[Lightning-dev] eltoo towers and implications for settlement key derivation
ZmnSCPxj at protonmail.com
Tue Dec 3 08:26:22 UTC 2019
Good morning aj,
> The watchtower only needs to post the update tx -- as long as the latest
> update is posted, the only tx that can spend it is the correct settlement,
> so you can post that whenever you're back online, even if that's weeks
> or months later, and likewise for actually claiming your funds from the
> settlement tx's outputs.
This is mildly undesirable, as one of the failure modes is total loss / destruction of your Lightning node.
If the blob contains enough information to bring the update *and* the settlement *and* a transaction that spends your output of the settlement and sends it to a cold-storage address, then at least part of your funds (the ones that are not in HTLCs you could have claimed) can be placed back by the watchtower to some cold-storage address (that is controlled by different hardware from your Lightning node).
Though this is arguably an edge case and it may be a worthwhile tradeoff to just have the watchtower handle up to update transaction only, especially since `SIGHASH_NOINPUT` use we propose expects to have fees paid by another output, not what is being used in the update transaction.
This reduces the scope of watchtowers, simplifying their implementation, increasing the chance we can deploy a watchtower network feasibly.
More information about the Lightning-dev