I think I finally fully understand Ark, and will try to expl...

SatsAndSports

npub1zthq85gksjsjthv8h6rec2qeqs2mu0emrm9xknkhgw7hfl7csrnq6wxm56

hex

41daf5a485c7c3b75f07f0397085d981f7411174d22ef57c9683abfd4e9c6c66

nevent

nevent1qqsyrkh45jzu0sahturlqwtsshvcra6pz96dyth40jtg82laf6wxcesprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsp9msr6ytgfgf9mkrmapuu9qvsg9d78ua3ajntfmt580t5llvgpesweftp3

Kind-1 (TextNote)

2026-06-21T09:15:57Z

I think I finally fully understand Ark, and will try to explain it here:

(The swapping from the old round to the new round was what I didn't fully understand until I asked AI a few questions this morning)

Lightning already shows how two users can share one UTXO; both parties have a pre-signed transaction that they can broadcast at any time to spend the onchain 2-of-2 UTXO. That transaction spends that one UTXO and creates two new UTXOs which give each party their balance.

In Ark, it's basically the same, but with any number of users. The onchain UTXO is an n-of-n multisig instead of just 2-of-2. All parties have the necessary transactions which they can broadcast at any time. So every user has 'unilateral exit', they can broadcast these transactions at any time and get a single onchain UTXO with their balance belonging just the them.

These are the VTXOs (Virtual UTXOs). You can exercise your unilateral exit at any time by broadcasting your VTXOs.

(Pedantic detail that you don't really need to know: if there are 5 users, it's not a single transactions that spends the 5-of-5 directly to five different UTXOS, one for each of the five users. There is a tree of transactions, and each user has a copy of the chain of transactions that are necessary to get their balance out to a single UTXO under their control)

It's possible to receive payments at any time from another Ark user. But it requires a bit of trust (because the Ark Service Provider [ASP] and the sender could collude to take payment money that they sent to you) and therefore I won't discuss it in detail. Ark doesn't use the cool Lightning tech for instant settlement with commitment transactions. Therefore, I'll ignore this slightly-trusted part of Ark, and I will focus on the fully trustless parts, i.e. where Ark users have unilateral exit

If you already have 1000 sats locked up safely in one 'round' onchain, and you receive another 500 sats and you want those to be locked up safely, then you will need to take part in another round. This is where things get really interesting, and this is the bit I only just fully understood today ...

The ASP creates a new 'round', i.e. a new multsig output onchain that includes all the users who wish to take part. In this round, you will be assigned 1500 sats. i.e. you now have unilateral exit allowing you to take 1500 sats

But you still have the VTXOs from the first round, and so it seems like you could implement both exits and thereby claim 1000+1500 = 2500 sats, stealing 1000 sats from the Ark Service Provider

The solution is a 'forfeit' transaction. The ASP won't include the 1000 sats in the new round unless you first sign a 'forfeit' transaction and give that signature to the ASP. This gives control of your original 1000 sats to the ASP; if you broadcast the original VTXOs, then the ASP can use the forfeit to claim those 1000 sats for itself. There is a timelock in the VTXOs, in order to give the ASP sufficient time to broadcast the forfeit transaction

The forfeit therefore protects the ASP, because it stops the user from 'double exiting'. There can then be multiple on chain 'rounds', and you have a balance in all of them, but you are practically able to access only one of them [the latest one]. 'Your' money in the older round UTXOs isn't really yours any more.

But we must also protect the user! You, the user, don't want to forfeit your balance in the 'old' onchain UTXOs before the new 'round' is confirmed on chain. The solution here is 'connector outputs'; the forfeit transaction depends on outputs created in the new round and therefore the forfeit is ineffective until the new round is confirmed.

So now both the user and the ASP are protected. The user has a balance on-chain in the 'old' round, with full unilateral exit via their VTXOs, and they can trustlessly and atomically 'move' that into a 'new' onchain round. It's not instant, because the new rounds need to be confirmed on chain, but it is unilateral exit

So Ark is great at scalability, but it has a few downsides for the various parties:

It's not private

If you insist on full sovereignty, i.e. you don't trust the ASP, then Ark is slow like on-chain. If you want instant trustless final settlement, then Lightning is still the only option

From the ASP's point of view, they have to lock up a lot of liquidity. If a given user has a balance of 21,000 sats and there are five rounds with that balance, then the ASP actually has to lock up 105,000 sats on chain. Each round therefore has an expiry time built in, where all the funds go back to the ASP after that expiry time; this motivates all users to take part in a new round - or exit or otherwise spend their funds - before the expiry.

This sounds like I'm being quite critical of Ark. It sounds like I'm saying that it's as slow and as non-private as on-chain, and the only advantage is scale because many users can share a single UTXO.

However, this is where Lightning comes in again. Lightning shows how you can take a slow and transparent system, and then build private instant settlement on top of it

In the vision of 'Ark as a channel factory for Lightning' that René Pickhardt and others have been talking about for a couple of years, everyone can have a full Lightning node. They haven't channels with other people, doing (blind) routing over the Lightning network. They'll be paying for preimages in the usual way. They'll be sending 'commit transactions' over and back in the usual way. Fully Lightning in every way, no compromises. In this vision, everyone gets private instant settlment because they directly use Lightning

The subtlety in this approach is that, instead of Lightning channels being backed by conventional already-confirmed on-chain funding transactions, the funding transaction that backs the Lightning channel is instead an Ark VTXO. You and I can set up a Lightning channel without broadcasting that funding transaction; we are both satisfied that either of us can - at any time - broadcast the Ark VTXOs to get the funding transaction on chain. This allows us to do all the Lightning stuff as if the funding transaction is already on chain.

In this context, you would have to 'exit' twice in order to get your funds. The first 'exit' is the Ark exit, where you broadcast the VTXOs in order to create the 2-of-2 funding transaction for the Lightning channel, and then the second exit is where you broadcast your latest Lightning commitment transaction in order to split the the 2-of-2 into the final on chain balance for you and for your channel partner

In the 'channel factory', Lightning is still the Layer 2. All payments fully go through Lightning, giving us private instant settlement. Ark is like 'Layer 1.1', offering a wrapper over Layer 1 that is still slow and somewhat transparent, but which allows us to scale up the number of users that can fit on chain

Raw JSON

{
  "kind": 1,
  "id": "41daf5a485c7c3b75f07f0397085d981f7411174d22ef57c9683abfd4e9c6c66",
  "pubkey": "12ee03d11684a125dd87be879c28190415be3f3b1eca6b4ed743bd74ffd880e6",
  "created_at": 1782033357,
  "tags": [
    [
      "alt",
      "A short note: I think I finally fully understand Ark, and will t..."
    ],
    [
      "client",
      "Amethyst"
    ]
  ],
  "content": "I think I finally fully understand Ark, and will try to explain it here:\n\n(The swapping from the old round to the new round was what I didn't fully understand until I asked AI a few questions this morning)\n\nLightning already shows how two users can share one UTXO; both parties have a pre-signed transaction that they can broadcast at any time to spend the onchain 2-of-2 UTXO. That transaction spends that one UTXO and creates two new UTXOs which give each party their balance.\n\nIn Ark, it's basically the same, but with any number of users. The onchain UTXO is an n-of-n multisig instead of just 2-of-2. All parties have the necessary transactions which they can broadcast at any time. So every user has 'unilateral exit', they can broadcast these transactions at any time and get a single onchain UTXO with their balance belonging just the them.\n\nThese are the VTXOs (Virtual UTXOs). You can exercise your unilateral exit at any time by broadcasting your VTXOs.\n\n(Pedantic detail that you don't really need to know: if there are 5 users, it's not a single transactions that spends the 5-of-5 *directly* to five different UTXOS, one for each of the five users. There is a tree of transactions, and each user has a copy of the *chain* of transactions that are necessary to get their balance out to a single UTXO under their control)\n\nIt's possible to receive payments at any time from another Ark user. But it requires a bit of trust (because the Ark Service Provider [ASP] and the sender could collude to take payment money that they sent to you) and therefore I won't discuss it in detail. Ark doesn't use the cool Lightning tech for instant settlement with commitment transactions. Therefore, I'll ignore this slightly-trusted part of Ark, and I will focus on the fully trustless parts, i.e. where Ark users have unilateral exit\n\nIf you already have 1000 sats locked up safely in one 'round' onchain, and you receive another 500 sats and you want those to be locked up safely, then you will need to take part in another round. This is where things get really interesting, and this is the bit I only just fully understood today ...\n\nThe ASP creates a new 'round', i.e. a new multsig output onchain that includes all the users who wish to take part. In this round, you will be assigned 1500 sats. i.e. you now have unilateral exit allowing you to take 1500 sats\n\nBut you still have the VTXOs from the first round, and so it seems like you could implement both exits and thereby claim 1000+1500 = 2500 sats, stealing 1000 sats from the Ark Service Provider\n\nThe solution is a 'forfeit' transaction. The ASP won't include the 1000 sats in the new round unless you first sign a 'forfeit' transaction and give that signature to the ASP. This gives control of your original 1000 sats to the ASP; if you broadcast the original VTXOs, then the ASP can use the forfeit to claim those 1000 sats for itself. There is a timelock in the VTXOs, in order to give the ASP sufficient time to broadcast the forfeit transaction\n\nThe forfeit therefore protects the ASP, because it stops the user from 'double exiting'. There can then be multiple on chain 'rounds', and you have a balance in all of them, but you are practically able to access only one of them [the latest one]. 'Your' money in the older round UTXOs isn't really yours any more.\n\nBut we must also protect the user! You, the user, don't want to forfeit your balance in the 'old' onchain UTXOs before the new 'round' is confirmed on chain. The solution here is 'connector outputs'; the forfeit transaction depends on outputs created in the new round and therefore the forfeit is ineffective until the new round is confirmed.\n\nSo now both the user and the ASP are protected. The user has a balance on-chain in the 'old' round, with full unilateral exit via their VTXOs, and they can trustlessly and atomically 'move' that into a 'new' onchain round. It's not instant, because the new rounds need to be confirmed on chain, but it is unilateral exit\n\nSo Ark is great at scalability, but it has a few downsides for the various parties:\n\nIt's not private\n\nIf you insist on full sovereignty, i.e. you don't trust the ASP, then Ark is slow like on-chain. If you want instant trustless final settlement, then Lightning is still the only option\n\nFrom the ASP's point of view, they have to lock up a lot of liquidity. If a given user has a balance of 21,000 sats and there are five rounds with that balance, then the ASP actually has to lock up 105,000 sats on chain. Each round therefore has an expiry time built in, where all the funds go back to the ASP after that expiry time; this motivates all users to take part in a new round - or exit or otherwise spend their funds - before the expiry.\n\nThis sounds like I'm being quite critical of Ark. It sounds like I'm saying that it's as slow and as non-private as on-chain, and the only advantage is scale because many users can share a single UTXO.\n\nHowever, this is where Lightning comes in again. Lightning shows how you can take a slow and transparent system, and then build private instant settlement on top of it\n\nIn the vision of 'Ark as a channel factory for Lightning' that René Pickhardt and others have been talking about for a couple of years, everyone can have a full Lightning node. They haven't channels with other people, doing (blind) routing over the Lightning network. They'll be paying for preimages in the usual way. They'll be sending 'commit transactions' over and back in the usual way. Fully Lightning in every way, no compromises. In this vision, everyone gets private instant settlment because they directly use Lightning\n\nThe subtlety in this approach is that, instead of Lightning channels being backed by conventional already-confirmed on-chain funding transactions, the funding transaction that backs the Lightning channel is instead an Ark VTXO. You and I can set up a Lightning channel without broadcasting that funding transaction; we are both satisfied that either of us can - at any time - broadcast the Ark VTXOs to get the funding transaction on chain. This allows us to do all the Lightning stuff *as if* the funding transaction is already on chain.\n\nIn this context, you would have to 'exit' twice in order to get your funds. The first 'exit' is the Ark exit, where you broadcast the VTXOs in order to create the 2-of-2 funding transaction for the Lightning channel, and then the second exit is where you broadcast your latest Lightning commitment transaction in order to split the the 2-of-2 into the final on chain balance for you and for your channel partner\n\nIn the 'channel factory', Lightning is still the Layer 2. All payments fully go through Lightning, giving us private instant settlement. Ark is like 'Layer 1.1', offering a wrapper over Layer 1 that is still slow and somewhat transparent, but which allows us to scale up the number of users that can fit on chain",
  "sig": "c1435c27be796c68c9a2aa254dd7ec884f4a016b4b9932948a48ab03c45adfda327e7a3a5430c1b561f25e7c591fd1be55e7197d83568b38940082ddd233b176"
}