Author: Devrandom 2020-01-16 00:44:25
Published on: 2020-01-16T00:44:25+00:00
The email exchange discusses the limitations of external hardware wallets in the context of Lightning Network. The goal is to have a hardware unit act as a signer for all Lightning-related transactions using a simple communications channel with the software. However, such a design cannot achieve what an onchain Bitcoin hardware wallet does. Channel funding, updates, and reclaiming funds after channel close all require some state to be maintained by the external signer. The hardware must remember at least what the current state is, and store this knowledge in secure, modifiable memory that the software cannot touch. To prevent publication of own commitment transactions, the hardware can simply not sign them as they are created. The hardware provides three APIs: mark-as-close, get-final-signature (unilateral or mutual close option), and delete-closed. Trust in the node software can be reduced by delegating publishing of penalty transactions to watchtowers and proving to the hardware that the watchtowers have been informed of new state. Forwarding should be automated, but the hardware has to trust the software to perform it correctly. The hardware would have to maintain state about which HTLCs have been "used up" and forwarding would still be trusted.
Updated on: 2023-06-02T22:40:21.145085+00:00