Anchor commitments, new payment basepoint

[bitromortac]

This PR implements a newer commitment transaction type [1]. Anchor commitments are commitment transactions that attach a dusty output per realized to_local/to_remote output, in order for the commitment transaction to be CPFP-bumpable in a force close scenario. Also HTLC transactions are affected, which are fee-amendable allowing for more inputs via the anyonecanpay sighash. The original proposal of anchor commitments [1] was not safe enough [2] which is why option_anchors_zero_fee_htlc_tx was devised [3]. Our goal is to go directly to this version, to not having to deal with legacy developments. The PR passes unit and regtest tests and is ready for initial review or feedback (see Todos).

Key changes:

• The Channel object now carries a has_anchors property which is used to decide on scripts and locktimes, as well as sweeping behavoir.
• Adapt commitment transactions for anchors (anchors, to_remote script 1-CSV, fee estimation, output values) (03-transactions)
• Adapt HTLC transactions (nsequence numbers, 1 CSV-lock, sighash.ANYONECANPAY+sighash.SINGLE) (03-transactions)
• New anchor channels have a payment_basepoint derived from the funding pubkey and a static secret to be sweepable in the event of a force close due to (onchain) backups

Testing:

• Reproduce signatures from RFC test vectors for commitment and HTLC transactions (requires different sighash flags) (03-transactions)
• Manually tested against lnd v0.11 (last active version of original anchors) - open/close/force close/payment
• New integration test framework to run Electrum peer components inside a single interpreter (better debugging and easier introspection), with additional detailed channel usage scenarios. Tests are not running in sequence right now and are still subject to changes. Some tests are redundant and could be removed.

Other:

• The watchtower is not updated to sweep to_remote as this is not time critical
• Backups don't need an upgrade as we can see at sweep time, whether we deal with a ctx that has anchors

Todo:

• Crosscheck RFC
• Implement zero fee HTLCs and do fee management at sweep time
• Reserve some UTXOs for fee bumping
• Compatibility testing with zero-fee-htlc (once zero-fee is implemented)
• Wallet upgrading mechanics, compatibilty wallets with old/new channels
• Keep tests for both commitment versions (static_remotekey/anchors)?
• Make commitment type configurable?
• Determine fee for HTLC-transaction bumping
• Sweep the anchor outputs (05-onchain) (omitted for this PR, because we still rely on the update_fee message)
• Refactor to have explicit commitment and channel types [4] (another PR)

[1] Anchors PR: lightning/bolts#688
[2] https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-September/002796.html
[3] Zero-fee HLTCs: lightning/bolts#824
[4] Channel types: lightning/bolts#880

[SomberNight]

So many changes :P but looks good overall.
See comments inline.

[SomberNight]

is it not enough to check self.features; why check self.lnworker.features?

[bitromortac]

Yes, here I wanted to ask how we want to transition to anchors? The second condition was also a reminder for myself.

[SomberNight]

Well there are three ~reasonable options I can see:

1. we require anchors_zero_fee for newly opened channels
2. we open anchors_zero_fee channels whenever possible, but if the remote does not support it, we can just option static_remotekey channels
3. we disable anchors_zero_fee by default, gate it with a config key; and change to one of the options above in a later release

I think the decision should depend on a number of things, such as

• how many/which nodes on the network will already support anchors_zero_fee,
• how confident we are that our code behaves correctly,
• how the UX of reserving UTXOs in the wallet looks like,
• whether we can batch HTLC txs (not really for fee-minimisation but rather re number of UTXOs we need to reserve)

So atm I am not sure.

[bitromortac]

I submitted changes via fixup commits, will squash in the end, or should I already?

[SomberNight]

I submitted changes via fixup commits, will squash in the end, or should I already?

Feel free to do whatever is convenient.
One remark: if you rebase on master for any reason, it's better to do that in a separate force-push of its own just for the rebase (instead of combining with other changes that would require a force-push). That way, it's easier to see changes in the github UI.

[bitromortac]

I submitted changes via fixup commits, will squash in the end, or should I already?

Feel free to do whatever is convenient. One remark: if you rebase on master for any reason, it's better to do that in a separate force-push of its own just for the rebase (instead of combining with other changes that would require a force-push). That way, it's easier to see changes in the github UI.

I squashed the fixups and rebased on master separately.

There's a new commit, which switches to the anchors-zero-htlc-fee type. I have tested this together with the latest LND master. The only issue for now is how to deal with password protected wallets, where we are not able to fee-bump HTLCs automatically (or bump commitment transactions once we phase out update_fee).

[bitromortac]

As discussed, for now we only enable anchor channels via a config setting (not exposed in the GUI), storing the wallet password in lnworker for dynamic signing. A wallet can only be loaded with anchor channels enabled, if it is not a watch-only wallet. Also, the anchors config option cannot be disabled, if a wallet already has anchor channels.

This way we can test more in production and we can explore further how we want to handle UTXO reservation.

[bitromortac]

I reorganized the commits a bit and think this is ready for a second pass. Tests for anchor outputs are disabled right now (can be controlled via TEST_ANCHOR_CHANNELS), but they should all pass.

I think we could postpone the reservation of UTXOs for now, as we keep anchors disabled.

Edit: somehow the CI regtest hangs, but passes locally

[SomberNight]

Same as for the unit tests: I think we should test by default for both possibilities.
One approach: some refactoring where most code of each test is inside a function that is parameterised with anchors_enabled, and the functions are called twice (one for each setting).

[bitromortac]

Done, I'm setting an environment variable in subprocess.Popen. Not sure if updating of the environment dict is the best approach.

[bitromortac]

After the recent update all tests passed, but I had to run the watchtower test twice (needs further investigation). I'm still working on the HTLC issue we discussed.

[bitromortac]

After the recent update all tests passed, but I had to run the watchtower test twice (needs further investigation). I'm still working on the HTLC issue we discussed.

I tried to add all the edge cases concerning HTLC transaction batching. Do we need an explicit test for this? I also added a test for the watchtower in case of anchor outputs with an HTLC in the ctx (see integration.TestLightningABC.test_watchtower_htlc)

[ecdsa]

Note: I'm going to rebase this in a new branch. Since it is not possible to change the source branch of a PR, I guess this means that the conversation will have to be continued in a new PR

[ecdsa]

new branch, rebased on current master: https://github.com/spesmilo/electrum/commits/anchor_commitments_2022

changes:

• the wallet password is not stored anymore. Instead, we will send funds to a new sequence of addresses, derived from ln_xprv.
• the commit that was both renaming and reordering functions in lnsweep has been split into two commits, so that changes can actually be reviewed. (I checked that the reordering commit does only that)

[ecdsa]

new rebase: https://github.com/spesmilo/electrum/commits/anchor_commitments_2024