Introduction | Lightning VS Lightning: Watchtower Mode (below): Business Model

business model

The Watchtower can choose different strategies to monetize its services. These strategies have some advantages and disadvantages:

Watchtower business model Scalability Privacy user experience feasibility
1 Altruistic watchtower difference uncertain it is good Not feasible
2 Reward by fraud prevention difference Strong it is good Not feasible
3 Charge a one-time fee for each status update difference Strong medium Not feasible
4 Monthly fee or annual fee member medium weak difference feasible
5 Charge a fee for each status update it is good weak difference feasible
6 Charge a fee for the amount of bandwidth it is good weak difference feasible
7 A one-time fee based on the storage duration of a status update it is good uncertain difference feasible

If you tend to resort to authority, then read it here, but if you want to find the truth yourself and possibly challenge my point of view, then read on, because now I will explain the results of each model.

Side note: There is a common misconception that "user experience and privacy can be easily improved over time," so be aware that the poor user experience and privacy mentioned above does not mean that only The initial stage refers to mature products that have been extensively developed. The root cause of poor user experience and privacy is not the implementation, but the model itself. A good user experience needs to be able to compete with centralized electronic payment methods such as Visa, Paypal, WeChat, Alipay, PayTM, etc., and high privacy needs to be able to provide privacy comparable to cash.

1. Altruism watchtower (without any compensation)

Loalu "roasbeef" Osuntokun, chief technology officer of Lightning Network Labs, said the current goal is to "build a foundation system without any compensation." This is the easiest way, but due to the high operating costs of the Watch Tower (especially the privacy-oriented watch tower), this approach will fail globally.

Accountability

It is unclear how to solve the issue of irresponsibility without economic incentives, because even if the tower is economically not dependent on its reputation, even a reputation-based system will not work properly.

Scalability

You can argue that one billion different status updates will not take up too much space. This is true, but the privacy-oriented watch tower database will gradually grow , and its corresponding bandwidth demand will also increase, so altruism The watch tower will eventually be unable to bear the volume of transactions generated by the system.

In addition, this model is also vulnerable to spam trading attacks.

privacy

A malicious watch tower may offer a free service, and then sell the collected data to others at a high price, which will bring great privacy risks. Of course, developers will say that because the data is encrypted, this behavior has no effect, but it is obviously overstated because the opponent will get a lot of information from it:

  • Time per transaction
  • Trading frequency and total transaction amount

It is also possible to get:

  • All transactions associated with a particular channel (RDN)
  • All transactions made on the same channel or account (Lto's eltoo & RDN)
  • IP address (most laymen do not use anonymizer unless the anonymizer is built into the client and is the default; in addition, don't forget that in many areas under review, VPNS or even Tor bridges are generally not working. In particular, in the past few years, due to the rise of authoritarian governments, censorship techniques have been expanded on a large scale in developing countries.)
  • Estimate the transaction destination address by traffic correlation

Some entities are able to perform traffic analysis on the Tor network, so they will definitely try to perform similar analysis on the tower data, trying to anonymize specific users (think how much money is spent on financial regulation today).

user experience

Since the user does not need to perform any additional operations, the overall user experience is good.

in conclusion:

  • Scalability: Difficulties
  • Privacy: Uncertain
  • User experience: good
  • Feasibility: not feasible

 

2. Get rewards when you stop fraud

Whenever the watch tower successfully broadcasts the penalty transaction on behalf of the user, the user gives the watch tower a certain amount of compensation.

Accountability

It is very important that the Watchtower is economically motivated to broadcast a penalty transaction (in the RDN model it is to stop malicious settlement). However, unless there is a very poor user experience, a very complex reputation system or a certain type of margin system, the watch tower will not lose even if it does not stop the fraud attempt.

Scalability

Unfortunately, this business model has fundamental flaws, because in order to ensure that the tower can exist, fraudulent transactions need to occur frequently enough to support the operational costs of the tower.

Even Tadge Dryja, co-author of the Lightning Network white paper, admits that this is not a reliable and scalable system.

The intention is to hope that the channel will never be closed in an invalid state, but you have to reward them for some things that should not happen (the watch tower). This mode is not acceptable.

In addition, if the user accidentally closes the channel in which they are in an inactive state, not only the large center, but also the watch tower can get a financial return, because the watch tower can get a return through the broadcast penalty transaction. This will motivate a large number of underlying entities to develop malware that can shut down the user's inactive state of the channel in order to "legally" steal user assets.

This model is also very vulnerable to spam attacks because users do not pay directly to the tower service.

So, this approach will lead to serious COI (conflict of interest). In general, in the case of network security, the tower will benefit as the number of users increases. On the other hand, the watch tower requires a certain number of users to suffer damage due to “invalid state closure” on a regular basis, because the watch tower needs to broadcast enough penalties to support its operating costs.

Privacy

This way you can achieve a high level of privacy

user experience

Users do not need to do any extra work, but improving the reputable reputation system can reduce the user experience.

in conclusion:

Scalability: low

Privacy: high

User experience: better

Feasibility: not feasible

 

3. Charge a one-time fee for each new status update

This is the approach currently used in many designs – including a small payment in each package sent to the watch tower, or during the start of the session, which will retain some "coin slots" when the session starts, followed by encryption The blobs (status updates) populate these "coin slots".

This approach ensures that the tower can afford operating costs even without any fraud or "invalid state closure." According to the user's economic activities, the watch tower will also be able to get different rewards from the users.

Accountability

The key issue here is that users can't guarantee that the tower won't quit business in the next few days/months/years, so users must be convinced that the tower will always store their status updates and listen to their open channels.

Since there is no direct economic incentive to encourage broadcast penalties, there is likely to be a complex reputation system or margin mechanism with poor user experience, but there are also disadvantages: it cannot prevent large-scale exit fraud.

Scalability

The scalability problem is mainly that the privacy-oriented lookout tower can only obtain one-time compensation for each state update and needs to store data permanently (or, in some implementations, until the channel is closed), so even if the new transaction's capital inflow remains When the same level is even reduced, the operating costs will continue to increase. This has caused our system to remain stable only during exponential growth, and most watch towers will be eliminated during periods of reduced activity.

Imagine a privacy-oriented business that charges users only once for each uploaded file, regardless of how long the file is stored. What is the feasibility of this business?

One might say that business-oriented watch towers only need to store the latest status updates, so they don't have to store each status update permanently . This is true, but the privacy of this method is lower because the watch tower can correlate all the status updates generated by the same channel; at the same time, the user experience of this method is not good, because some status updates only need to store for a few minutes, while others Status updates must be stored for a few months, so users must decide what they want to attach to each status update. It is unclear how to prevent high overlap costs while ensuring safety. If we don't care about privacy or user experience, there will be more viable business models (see below), so I don't think there is a reason to pay a one-time fee for each new status update, even for business-oriented watch towers. .

Privacy

The advantage of this approach is that it will be highly private if implemented with a privacy-oriented watch tower.

user experience

Users do not need to perform any additional operations, but they need to pay an extra fee for each transaction, which will reduce the user experience; and improve the reputable reputation system and margin mechanism will further reduce the user experience.

in conclusion:

  • Scalability: Difficulties
  • Privacy: high
  • User experience: medium
  • Feasibility: not feasible

 

4. Monthly fee or annual fee member

The watchtower can charge a service fee on a monthly or yearly basis, so that even without any cheating attempts or unexpected "invalid state closures", it can ensure that their income can cover operating expenses. Unfortunately, there are several problems with this approach.

Accountability

Watchtowers punishing cheaters are not immediately rewarded, so the issue of accountability in this design is very important. It is very likely that the design will involve a margin mechanism or a reputation system, which will reduce the user experience and be susceptible to mass-exit situations.

Scalability

Although this business model is more feasible than those listed above, there are still many problems.

  • Operating expenses will vary greatly depending on the user's activities. It is still unclear how much the monthly fee will be collected. Some very active users or business execution transactions may be more than 1000 times more expensive than other less active users. Of course, this problem can be alleviated by introducing different monthly fees, depending on the number of transactions the user performs each month, or the number of all updates and stored states, but that will add more complexity to the system, further reducing user experience.
  • Developing countries cannot afford the same price. Even relatively small expenses, such as a few dollars a month, may cause global use, because most people live in developing countries, where average income is much lower than in developed countries.
  • The layman only trusts a watchtower

Users need to purchase multiple monthly subscriptions from different watch towers to mitigate the risk of trusting a third-party entity. Unfortunately, with this approach, the user has to pay more for each additional watchtower in use, so most laymen will skip this step and use only one lookout tower, which reduces the overall Network security.

Privacy

This business model means that the watch tower will be able to link all status updates performed by the same account, which is similar to the traditional banking system, opening a door to large-scale financial regulation.

user experience

First, the user must find a watch tower, pay a subscription fee of one week, one month or one year in advance, and then pay regularly, which is already a poor user experience compared to other centralized electronic payment solutions that do not require any watch tower. It is.

Second, what if the user forgets to pay the monthly/annual fee? Ok, suppose the system has an automatic payment option, so what if the user can't afford the cost because of financial difficulties? Did all the status updates be removed after a while, and the watchtower stopped protecting him from fraudulent attacks? This will expose users to the risk of losing money and will further worsen his situation.

in conclusion:

  • Scalability: Moderate
  • Privacy: low
  • User experience: poor
  • Availability: Available

 

5. Charge a regular fee for each stored status update

For privacy-oriented watch towers, the most viable business model consists of a subscription-based system where each user pays a fee for the number of status updates stored in a watchtower.

Accountability

If there is no direct economic incentive for a broadcast penalty transaction, then there is a high probability that there will be a low user experience margin system or a complex reputation system that does not prevent exit-scam.

Scalability

This approach is easy to scale because business-oriented and privacy-oriented watch towers have enough money to cover their operating expenses, even without any violating attempts.

Privacy

Unfortunately, this model implies the use of a subscription-based system because the user must pay a monthly/annual fee for the number of stored status updates, so a watch tower will be able to correlate all status updates for certain accounts. This business model will allow for large-scale financial regulation, undermining the full intent of the privacy-oriented lookout tower design.

user experience

The user experience of this model is also very poor, because users must pay a regular fee. Of course, it's easy to implement automatic payment, but what if the user forgets to leave a balance in the wallet or has financial difficulties? Delays in paying regular fees expose users to the risk of losing money.

In addition, if a privacy-oriented watchtower is used, users will be economically motivated to close the "crowded" channel, send requests to delete old status updates, and open new channels, which is a relatively poor user experience. This behavior will increase the pressure on the chain, resulting in higher chain costs.

in conclusion:

  • Scalability: easy
  • Privacy: low
  • User experience: poor
  • Availability: Available

 

6. Charge a periodic fee for the amount of bandwidth

This method is suitable for business-oriented watch towers that can link all state updates generated by the same address, so this watch tower only needs to store the latest status updates, so the data storage requirements are not bottlenecks.

The watch tower can charge for the number of transactions per day/month, thus bearing all of their operational expenses. This is a completely viable business model, but this model is as plagued by privacy and accountability issues as the model described above. .

in conclusion:

  • Scalability: easy
  • Privacy: low
  • User experience: moderate
  • Feasibility: feasible

 

7. Store the status update for a certain period of time and charge the fee at one time

Another possible model means that the user can add a certain fee to each status update sent to the watchtower, asking the watch tower to protect this state for a period of time. The Celer Network is using this method.

Accountability

If there is no direct economic incentive for a broadcast penalty transaction, then there is a high probability that there will be a low user experience margin system or a complex reputation system that does not prevent exit-scam.

Scalability

This method is easy to extend because the watchtower will have enough funds to cover their operating expenses without any violation attempts.

Privacy

The advantage of this model is that a relatively high level of privacy can be achieved if combined with a privacy-oriented watchtower. However, current lightning networks and Celer follow a business-oriented approach to the lookout tower design. The lightning network's eltoo uses economic incentives to allow the watch tower in the lightning network to correlate the same user's status in order to reduce storage capacity requirements. Together.

Even if the user does not make any transactions, it will expose his online time travel, which has some privacy issues, because after the payment protection period expires, he still has to resend the previous status update.

user experience

First, paying an extra fee for each transaction will reduce the user experience. Of course, there may be monthly payments, but this will still reduce the user experience compared to a centralized zero-fee electronic payment scheme, and will significantly reduce privacy because a watch tower can contact all status updates for an account. .

Second, if a layman does not have a deep understanding of a technology and game theory, he must consciously decide how long his status update should be protected, and how much money should be paid for the security of his chain. This issue can be resolved with default settings, but this may reduce the overall security of the network because the counterparty knows the most common cost and protection time.

Third, because the status update will only be stored for a limited amount of time, the user must continually resend the previous status update to a watchtower. Of course, this can be done automatically, but the user must be online to resend the status update, so it is not clear how the automatic resend function will work.

  • If the status update is resented several hours before the expiration of the previous protection period, it may pose a security risk because the user may not be online at the next synchronization/retransmission, unless he goes online again and sends the latest status, otherwise His funds will always be at risk.
  • If the status update is resented a few days before the previous protection period expires, this means (1) there may be a lot of overlapping payments, which will increase the user's payment (2) the average protection time will be long, this Once again, there are concerns about operating expenses and expenses.

There are currently some workarounds, such as:

  • Users can only extend the time of the existing protection cycle, but this implementation is not yet clear.
  • Users can save some money in smart contracts, and even if the user is not online, the smart contract can automatically extend his protection period, but such a solution has many concerns about implementation, security and user experience.
  • In addition, in order to solve the problem of overlapping charges, a function to exchange old and new status updates should be set.

Fourth, a user must set a long protection period and complete the payment before going offline for a long time, or must close all of his chain channels (island, Everest, Vipassana, etc.). We should keep in mind if the user Suddenly going offline for a long time (in prison, coma, etc.), then his funds will be at risk.

in conclusion:

  • Scalability: easy
  • Privacy: Uncertain
  • User experience: poor
  • Availability: Available

to sum up

For the watchtower problem, it is unrealistic to assume that there is a simple solution, because most methods have serious shortcomings, so there are many concerns at present, or the watch tower cannot expand due to poor user experience and low security, or eventually Will become a tool for large-scale supervision.

On the other hand, many teams, including myself, are working to solve this problem, so it is important to communicate our experience and continue community-led research. In the final article of this series, we will combine a variety of solutions to consider the perfect design of the lookout tower.

Disclaimer: I am not an authoritative financial consultant. This article is not a financial advice. The information provided in this article is for educational purposes only and represents my personal opinion, not the facts. The cryptocurrency is very unstable and the fluctuations are very large. I am not directly or indirectly responsible for any damage or loss caused or generated by the use or reliance on any content, goods, services or companies mentioned herein. For investment, please consult a professional.

 

Original link:

Https://medium.com/crypto-punks/lightning-vs-raiden-watchtowers-accountability-business-models-celer-pisa-833384f01ad0

Author: Sam Aiken

Translation & proofreading: storm pang, Aisling & Ajian

(This article is from the EthFans of Ethereum fans, and it is strictly forbidden to reprint without the permission of the author.