Author: Eric Voskuil 2021-07-06 05:09:59
Published on: 2021-07-06T05:09:59+00:00
The issue of custodian proof-of-reserves is addressed in a conversation on the GitHub page for libbitcoin-system. One participant explains that while it is possible for both participants in a Lightning channel to sign a correct statement of truth regarding their pubkeys and ownership, this attestation is only valid at the instant it is taken and cannot be used as verification that the money is still owned by the same partner in the next second due to the privacy of LN transactions. The problem of conditional ownership based on knowledge of keys exists on-chain as well, where a thief who has gotten a copy of the key can sign a transaction that spends it. The issue with custodian proof-of-reserves is that funds are conditioned on knowledge of keys which is easily copyable, potentially allowing someone else to move the funds outside of the control of the custodian. There is no way to prove that there is no alternate copy of the privkeys. On the other hand, while the same problem exists on-chain, the onchain proof requires more conditions to occur than the off-chain proof. In terms of Lightning channels, it is suggested that one of the participants should be provably the custodian for the channel and that every channel is anchored onchain. The counterparty being another custodian who wants proof-of-reserves has an incentive to overreport but the first party would refuse to sign. A sockpuppet of the custodian would have the entire channel owned by the custodian and it would be foolish to claim to have less funds than the entire channel. However, there are possible race conditions where a custodian Lightning node is unable to "freeze" a snapshot of its current state and make an atomic proof-of-reserves of all channels due to network latency and other factors.
Updated on: 2023-06-15T00:11:01.005429+00:00