{"type":"rich","version":"1.0","title":"Rusty Russell [ARCHIVE] wrote","author_name":"Rusty Russell [ARCHIVE] (npub1zw…hkhpx)","author_url":"https://yabu.me/npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpx","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2019-11-05\n📝 Original message:\nHi all,\n\n        It's been widely known that we're going to have to have up-front\npayments for msgs eventually, to avoid Type 2 spam (I think of Type 1\nlink-local, Type 2 though multiple nodes, and Type 3 liquidity-using\nspam).\n\n        Since both Offers and Joost's WhatSat are looking at sending\nmessages, it's time to float actual proposals.  I've been trying to come\nup with something for several years now, so thought I'd present the best\nI've got in the hope that others can improve on it.\n\n1. New feature bit, extended messages, etc.\n2. Adding an HTLC causes a *push* of a number of msat on\n   commitment_signed (new field), and a hash.\n3. Failing/succeeding an HTLC returns some of those msat, and a count\n   and preimage (new fields).\n\nHow many msat can you take for forwarding?  That depends on you\npresenting a series of preimages (which chain into a final hash given in\nthe HTLC add), which you get by decoding the onion.  You get to keep 50\nmsat[1] per preimage you present[2].\n\nSo, how many preimages does the user have to give to have you forward\nthe payment?  That depends.  The base rate is 16 preimages, but subtract\none for each leading 4 zero bits of the SHA256(blockhash | hmac) of the\nonion.  The blockhash is the hash of the block specified in the onion:\nreject if it's not in the last 3 blocks[3].\n\nThis simply adds some payment noise, while allowing a hashcash style\ntradeoff of sats for work.\n\nThe final node gets some variable number of preimages, which adds noise.\nIt should take all and subtract from the minimum required invoice amount\non success, or take some random number on failure.\n\nThis leaks some forward information, and makes an explicit tradeoff for\nthe sender between amount spent and privacy, but it's the best I've been\nable to come up with.\n\nThoughts?\nRusty.\n\n[1] If we assume $1 per GB, $10k per BTC and 64k messages, we get about\n    655msat per message.  Flat pricing for simplicity; we're trying to\n    prevent spam, not create a spam market.\n[2] Actually, a number and a single preimage; you can check this is\n    indeed the n'th preimage.\n[3] This reduces incentive to grind the damn things in advance, though\n    maybe that's dumb?  We can also use a shorter hash (siphash?), or\n    even truncated SHA256 (128 bits)."}