Priyansh's Blog

Watchtowers in LND - Protect yourself from breach ๐Ÿ™€โœจ

Watchtowers in LND - Protect yourself from breach ๐Ÿ™€โœจ

A guide to setup a watchtower for your node. ๐Ÿค–

Priyansh's photo
Priyansh
ยท

4 min read

Table of contents

Getting Started ๐ŸŒ…

The Lightning Netowork is a layer 2 scaling solution for Bitcoin making it fast and cheap. The main Bitcoin layer is not very suitable for making daily transactions or micropayments due to 10 minutes confirmation time which hinders Bitcoin adoption at a large scale.

Lightning solves this, in a trustless manner, but there are still few caveats to take into consideration to make sure that our funds are safe. That is where Watchtowers help. They ensure that our funds are safe from malicious channel closures, which is emerging as a major threat to well-capitalized Lightning node. ๐Ÿง

The Problem ๐ŸŒฉ

Lightning channels are constructed by setting up a two-of-two multisig address where one of the party makes a funding transaction and the funds get locked in a address. Now if one party wants to send funds to the other party he'll sign a commitment transaction which keeps a record of the balance on both sides of the channel. Once all the trade has happened, either party could publish the final commitment transaction and the funds from the locked address will be sent accordingly to both of them(based on the balance record of final commitment transaction). ๐Ÿค

But this requires both nodes to be online to settle the transaction immediately. If one node goes offline, the other party has to wait for it to come online or will have to force close the channel. Now, force close won't be an issue if you trust the other party but as the lightning network grows it is very much possible that you interact with an unknown node/peer and there are chances that he could publish a previous commitment transaction(revoked) when you are offline and force close the channel. So it is important to take all the protective measures to secure your funds, hence you should run a Watchtower. ๐Ÿฆพ

Let's understand it better through an example - Let's say there are 2 node operators A and B. They opened a channel between them and funded it with 100 sats. Now the following series of operations take place:

A sends 50 sats to B. So the first commitment transaction will look like: 

              A                               B
        (Bal: 50 sats)------------------(Bal: 50 sats)

A again sends 20 sats to B. So the second commitment transaction will look like: 

              A                               B
        (Bal: 30 sats)------------------(Bal: 70 sats)

Now B sends 50 sats to A. So the third commitment transaction will look like: 

              A                               B
        (Bal: 80 sats)------------------(Bal: 20 sats)

Now both the nodes are done with the payments and they want to close the channel by publishing the final transaction on the main bitcoin layer. But somehow A's node went offline, now Node B acts maliciously and he sees that in the second commitment transaction he has more balance(70 sats) than final state(20 sats). So he broadcasts this transaction and receives 70 sats instead of 20 sats, thus Node A lost his funds. ๐Ÿฅบ

Possible Solution โœจ

There are 2 possible solutions:

  • If Node A gets lucky and immediately gets online then he could publish a punishment/justice transaction to get back all the funds of the channel.
  • He could add a second line of defense in responding to malicious or accidental breach scenarios - Watchtowers

Watchtowers protect against malicious breach by keeping a running tab of your channel balances and defending against malicious closures. If a bad actor were to close a channel while you have a watchtower active on your Lightning node, they will instantly be penalized through a justice transaction instead, and you will get all of their funds. Backfire! Hehe! ๐Ÿ’ฅ

Setting Up A Watchtower ๐Ÿ‹๏ธโ€โ™‚๏ธ

The team at Lightning Labs has made it really easy to setup a watchtower by directly integrating it in the LND. As of v0.7.0, lnd supports the ability to run a private, altruist watchtower as a fully-integrated subsystem of lnd. Pretty cool no? ๐Ÿ„๐Ÿป

Also lnd can now be configured to operate as a Watchtower Client, backing up justice transactions to other altruist watchtowers.

In order to start a watchtower you have to add watchtower.active=1 to your lnd.conf file or add it as a flag while starting the node.

lnd --watchtower.active

Check the tower info

lncli tower info

You'll get something like below which shows the pubkey of the tower using which watchtower clients can connect to this tower and addresses at which this watchtower is listening.

Screenshot from 2022-07-06 16-51-35.png

You can also become a watchtower client and add other watchtowers to observe your channel updates. To set up as a watchtower client add the flag --wtclient.active while starting the node.

Now you can add a watchtower using the add command:

lncli wtclient add 03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63@1.2.3.4:9911

You can perform other operations as well:

Screenshot from 2022-07-06 16-58-26.png

Get tower info:

lncli wtclient tower 03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63
{
    "pubkey": "03281d603b2c5e19b8893a484eb938d7377179a9ef1a6bca4c0bcbbfc291657b63",
    "addresses": [
        "1.2.3.4:9911"
    ],
    "active_session_candidate": true,
    "num_sessions": 1,
    "sessions": []
}

Creating A Breach ๐Ÿ› 

Hope you were able to successfully run a watchtower! โœŒ๏ธ

In the next blog I'll demonstrate how you could simulate a breach scenario through which you could actually see a watchtower in action and understand its working in more detail.

Cheers! ๐Ÿฅ‚

BitcoinlightingLND