plus at the end of the day he's not the glue that puts everything together, long as there's people who are willing to improve upon Lightning Network cause just as what MK4 has said it's far from perfect, it will remain functional and pretty much alive. In the event that it does die, I don't think it connotes to anything other than previous efforts about Layer 2 solutions being moot.

Too much sensationalization and fearmongering for a topic that's not really that scary when you look at it with a magnifying glass.

There are clearly some fundamental limitations with lightning, due to its design. As I have told multiple times already, the basic problem is that it is very unattractive for the average, non-techie Joe, because it requires him to study a little bit of how it works, but more importantly because of running a machine all day long. This is orders of magnitude more of a burden than the SPV solution.

I wouldn't worry for the retiring developer. Lightning does have a brighter future than currently, but again limited. We will sooner or later opt out for other sidechains (or drivechains).

This seems very serious, at least for those with high-value channels.

I'd like to see some cost-analysis for this kind of attack. What's the cost of running the attack, and at what point does the attack become profitable under different scenarios:

1. victim does not detect the attack
1. victim is not using automation and defends against it manually and slowly

That does not sound "simple" at all.

Antoine Riard is a senior Lightning dev, not just some junior dev.

Higher time_lock_delta leads to longer time for locked funds. That's a tradeoff.

Rebroadcasting with higher fees: Also known as "defensive fee mitigation". I suppose that's doable to keeping spamming the mempool dozens of times until the attacker gives up. Would be a simple client update, but it introduces additional spam and client complexity.

I'm going to wait until the experienced Lightning devs test this attack and report back the costs of attacking and defending. This is beyond my level of understanding.

It sounds like they're going to look for a sustainable fix, but it'll take several months of testing and implementation. In the meantime, I would refrain from keeping high value on Lightning, like everyone should've been doing from the start.

There is a main difference in attacking bitcoin compared to attacks in any layer . Best thing you can do is make a double spend of your own money . So that double spend has to be more profitable than the cost ( hardware cost + energy spend ) of the attack  . And even if you decide to make an unprofitable bet trying to destroy the network , honest nodes can reorg the chain and leave you with a move that produced zero profit and a massive loss . Attacking base layer will always have a much higher economic cost than attacking other layers . That's the brilliance of the invention . 

Indeed, if this was a simple issue, why not integrate a solid base in the project you're building from the beginning? 5000 BTC locked in this system is no game.
Building on production with millions at stake doesn't sound like something bitcoin should ever be doing. How are we going to defend the labels "future of money" and "digital gold" like this? It simply makes no sense... With such serious flaws lightning should have just been a testnet beta.

It sounds like someone finds a bug and had to make some noise about it to make the devs make some changes, but as they mention "The sky isn't falling", but is a nice discovery. That guy should get a bug bounty.

We must keep in mind that if the bug is that critic then the blockchain would stop working, i mean if that guy could take all the mempool then he should do it just to test his theory. But there are some white hacks who always do the right think and report the bug before the attack.

So can nobody on here actually explain what the issue is in plain words?

Unless someone can actually describe what the problem is its hard to tell if this is just a lone dev throwing up his hands at a problem and storming out dramatically (not the first time that will have happened in the Bitcoin world) or if its actually a serious problem for LN.

What's the attack? What does it compromise? How hard is it to do? How bad is the effect? How likely is it to occur?

I read what Antoine wrote, I didn't understand. I tried looking for a simpler explanation. Not that I understand the problem now, but at least it gave me a little idea. To a non-technical person, this is indeed hard to digest. But it seems Antoine is making it appear as if it's something too huge of a problem to successfully address. This is the impression because when I read other experts' opinions, it seems they're not really as bothered as Antoine.

Here's a simpler explanation of the problem by mononaut over twitter. This isn't everything so you may continue reading there https://twitter.com/mononautical/status/1715736832950825224.

How much impact can one core dev have on the project if he pulls out? It will probably allow for other devs to put forward different likelihoods of how to go forward. Maybe other devs can start finding workarounds or solutions. It may end up being one temporary solution to another but if it works Lightening users will not complain too much.

How many normies actively use lightening in ratio to transaction?

That cannot be denied, Lightening does have a lot of support and it is used more commonly than before therefore it is going to continue. Some of the noises about it becoming a relic of the past soon are somewhat premature but they will not stop until there is improvement to show it is capable of functioning more widely.

1. There's always this strong vibration if the core developer leaves. He might not be the finest developer, but when the soldier who pulled the first shot is down, the zeal to soldier on is always not assured.

2. No technology ever came in a perfect form, even the bitcoin is still in beta version. Continuing on decentralisation will do the wonders.

3. Yea, we are expecting improvements but I lost some confidence in LN during the event of mempool congestion that skyrocketed the transaction fees. At that time that the LN was needed most, it didn't help much.

I like what Jameson Lopp says though here:

https://i.ibb.co/WPjXtSX/Screenshot-2023-10-23-193227.png (https://ibb.co/ZY7rmyr)

https://twitter.com/lopp/status/1716022677515723107

For many, it seems that this is a big problem, but this can be used as a tool to spread FUD as well.

On the other hand, not all of us are very technical here, unless really a individual take time to exploit it and proved a point. But other than that, it has been identified and maybe a solution could be released very soon.

So let's see some dedicated attacks wrecking LN seems to me that if LN is wrecked 4 people with 5 btc combined could lay some nodes to waste. We may as well find out now rather than letting the problem stay hidden and dormant.

I say white hatters attack LN by this method and show us LN is dead.

mononautical on twitter sums it up nicely:

https://twitter.com/mononautical/status/1715736871534264818

I would still be more concerned with someone stealing one of the RaspberryPi nodes in a box on my desk and getting my BTC that way then pulling this off.
It's just so out there as to be not something worth worrying about for the average user.

For the larger businesses running nodes I could see it being a concern, BUT since as pointed out there are some ways, admittedly non optimal ways but still ways, of mitigating it, once again not that big a deal.

-Dave

In the past years, I heard many good things that can supposedly come out once the Lightning Network would be fully implemented and be adopted by many for transactions. This is one thing that we are pinning our hope that can translate massive and mainstream adoption for Bitcoin - most especially with small everyday transactions. I am then wondering...is this defect something that is beyond repair for one of its developers named Antoine Riard to disassociate himself with the project instead of coming up with the possible solution?

The Lightning network does not depend on centralized parties. Anyone with Bitcoin can channel it to any node and use it completely unauthorized. On the other hand, there are of course nodes that act as "hubs" with excess liquidity for routing. But there are still many options for payment paths to the same destination. You can also choose to ignore large nodes for routing if you are concerned about centralization.

funny part
lightning advocates wanted RBF enabled on the bitcoin network to make pre-confirm transaction handling non-trusted on the bitcoin network, just so they can advertise a pre-confirm transaction handling feature on their crappy subnet.

now they admit their desire for RBF is causing people to scam scheme and steal funds from their crappy subnet and they cant do anything about it just within their crappy subnet without forking bitcoin again

..
i predict the next part will be having to raise crappy subnet fee's to sway people from starting low and RBF'ing until theft... but then want to demand bitcoin network fee war to make bitcoin fees extremes just to make crappy subnetwork seem discounted

sounds like an endless snowball avalanche of bad work arounds rather than having a subnetwork that simply does as advertised/promised in a secure way in-of-itself

time for them to scrap it and start afresh, new model, new method. les flaws, less bugs

we should not be forking bitcoin just to make a subnetwork function.. a subnetwork should function prebridge.. and then program itself on its side to interact with bitcoin

if they cant even have a working prototype thats secure. they failed at the first post

I don't see people use Bitcoin Lightning Network for big valued transactions and I could be wrong but from my understanding, people thought of two possible solutions.

Increasing time lock;
Increasing cost for attackers to high enough that is not worthy to do attacks like they will get nothing to do 51% attacks on Bitcoin blockchain for on-chain blocks and transactions.

I believe Lightning Network initially was designed for off-chain transactions with small or not too big value so how recently it becomes a big problem.

initially yea. but these days majority of the liquidity is linked to 3 large companies. and they will want to further protect their locked liquidity by disavowing its customers control of the agreements/commitment states.

this topics flaw is not even a major problem but when lightning devs admit they cant fix something within their own network and resign. it shows not only they need to want bitcoin to fork to fix THEIR error. but also that when the other flaws get publicised which also cant be fixed. more and more will start to realise its time to break their sponsored contract. and try something new

My thoughts on this is that the lightning network is not dead. I think what has happened is just a FUD. If there were any real attack we would have noticed a depletion in the huge bug bounty reward of 5,288.66 BTC. If you check the https://mempool.space/lightning you would see it. Also, just as you would not leave the bulk of your bitcoin on any centralized exchange, also, treat your lightning network wallet in the same manner. The money there should be minimal just for quick spending and not kept as your savings. So that if eventually, so real attack happens, you will lose nothing substantial.

I do not know if now is the right time to completely scrap and give up while looking for another solution. There has been a lot of time, effort and collaboration that was put in to creating what is being used now therefore an alternative might not be the nest thing to bring forth right now.

I did not read anything about three large companies dominating but after a look around I found the pool of stakeholders with serious interests seems more than three. River seems to have just completed a $35 million fundraising round (https://cointelegraph.com/news/bitcoin-lightning-company-river-raises-35m-amid-new-wave-of-institutional-adoption) therefore it is getting some publicity:

https://s3.cointelegraph.com/uploads/2023-05/2e2efd71-6d2e-44ff-91f2-024a8c2cf980.png

and so we thought LN is a very good alternative when it comes to cheaper payment method. and now with this news, i don't think people will think of this network to be viable in the payment system anymore. people are looking for ways on how to get cheaper transactions via btc and now this option is out already. but in any case, i believe up until now, only few are using LN for their transactions so yes, it is no big deal.

heres the thing. (mentioning other issues)with liquidity bottlenecks and many users rebalancing causing other users to rebalance to cancel out their result of someones reblance ends up causing more payments and "router" fees. then we have a ignorance of fixes to this and instead have work arounds like custodianising funds in hubs (services and cex) then we have other work arounds to solve channel balance threats due to bugs with autopilot features so they start getting people to buy/rent LN balance units(msats) where central services run the node and users just have a lite wallet they dont need to have active all day and never sleep..
so now the promises of a decentralised own your own value network is 95% centralised with majority of users reliant on central services charging them 'rent' and subscription charges as the replacement of just a nominal fee.. all while the subnetwork itself is still less secure then the bitcoin network

its time they come up with something else. learn from the mistakes and start from scratch, stop prodding the problem down the road requiring bitcoin to change just to keep a flawed network open.. if a subnetwork cant fix itself using its own code.. its just not good enough

i do laugh when they 'greenlight' new services.. it just shows that if devs need to offer a service instead of a network code feature.. they have reached their coding limit of fixing the problems

The faster and cheaper method is something we all would like bu the number of lightening transactions are tiny in comparison to what was earlier called normies in this thread. There is still a chance it will grow but it is dependent on adoption. The more people that use it will mean the more prominence it will have. I have never used lightening before though I had on one occasion looked at using it and by what has been said it does not look as though I am missing out on something spectacular.

I made a post to specifically discuss potential mistakes and wrong decisions that were made in the aftermath of the 2015-2017 big block scaling debate:
https://bitcointalk.org/index.php?topic=5471530.0;topicseen

If you think you have any input on the matter feel free to drop by there too.