Author

Topic: Cold lightning routing/receiving (Read 75 times)

jr. member
Activity: 33
Merit: 74
October 04, 2021, 10:26:21 AM
#1
I just thought of an interesting idea that could make a lightning channel a lot more secure to use, and as a consequence could lead to much larger channels, more people routing on the LN, and lower LN transaction fees. The idea is to have some script mechanism that allows strictly netrual or positive lightning channel updates using a secondary key.

1. The lightning channel would be set up such that HTLCs and commitment update scripts can be signed by a secondary key that doesn't have the ability to either send through the lightning network or route payments in a way that loses money.

2. If these HTLCs or committments need to be published on chain, they must present proof of non-negativity. For receiving transactions, this could be a condition that allows signing with the secondary key as long as the amount allocated to the user's refund address is greater than a base commitment (which would need to be presented, along with a way to revoke it if that presented base commitment is out of date).  For routing transactions, the two channels used to route through could each have HTLCs that each require presenting the other HTLC, and the script would verify that any amount lost by one channel is exceeded by the amount gained by the other channel.

3. Spending transactions must still be signed with the primary key (eg via a hardware wallet).

The benefit is that one does not expose their spending keys in a hot wallet. Receiving and routing can still be done without exposing your funds to risk of theft. The maximum damage someone can do if they compromise your secondary key is to route payments for free. The downside is that the commitment and HTLC transactions would likely be significantly larger, which would affect the size of transactions that are economical to enforce.

I'm wondering if anyone has discussed this kind of idea before and if there have been any concrete mechanisms discussed.

Something similar could be done with a hardware-wallet-like device, where it internally verifies that a lightning transaction is at-worst neutral, and only if it is does it sign using your key. This still means that your key is online, but it certainly would be a huge step up from being online on a normal machine. This also wouldn't have the downside of larger enforcement transactions. But it would require a special device.
Jump to: