[Lightning-dev] Trustless WatchTowers?
ZmnSCPxj at protonmail.com
Mon Apr 16 03:32:43 UTC 2018
Nicolas Dorier was requesting additional hooks in c-lightning for a simple WatchTower system: https://github.com/ElementsProject/lightning/issues/1353
Unfortunately I was only able to provide an interface which requires a *trusted* WatchTower. Trust is of course a five-letter word and should not be used in polite company.
My key problem is that I provide enough information to the WatchTower for the WatchTower to be able to create the justice transaction by itself. If so, the WatchTower could just make the justice transaction output to itself and the counterparty, so that the WatchTower and the counterparty can cooperate to steal the channel funds: the counterparty publishes a revoked transaction, the WatchTower writes a justice transaction on it that splits the earnings between itself and the counterparty.
It seems to me, that the only safe way to implement a trustless WatchTower, is for the node to generate a fully-signed justice transaction, IMMEDIATELY after every commitment transaction is revoked, and transmit it to the WatchTower. The WatchTower would have to store each and every justice transaction it received, and would not be able to compress it or use various techniques to store data efficiently. The WatchTower would not have enough information to regenerate justice transactions (and in particular would not be able to create a travesty-of-justice transaction that pays out to itself rather than the protected party). In practice this would require that node software also keep around those transactions until some process has ensured that the WatchTower has received the justice transactions.
Is there a good way to make trustless WatchTowers currently or did this simply not reach BOLT v1.0?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Lightning-dev