Back to the Blog

Watchtowers on Lightning Network

Lightning Network payment channels work by enforcing a “fairness protocol” – a set of rules that incentivize honest collaboration between channel partners. After funding a channel, payments flow off-chain between peers. Those payments are valid, signed bitcoin transactions that spend the funding transaction output and reflect the current state of the payment channel. We call these off-chain bitcoin transactions “commitment transactions”.

In the image above, for example, Alice and Bob open a payment channel by making an on-chain transaction (Funding Transaction). Initially, Alice’s balance in this payment channel is 1 BTC and Bob’s balance is 0. The first commitment transaction they make is a refund to Alice, after that, they make 3 payments:

  • Alice pays Bob 0.1 BTC (Commitment Transaction #2).
  • Alice pays Bob 0.4 BTC (Commitment Transaction #3).
  • Bob pays Alice 0.2 BTC (Commitment Transaction #4).

But remember: each commitment transaction is a valid, signed Bitcoin transaction. This means that, at any point, Alice or Bob can broadcast one of the commitments into Bitcoin’s blockchain. This has to be done this way because if that weren’t the case, Bob could simply vanish and Alice wouldn’t be able to close the payment channel and get her money back.

But what if Bob tries to cheat on Alice, by broadcasting an old commitment transaction that doesn’t reflect the actual channel balance anymore (Commitment Transaction #3, for example)? The Lightning protocol solved this issue by providing a way for Alice to reclaim all of the funds locked in the payment channel if she detects that Bob is trying to cheat on her.

In simple terms, each party holds a slightly different version of the commitment transaction, where the output for him or herself has two different spending conditions. It can either be spent by the party that holds the transaction after a certain amount of time or it can be spent immediately by the other party by presenting a special key called a “revocation key”.

If Alice sees Bob’s commitment transaction on Bitcoin’s blockchain, she has a time frame of 500 blocks to send a penalty transaction and get all the funds of the channel back to her, by using her revocation key.

This might sound reasonable, but what if Alice is unable to publish her penalty transaction for some reason? She could have internet issues or live in an area with regular power outages, for example. If Alice is unable to publish her penalty transaction in that 500-block period then Bob successfully cheated on Alice and stole her funds.

What are Watchtowers?

Watchtowers protect nodes in situations like the example described above, where one channel partner is trying to cheat, by broadcasting an old commitment transaction and the other party is unable to publish the penalty transaction. If Alice has watchtowers set up for her node, she has an extra layer of protection against dishonest channel partners.

There are two types of watchtowers: altruistic watchtowers and reward watchtowers. Altruistic channel partners return all of the victim’s funds (minus on-chain fees) and reward watchtowers negotiate a portion of the channel funds as a reward for protecting their clients.

How do Watchtowers work?

Before we see how a Watchtower works, let’s clear out some terminology:

  • Watchtower: the node providing the service, watching the blockchain, and responding to channel breaches on behalf of its clients.
  • Clients: lightning nodes that connect to a watchtower and are safeguarded by it.
  • Breach transaction: the cheater transaction, a revoked commitment transaction.
  • Penalty transaction: the transaction that punishes the cheating party, claiming all the funds to an address controlled by the cheated party.

The process starts with a client connecting to a watchtower. Both parties will negotiate terms about the service that the watchtower will provide for this specific client. The most simple service is having the watchtower simply watch for breach transactions and broadcast a penalty transaction in case of a breach. There’s also a service that does the exact same thing as the former with the added benefit of providing signed receipts for its clients that contain verifiable evidence that the watchtower was hired by the client.

Signed receipts serve as an accountability mechanism for the watchtower clients. In case the watchtower fails to detect the breach or to broadcast the penalty transaction, the client will have evidence that the watchtower failed to fulfill its duty.

After a successful connection, the client will constantly update the watchtower for every new commitment transaction on any of the client’s channels. The watchtower needs these constant updates to know what transactions to look for in the mempool and in the blockchain.

More specifically, for every channel update, the client will send the watchtower an “appointment” message that contains (among other things) the following:

  • A locator: the first half of the transaction ID for a revoked commitment transaction;
  • An encrypted “blob”: the encrypted penalty transaction for that revoked transaction;
  • A start block: a block for the watchtower to start its search for the locator;
  • An end block: the block where the watchtower can stop looking for that specific locator;

Note that the client sends an encrypted penalty transaction and only the first half of the transaction ID as a locator. The benefit of sending an encrypted penalty transaction is protecting the client’s privacy. The watchtower can only decrypt the penalty transaction with the entire transaction ID of the breach transaction, which ensures that the watchtower only gains information about the channel balances of its clients in case of a channel breach.

Now the Watchtower is going to watch the mempool and start scanning the blockchain at the block specified by the client, searching for the provided locator. In case it finds it, it’ll use the other half of the transaction ID to decrypt the penalty transaction and broadcast it on behalf of the client.

How to connect to watchtowers

Each lightning node implementation has its particular way of setting up a watchtower, you can check out LND docs, for instructions on how to connect to a watchtower using LND. Furthermore, if you want to connect with a watchtower we recommend the Lightning Network+ watchtowers.

If you’re running CLN, you can use its plugins to add a watchtower client, such as the popular “The Eye of Satoshi” client. You can check out the documentation on how to set up the client as a CLN plugin on their GitHub page.

How to run a Watchtower

If you’re interested in running your own watchtower to safeguard other lightning nodes, you can also use The Eye of Satoshis software, but in this case, you’ll use the watchtower software itself, not the client mentioned in the section above. You can read the instructions on how to set it up here.


Create your own node below, or learn more about our Lightning Enterprise solution today.


SUBSCRIBE TO OUR NEWSLETTER

Related

Watchtowers on Lightning Network blog

Announcing Nostr support on Voltage with NIP05, Lightning Address, and Zaps

News

April, 7 2023

Voltage has launched support for Nostr! We’ve been eagerly watching and participating in the build-out of the Nostr ecosystem. Now, we’re excited to offer our own services to...

Read More
Watchtowers on Lightning Network blog

Lightning Payments: Pre-Images & Hashes

The Lightning Network uses payment pre-images and payment hashes as essential components of its Hash-Time-Locked Contract (HTLC). The HTLC is a smart contract that enforces a fairness protocol...

Read More
Watchtowers on Lightning Network blog

What are the differences between LND and CLN?

The Lightning Network protocol is formalized in specification documents called BOLTs (Basis of Lightning Technologies). All organizations that maintain Lightning Network node implementations must follow the specifications described...

Read More