pull down to refresh

Introducing hArk—non-interactive rounds - Seconddocs.second.tech/changelog/changelog/
170 sats \ 102 boost \ 2 comments \ @Scoresby 1h bitcoin lightning
zaps forwarded to @supertestnet (100%)

Is this asynchronous signing?Is this asynchronous signing?

In the standard Ark protocol, all participants receiving new VTXOs in a round must be online simultaneously to sign intermediate transactions in the VTXO tree.

My novice understanding of Ark is that you hold your sats in VTXOs which have a unilateral exit guarantee...as long as you refresh them before they timeout. The timeout is necessary because the person/company running the Ark has to lockup sats in an onchain UXTO for every transaction that occurs in the Ark until a new round occurs and users exit transactions are updated. An example of a timeout length might be two weeks.

When a user wants/needs to refresh, they have to come back online to sign a transaction. This is unfortunate. Lightning requires that your node be online in order to receive at all. Ark was introduced as a different set of trade-offs because it requires that you come on line only so often.

Second (one of the companies working on Ark) has released a new design for Ark called hArk (hash-locked Ark).

hArk removes this requirement through a secret-based mechanism: the server generates a unique secret for each new VTXO, and participants can claim their VTXOs asynchronously by signing a forfeit transaction and receiving their secret from the server.

On the surface this seems pretty great!

  • Round participants no longer need to coordinate their online presence—the round can complete without requiring synchronous signing from all parties
  • Enables efficient consolidation of multiple VTXOs into a single output, addressing a significant constraint in the previous design where multi-input operations were problematic
  • Reduces server costs during malicious exit scenarios, eliminating attacks that were cheap for adversaries but expensive for the server to counter

But...here come @supertestnetBut...here come @supertestnet

Super points out that hArk may not maintain even the promise of unilateral exit. I'm not too invested in whether or not a thing is a layer 2, but I do think Super brings up some interesting points about the tradeoffs of using hArk.

I'm a big fan of providing users with options, and it looks like hark is opt-in, so I'm a fan. However, I think it sadly doesn't count as a layer 2 protocol. Here's why:

Hark is designed for users who don't want to run Ark's interactive signing protocol. Therefore, such users will not have a unilateral exit even in the best case.

Ark has a single-honest-party trust assumption, and it was designed so that anyone can "be" one of those parties by (1) onboarding and (2) running the interactive signing protocol—which means you are one of the parties in the single-honest-party trust assumption, and are thus trusting yourself to be honest.

But Hark users opt not to run the interactive signing protocol. As a result, they cannot be one of the parties in Ark's single-honest-party trust assumption, so they must trust someone who is one of those parties.

At least to me, that means, sadly, Hark is not a real layer 2 of bitcoin. My definition of a layer 2 requires the availability of a unilateral exit. Ark is a layer 2 only for users who run the interactive signing protocol and do refreshes as needed. In Hark, you don't run the interactive signing protocol, so you're essentially trusting a federation to sign transactions on your behalf without stealing from you, and that makes it not a layer 2 (by my definition).

Hark users do not participate in rounds. As I understand it, the server does each round without them; in each round, he creates a new ark utxo containing a leaf for each Hark user. Those users are expected to reveal secrets by which they forfeit any corresponding prior leaves they had (assuming they are set to expire soon), and those secrets give them control of their new leaf. But since the user did not participate in the round that created their new leaf, they have to trust that the server and the other signers won't doublespend the new Ark utxo.

If your leaf has 10 branches above it, then the set of signers in any of those 10 branches can collude to rob you. I believe the lowest branch above a leaf has the fewest signers. Also, the signers in the root utxo can collude together to rob all hark users in that tree at once.

This also means it is not the same trust model as Spark. Spark coordinators can doublespend too, but only if they collude with a prior holder. A Hark ASP can do so without that particular form of collision, though they do have to collude with a variable number of other signers.

In a worst case scenario:

The server can probably organize the tree so that the only keys in your branch are (1) yours and (2) several decoys that all belong to the server. Then it is easy for the server to steal all the money in that branch (including your money) without colluding with anyone.

It is bad enough that, in Ark, if you don't refresh, you lose custody. Now, with this optional "delegated hark" mode, you (sometimes) lose custody even if you do refresh -- namely, if you opt to have a delegate refresh your coins on your behalf.
write
preview
related posts
0 sats \ 0 replies \ @justin_shocknet 11m

reply
0 sats \ 0 replies \ @nitter 1h
reply