Watchtowers in LND - Protect yourself from breach ๐โจ
A guide to setup a watchtower for your node. ๐ค
Getting Started ๐
The Lightning Netowork is a layer 2 scaling solution for Bitcoin making it fast and cheap. The main Bitcoin layer is not very suitable for making daily transactions or micropayments due to 10 minutes confirmation time which hinders Bitcoin adoption at a large scale.
Lightning solves this, in a trustless manner, but there are still few caveats to take into consideration to make sure that our funds are safe. That is where Watchtowers help. They ensure that our funds are safe from malicious channel closures, which is emerging as a major threat to well-capitalized Lightning node. ๐ง
The Problem ๐ฉ
Lightning channels are constructed by setting up a two-of-two multisig address where one of the party makes a funding transaction and the funds get locked in a address. Now if one party wants to send funds to the other party he'll sign a commitment transaction which keeps a record of the balance on both sides of the channel. Once all the trade has happened, either party could publish the final commitment transaction and the funds from the locked address will be sent accordingly to both of them(based on the balance record of final commitment transaction). ๐ค
But this requires both nodes to be online to settle the transaction immediately. If one node goes offline, the other party has to wait for it to come online or will have to force close the channel. Now, force close won't be an issue if you trust the other party but as the lightning network grows it is very much possible that you interact with an unknown node/peer and there are chances that he could publish a previous commitment transaction(revoked) when you are offline and force close the channel. So it is important to take all the protective measures to secure your funds, hence you should run a Watchtower. ๐ฆพ
Let's understand it better through an example - Let's say there are 2 node operators A and B. They opened a channel between them and funded it with 100 sats. Now the following series of operations take place:
A sends 50 sats to B. So the first commitment transaction will look like:
A B
(Bal: 50 sats)------------------(Bal: 50 sats)
A again sends 20 sats to B. So the second commitment transaction will look like:
A B
(Bal: 30 sats)------------------(Bal: 70 sats)
Now B sends 50 sats to A. So the third commitment transaction will look like:
A B
(Bal: 80 sats)------------------(Bal: 20 sats)
Now both the nodes are done with the payments and they want to close the channel by publishing the final transaction on the main bitcoin layer. But somehow A's node went offline, now Node B acts maliciously and he sees that in the second commitment transaction he has more balance(70 sats) than final state(20 sats). So he broadcasts this transaction and receives 70 sats instead of 20 sats, thus Node A lost his funds. ๐ฅบ
Possible Solution โจ
There are 2 possible solutions:
- If Node A gets lucky and immediately gets online then he could publish a punishment/justice transaction to get back all the funds of the channel.
- He could add a second line of defense in responding to malicious or accidental breach scenarios - Watchtowers
Watchtowers protect against malicious breach by keeping a running tab of your channel balances and defending against malicious closures. If a bad actor were to close a channel while you have a watchtower active on your Lightning node, they will instantly be penalized through a justice transaction instead, and you will get all of their funds. Backfire! Hehe! ๐ฅ
Setting Up A Watchtower ๐๏ธโโ๏ธ
The team at Lightning Labs has made it really easy to setup a watchtower by directly integrating it in the LND. As of v0.7.0, lnd
supports the ability to run a private, altruist watchtower as a fully-integrated subsystem of lnd
. Pretty cool no? ๐๐ป
Also lnd
can now be configured to operate as a Watchtower Client, backing up justice transactions to other altruist watchtowers.
In order to start a watchtower you have to add watchtower.active=1
to your lnd.conf
file or add it as a flag while starting the node.
lnd --watchtower.active
Check the tower info
lncli tower info
You'll get something like below which shows the pubkey of the tower using which watchtower clients can connect to this tower and addresses at which this watchtower is listening.
You can also become a watchtower client and add other watchtowers to observe your channel updates. To set up as a watchtower client add the flag --wtclient.active
while starting the node.
Now you can add a watchtower using the add command:
lncli wtclient add 03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63@1.2.3.4:9911
You can perform other operations as well:
Get tower info:
lncli wtclient tower 03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63
{
"pubkey": "03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63",
"addresses": [
"1.2.3.4:9911"
],
"active_session_candidate": true,
"num_sessions": 1,
"sessions": []
}
Creating A Breach ๐
Hope you were able to successfully run a watchtower! โ๏ธ
In the next blog I'll demonstrate how you could simulate a breach scenario through which you could actually see a watchtower in action and understand its working in more detail.
Cheers! ๐ฅ