Improve route randomization

[ZmnSCPxj]

Fixes: #928

I want to integrate pay command also to use route randomization if the maxfeepercent is high enough, so, this will wait for #993 first so I can add it to payalgo.c.

[ZmnSCPxj]

Ready for review

[rustyrussell]

Hi! I like this patch, but I have some suggestions:

1. I think the API should rename inefficiency to "fuzz", and make it a percentage.
2. I think the seed should be optional: it's only really useful for testing reproducibility.
3. I think the default should be 5% or so, not 0.

[ZmnSCPxj]

1. Okay, will do later.
2. seed is already optional, but perhaps you mean it should be a randomly-generated seed if not specified, rather than fixed to 8x 0 bytes?
3. Presumably inefficiency/fuzz? Currently, multiple getroute with the same arguments will return the same route, modulo any channel updates that make the route shorter. I wanted to retain this property, so default inefficiency/fuzz to 0. However, it is also true that channel updates made by other nodes opening new channels and closing old ones will cause getroute to change its return value, so perhaps such a default of 0.05/5% is reasonable.

[cdecker]

Excellent PR, just the scaling up and down that feels a bit dodgy.

[cdecker]

Like @rustyrussell I'd prefer having an integer percentage that doesn't require scaling up and down.

[ZmnSCPxj]

Rebased and modified as per @rustyrussell 's initial review. However, @cdecker:

Like @rustyrussell I'd prefer having an integer percentage that doesn't require scaling up and down.

Is this what is wanted? Internally I would drop to a doublefor random generation anyway. Indeed I think I would want some way to serialize a double (towire_double, fromwire_double) if I can find some easy way to do so.

Or do you mean, I should accept integer percentage, serialize to u8, then perform the conversion from percentage to a double 0.0 -> 1.0 inside gossipd?

[cdecker]

@ZmnSCPxj yeah that was what I was thinking of, upconverting from double to int for transfer and then back again seems strange to me. Having a percentage and downconverting it to double once will reduce any strange imprecision effect.

[ZmnSCPxj]

4294967296.0 is exactly a power of two, so it should just be manipulation of the exponent part (modulo weird numbers like NAN and infinity and zero). Then conversion to and from u32 should just be cutting off some bits of mantissa.

Another concern is that our other "percent" argument is pay maxfeepercent, which accepts fractionals, and indeed defaults to 0.5 (0.5%). Do we accept fractionals for fuzzpercent? If not, this would be unexpected since maxfeepercent accepts fractions but fuzzpercent does not. If accept, then we would have roundoff/conversion issue regardless, unless we make a towire_double or fromwire_double.

[rustyrussell]

Minor changes in normalization, and defaults...

[rustyrussell]

We hand pay->fuzz into towire_gossip_getroute_request() which takes a u32, so this turns into 0 fuzz. That's probably not what we want; should we use the same default value as getroute(), or something else?

[rustyrussell]

You can't reach 100% here. Perhaps that's OK, but I think it's unintended.

[rustyrussell]

If you specify 100%, this may evaluate to 0.

[rustyrussell]

This still means 100% == 0!

Let's fix this properly and do towire_double/fromwire_double. It can just memcpy, since our inter-daemon comms is all same-architecture, and I can't find a portable way to encode a double other than printf/scanf :(

[rustyrussell]

Why is default here 75%, vs 5% for getroute?

[ZmnSCPxj]

This is not a default, but an initial value. pay respects maxfeepercent, and if it gets a route that has too high fee, it will reduce its fuzz value in the hope that the next returned route with a lower fuzz will have a lower fee. This means that to take advantage of higher-than-usual maxfeepercent for improved privacy we should start with a large fuzz (which has a chance of getting much higher fee than would be typical for lower or 0 fuzz).

The point of route randomization is to avoid low-fee routes, which might be honeypots used by three-letter monitoring agencies, by occassionally jumping to higher-than-usual fee routes.

[rustyrussell]

If 75% is a good starting point for pay, why it it not a good default for getroute? It it anticipated that we will see significant failures at 75%? I'm not sure that's true. These numbers seem made up, which is fine, but they do need a comment on what we'd need to know to set decent defaults in future...

[ZmnSCPxj]

Well, my initial idea was to have getroute default to 0%, for compatibility with before this patch, where getroute never fuzzed and (if there were no changes in network topology) would always return the same route again and again. A mere 5% for fuzz is unlikely to change anything, either.

If that behavior is not necessary for getroute, then 75% would be a reasonable default for getroute, too.

[ZmnSCPxj]

Added serialization of double instead of converting to u32 back and forth. Also rebased. Also answered @rustyrussell question in review item.

[rustyrussell]

OK, let's use a fixed 16-byte seed, ready for siphash, and use siphash internally.

We could also use the node pubkey (directly, feed it into siphash) instead of scid to make the iteration more stable (since fuzz would depend on the node itself rather than what edge we came in on).

We can get faster in future by using isaac with a single initialization, but that loses per-node determinism.

[rustyrussell]

2048 bytes of randonmess is extreme!

8 bytes of non-cryptographic randomness is more than sufficient; we should just add a psuedorand64() which wraps isaac64_next_uint64() and use that here I think.

[ZmnSCPxj]

Okay, will do.

[rustyrussell]

If 75% is a good starting point for pay, why it it not a good default for getroute? It it anticipated that we will see significant failures at 75%? I'm not sure that's true. These numbers seem made up, which is fine, but they do need a comment on what we'd need to know to set decent defaults in future...

[rustyrussell]

That's pretty heavy. It's nice because it makes the per-edge decision deterministic, though.

run-bench-find_route 10000 10 with 0 fuzz:

10 (10 succeeded) routes in 10000 nodes in 3990 msec (399066864 nanoseconds per route)

With 0.75 fuzz and a fixed rng:

10 (10 succeeded) routes in 10000 nodes in 73423 msec (7342349728 nanoseconds per route)

Ouch!

I switched it to hand in a 64-bit base_seed, and use short_channel_id_to_uint() instead of wire allocation, and initialize the rng with [base_seed, short_channel_id_to_uint()], but it's still v. slow:

10 (10 succeeded) routes in 10000 nodes in 67433 msec (6743351288 nanoseconds per route)

This is partially because it's expensive to set up an isaac64 context just to pull one number out; we're better using siphash for this:

10 (10 succeeded) routes in 10000 nodes in 5668 msec (566855365 nanoseconds per route)

I've put a rough patch (enough to compile and run the bench): https://gist.github.com/rustyrussell/c3334112c096d97e0adb0d3a8fc3fc32

[ZmnSCPxj]

The patch is actually pretty good and I would ACK that.

[ZmnSCPxj]

We could also use the node pubkey (directly, feed it into siphash) instead of scid to make the iteration more stable (since fuzz would depend on the node itself rather than what edge we came in on).

My understanding of the algorithm is that each edge is what is assigned a cost, and if we encounter a node multiple times then if the cumulative cost from an edge is lower than the current cost of the node, then the current cost of the node is updated to be coming from the edge. If we use per-node, then all outgoing channels from that node will have the same fuzz cost. At least, that is my understanding of the algorithm.... I will defer to you if you think my understanding is wrong, as you wrote it in the first place anyway.

[ZmnSCPxj]

Rebased, used siphash as per @rustyrussell patch, change getroute default fuzz to 75%, explain fuzz.

[rustyrussell]

ACK d3493aa

[rustyrussell]

The default is 75.0, or up to 75% fee distortion.

[ZmnSCPxj]

Oops!

[rustyrussell]

Pretty sure we can just make h an s64 and divide by INT64_MAX: fee_scale = 1.0 + fuzz * h / INT64_MAX

But it's trivial and unlikely to be any faster, so I'll just leave this as a comment.

[ZmnSCPxj]

Negative number absolute range is one higher than positive range, so getting INT64_MIN by chance would break that. Of course very unlikely but well.

[rustyrussell]

I've produced a patch to actually hand a siphash_seed across the wire, which IMHO makes this neater, but I'll create a separate PR after this.

[rustyrussell]

ACK d3493aa

[rustyrussell]

You are right on the bfg_one_edge logic; per-edge makes more sense than per-node.