[Lightning-dev] eltoo towers and implications for settlement key derivation

Rusty Russell rusty at rustcorp.com.au
Mon Dec 2 23:53:01 UTC 2019

Conner Fromknecht <conner at lightning.engineering> writes:
> Hi all,
> I recently revisited the eltoo paper and noticed some things related
> watchtowers that might affect channel construction.
> Due to NOINPUT, any update transaction _can_ spend from any other, so
> in theory the tower only needs the most recent update txn to resolve
> any dispute.
> In order to spend, however, the tower must also produce a witness
> script which when hashed matches the witness program of the input. To
> ensure settlement txns can only spend from exactly one update txn,
> each update txn uses unique keys for the settlement clause, meaning
> that each state has a _unique_ witness program.

I didn't think this was the design.  The update transaction can spend
any prior, with a fixed script, due to NOINPUT.

The settlement transaction does *not* use NOINPUT, and thus can only
spend the matching update.


More information about the Lightning-dev mailing list