'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- Understanding how watchtowers work
- Find an altruistic watchtower
- Setting up a watchtower
In Lightning, each channel is based on a sequence of successive states, represented by unpublished commitment transactions. With each Lightning payment or routing, the 2 participants in the channel build a new pair of commitment transactions, reflecting the current distribution of funds in the channel. Old commitment transactions become obsolete.
If one of the parties publishes an out-of-date state, the other has the right to sanction it and recover the full amount of the channel's funds. In this chapter, we'll take a brief look at how this mechanism works, and then explain how to set up a watchtower: a system to protect your Lightning node from possible cheating attempts.
Understanding how watchtowers work
At any given moment, each party in the channel has a commitment transaction which, if published, would enable them to close the channel and recover their share of the funds. This process is known as forced closure. But if they attempted to publish an older commitment transaction, corresponding to a previous state of the channel where it held more sats, then this transaction would be considered a cheating attempt. In this case, the counterparty can use the revocation key associated with this older state to recover the full amount of funds in the channel, while the cheater is temporarily blocked by the timelock.
This system means that publishing an old state, i.e. attempting to cheat, is very risky: if the other party sees this transaction on the mempool or on the blockchain before the timelock expires, they can use the revocation key and recover all the funds. Therefore, the security of your Lightning channel depends on your ability to detect a cheating attempt within the time window imposed by the timelock.
Why are watchtowers necessary?
The penalty mechanism only works if the injured party is able to:
- monitor each new Bitcoin block to see if a channel commitment transaction has been published;
- determine whether this transaction corresponds to the last valid state or to a revoked state;
- in the event of a revoked status, to broadcast the legal transaction in time, using the revocation key to recover all funds before the timelock expires.
In an ideal scenario, your Lightning node is online 24/7, it is synchronized and continuously monitoring the blockchain. For this reason, it can single-handedly detect a cheating attempt and react. In practice, however, a personal Lightning node can shut down, particularly in the event of a prolonged power cut or Internet connection failure.
It's precisely during these periods of downtime that the risk becomes real: if a dishonest peer publishes an old status while your node is offline, and the timelock runs out without any reaction from you, the cheating becomes effective. You lose some or all of your funds in the channel.
Watchtowers were introduced to reduce this risk. A watchtower is an external service which, monitors the blockchain on your behalf, scanning for the possible publication of an old status on one of your channels, and, if necessary, automatically broadcasts the penalty transaction on your behalf. So, even if your Lightning node remains offline for an extended period, as long as the watchtower you're using is operational, it will be able to protect your funds by monitoring any cheating attempts and applying the corresponding penalty, as soon as it detects one.
How a watchtower operates
A watchtower is designed to minimize the information it learns about your channels, while giving it the means to act in the event of a problem:
- For each new channel state with a peer, your node prepares a potential penalty transaction in advance. In the event of this peer cheating, this transaction would allow you to recover all the funds in the channel;
- Your node then encrypts this penalty transaction using the TXID of the corresponding commitment transaction (the one that would be used if the cheater were to attempt a fraud). As long as no closure takes place, the watchtower cannot decrypt this transaction, as it does not fully know the TXID of the cheating transaction;
- Your node sends the watchtower a packet containing the encrypted penalty transaction and half the TXID of the potential cheating transaction.
As the TXID transmitted to the watchtower is incomplete, it cannot decrypt the justice transaction. However, it can monitor the blockchain for a TXID that matches the part it owns. If it detects such a transaction, it then attempts to use the full TXID of that transaction to decrypt your penalty transaction. If the decryption succeeds, it knows it's a cheating attempt and immediately publishes the penalty transaction for you.
The watchtower therefore has no visibility of the details of your channels: neither the identity of your peers, nor the balances, nor the structure of the transactions. It only sees encrypted packets. The only information it can deduce is the rate at which your channels are updated, since it receives a packet for each new state, but is unable to know its content. In the event of cheating, it will certainly discover the channel information by decrypting the penalty transaction, but at least your sats will be saved.
This mechanism is based on a compromise: you delegate the ability to publish a pre-signed penalty transaction to the watchtower, but this transaction remains totally opaque to the watchtower until some cheating takes place. The watchtower can neither modify the recipients nor divert the funds, since it only has a transaction that has already been signed, with the outputs frozen in your favor. Nor can it know the details of a channel in a legitimate forced or cooperative closure, as the TXIDs don't match. On the other hand, watchtower remains a minimal trusted third party: you need to rely on it to be online and to properly broadcast your justice transaction when you need it.
Becoming a watchtower
In theory, any Lightning node can act as a watchtower for other nodes (if they use the same implementation, e.g. LND), while itself being protected by other nodes playing this role for it. In the following practical sections, I'll show you how to set up this simple mechanism on your LND under Umbrel.
As a consequence, an interesting strategy might be to agree with trusted bitcoiner friends to act as each other's watchtower. You monitor their channels, and they monitor yours.
Find an altruistic watchtower
If you don't know anyone around you who can provide a watchtower service, there are a number of altruistic public watchtowers you can connect to. For example, in this LNP202 course, I suggest you connect to the watchtower service offered jointly by LN+ and Voltage, which is a watchtower for LND.
Here you have the login details:
- Via Tor:
023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf@iiu4epqzm6cydqhezueenccjlyzrqeruntlzbx47mlmdgfwgtrll66qd.onion:9911
- Via clearnet:
023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf@34.216.52.158:9911
To thank them for providing this free watchtower service, you can make a donation via Lightning.
Now that we are using an altruistic watchtower service, let's see how to configure it on our LND node under Umbrel.
Setting up a watchtower
From the
Lightning Node application, click on the three dots at the top right of the interface, then select Advanced Settings.Then go to the
Watchtower menu.Activate the
Watchtower Client option, then click on the SAVE AND RESTART NODE button. Wait for LND to restart.Once the restart is complete, go back to the same menu and enter the ID of the altruistic watchtower of your choice in the field provided. Then click on the
ADD button to confirm. You can also adjust the Watchtower Client Sweep Fee Rate parameter: this is the fee rate you are willing to pay for a possible justice transaction broadcast by the watchtower. There's no need to choose an excessively high rate, but you should also avoid a rate that's too low, otherwise the legal transaction won't be confirmed in time.Restart your node using the
SAVE AND RESTART NODE button to apply these changes.If you return to this same menu, you'll see that your Lightning node is now protected by the watchtower you've just added.
An altruistic watchtower is generally sufficient, especially if you don't place large amounts of money on your Lightning node and if you manage your node well (don't leave it off for too long). For even greater security, you can also add several by repeating the same process.
Quiz
Quiz1/5
lnp2022.3
What is watchtower's role when it detects a cheating attempt?