Skip to content

Explicit commit_sig retransmission for interactive-tx #1289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
t-bast wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Explicit commit_sig retransmission for interactive-tx #1289

t-bast wants to merge 3 commits into from

Conversation

@t-bast
Copy link
Collaborator

@t-bast t-bast commented Sep 9, 2025

When disconnecting in the middle of the signing steps of an interactive-tx transaction, we must retransmit signatures on reconnection to complete the interactive-tx protocol.

Nodes first exchange commitment_signed, followed by tx_signatures once they have both sent and received commitment_signed.

We previously always retransmitted commitment_signed, even when our peer had already received it. We now include an explicit bitfield that lets nodes request commitment_signed if they haven't received it.

Note that this is a breaking change, and we are thus changing the TLV type to make it easier to detect. In practice it should be fine, since only eclair and cln have shipped support for dual funding, and those two implementations are already incompatible on reconnection because eclair implements #1214 but cln doesn't. This edge case only creates an issue when nodes disconnect after exchanging tx_complete but before receiving signatures, which should happen very infrequently.

Replaces #1214.

@t-bast
Explicit commit_sig retransmission for interactive-tx
1d25dd1 
When disconnecting in the middle of the signing steps of an
`interactive-tx` transaction, we must retransmit signatures
on reconnection to complete the `interactive-tx` protocol.

Nodes first exchange `commitment_signed`, followed by
`tx_signatures` once they have both sent and received
`commitment_signed`.

We previously always retransmitted `commitment_signed`, even
when our peer had already received it. We now include an explicit
bitfield that lets nodes request `commitment_signed` if they
haven't received it.

Note that this is a breaking change, and we are thus changing
the TLV type to make it easier to detect. In practice it should
be fine, since only `eclair` and `cln` have shipped support for
dual funding, and those two implementations are already incompatible
on reconnection because `eclair` implements lightning#1214 but `cln` doesn't.
This edge case only creates an issue when nodes disconnect after
exchanging `tx_complete` but before receiving signatures, which should
happen very infrequently.

Replaces lightning#1214.
This was referenced Sep 9, 2025
Closed
Open
This was referenced Sep 17, 2025
Closed
Closed
@jkczyz jkczyz mentioned this pull request Sep 19, 2025
Merged
@t-bast t-bast mentioned this pull request Oct 1, 2025
Closed
24 tasks
@niftynei
Copy link
Collaborator

niftynei commented Oct 23, 2025

We previously always retransmitted commitment_signed, even when our peer had already received it. We now include an explicit bitfield that lets nodes request commitment_signed if they haven't received it.

Can you remind me again why we can't just retransmit the commitment_signed message? It seems much simpler to implement and requires less logic in general, but maybe I'm missing an edge case here where having a duplicate message is problematic.

ddustin
ddustin reviewed Oct 23, 2025
View reviewed changes
@t-bast
Copy link
Collaborator Author

t-bast commented Oct 24, 2025

Can you remind me again why we can't just retransmit the commitment_signed message? It seems much simpler to implement and requires less logic in general, but maybe I'm missing an edge case here where having a duplicate message is problematic.

Because it's hacky, why retransmit a message that doesn't need retransmission? Also, it's trivial without taproot, because the sender could simply store their commit_sig and re-send it on reconnection, but with taproot it's much more annoying:

  • nonces need to be shared before-hand (your peer must send you nonces for this specific commitment)
  • you cannot simply retransmit, you have to re-sign because nonces have changed

If we can avoid an unnecessary musig2 round, I think it's worth it, especially since it makes the protocol conceptually cleaner.

@niftynei
Copy link
Collaborator

niftynei commented Oct 24, 2025

why retransmit a message that doesn't need retransmission?

Well, without a signal you don't know if it doesn't need retransmission. You can leave the signal out and retransmit the message and the protocol will work. It's simpler and requires less if statements/state checks to take the same action on every reconnection.

avoid an unnecessary musig2 round

It's only "unnecessary" in some fraction of cases; in others it will be necessary. You can easily remove an if switch by taking the same action on every reconnection, which makes the protocol simpler to write and verify.

@ddustin ddustin mentioned this pull request Oct 29, 2025
Merged
ddustin added a commit to ddustin/lightning that referenced this pull request Oct 31, 2025
@ddustin
splice: Update to current spec
ea75b61 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
ddustin added a commit to ddustin/lightning that referenced this pull request Oct 31, 2025
@ddustin
splice: Update to current spec
b7cd4f4 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
ddustin added a commit to ddustin/lightning that referenced this pull request Oct 31, 2025
@ddustin
splice: Update to current spec
57a0030 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
ddustin added a commit to ddustin/lightning that referenced this pull request Nov 5, 2025
@ddustin
splice: Update to current spec
87cdde6 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
@t-bast t-bast mentioned this pull request Nov 10, 2025
Closed
25 tasks
ddustin added a commit to ddustin/lightning that referenced this pull request Nov 10, 2025
@ddustin
splice: Update to current spec
5659ece 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
rustyrussell pushed a commit to ElementsProject/lightning that referenced this pull request Nov 13, 2025
@ddustin @rustyrussell
splice: Update to current spec
a45189c 
Updating splice related reestablish code to
lightning/bolts#1289
and
lightning/bolts#1160

Changelog-Changed: Breaking change -- if you have splicing enabled on a channel both nodes must upgrade in unison due to updating `channel_reestablish` for to new splice specifications
@t-bast t-bast mentioned this pull request Nov 19, 2025
Open
24 tasks
jkczyz
jkczyz reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

@jkczyz jkczyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 1d25dd1 modulo a minor wording issue.

@t-bast
Copy link
Collaborator Author

t-bast commented Dec 16, 2025
edited
Loading

@niftynei @ddustin can you please take a look and ACK this PR? We'd really like to move forward and get it merged since we have cross-compat with LDK and it works with cln for splicing (but it doesn't work for dual-funding yet).

This PR is a pre-requisite for the splice PR and is blocking its progress.

jkczyz
jkczyz reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

@jkczyz jkczyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 7646fc2

@t-bast t-bast mentioned this pull request Dec 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@ddustin ddustin ddustin left review comments

@jkczyz jkczyz jkczyz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@t-bast @niftynei @ddustin @jkczyz