Fraud-Fighting ‘Watchtowers’ to Arrive in Next Bitcoin Lightning Release

Tower-scaled
11 June 2019

So-called lightning network “watchtowers” – a much-anticipated next step for securing the network – are coming soon.

Watchtowers have long been considered a missing piece of bitcoin’s lightning layer, as they’re crucial for squashing fraud on the experimental, off-chain network that could make bitcoin payments faster and more scalable. With version 0.7 of the LND software release coming at an undisclosed date in June, Lightning Labs is launching the most complete build of a network watchtower to date.

When someone uses lightning, it’s necessary for someone using it to remain online to make sure their “counterparty” isn’t trying to steal those funds. But this is obviously a UX nightmare; for example, customers don’t have to monitor their Wells Fargo accounts every day to ensure that they’re not being defrauded.

The watchtower “watches” for old “states” to be broadcast. In other words, if a bad actor tries to broadcast an old transaction – giving themselves extra money – the watchtower responds by punishing that bad actor.

Thus, watchtowers outsource this anti-fraud functionality so users don’t have to do perform this kind of monitoring themselves.

Lightning Labs head of cryptographic engineering Conner Fromknecht has been the driving force behind this implementation, even giving a talk on the design decisions (like how they made decisions to preserve privacy) of the implementations at a virtual lightning conference in April. Lightning Labs CTO Olaoluwa Osuntokun and others on the team have collaborated with him design decisions over the past year.

As Osuntokun explained to CoinDesk:

“A big factor also [in my opinion] is that now we have a direct deterrence in place against any possible breach attempts, now that the tower code is out there in the open, an attacker now has a very strong disincentive against attempting an attack since it’s very possible that the potential victim has a tower watching their back.”

The concept for watchtowers aren’t new, as it was first proposed in the original 2015 lightning network whitepaper as a way to prevent fraud.

Indeed, Lightning Labs has been working on an implementation since at least the beginning of last year, as CoinDesk reported. But what’s set to be released is, perhaps, the most-advanced implementation intended for real-world use so far.

Running a ‘tower’

Since inception, there have been some technological tests for watchtowers, including MIT’s Lit, an open-source project led by lightning white paper co-author Tadge Dryja, and Lightning Peach from blockchain services firm Bitfury.

But with LND’s forthcoming release, one notable aspect will be that users will be able to tap the watchtowers to watch real-world participants who are testing lightning today.

Then there’s Bitcoin Lightning Wallet, which implements watchtowers in what’s known as the “Olympus Server,” but Osuntokun argues it doesn’t have “auto discovery.”

The other benefit of LND’s watchtowers, Osuntokun notes, is that can be run by anyone.

“The importance of this release is that once deployed, any routing node can run their own tower to protect their infrastructure, also any business using [lightning network] today can also start to run towers to protect their nodes,” Osuntokun told CoinDesk.

But not everyone will want to run their own watchtower, especially as they will eat up a lot of data. So people can start connecting to outside towers to protect their money.

As more of these towers crop up, users can connect to as many of the towers as they want to make sure they’re not trusting just one tower to make sure their money is safe. That said, this state of affairs might not happen right away.

“We’ll also likely see instances of people running towers in the open for their friends to connect to for themselves,” Osuntokun added.

Osuntokun expects that the introduction of watchtowers will lead to a “safer network,” paving the way for users to be able to make payments on the network that weren’t considered safe before. That includes allowing users to put more money into lightning channels via a technology named after Spongebob, he said.

‘Ecash’ token and beyond

This coming release is a big step for the long-awaited technology, but Osuntokun and the Lightning Labs team still have future plans for improving the watchtower software.

For example, those users set to run watchtowers will be doing so for free. But Lightning Labs is planning an upgrade to allow people to pay small fees to watchtowers so there’s “financial incentive” to run them as well.

Interestingly, though, there’s a bit of a debate going on about the necessity of this approach.

Lightning co-creator Dryja has argued that if lightning works, watchtowers shouldn’t actually be used very much. That’s because, if the watchtowers work, bad actors shouldn’t try to broadcast old channels states because the watchtowers will ensure the bad actor loses money if they try.

And if there are watchtowers at work, such an arrangement should, in theory, serve as a barrier to keep people from trying to commit fraud. Therefore, they’ll rarely be used and get paid for it. But it’s hard to predict such outcomes until the watchtowers have been deployed and start attracting user attention.

As they’re trying to keep watchtowers as privacy-preserving as possible, the team is looking into a way for making these payments to watchtowers more private.

To that end, they’re looking into creating a “sort of ecash token.” Ecash is the anonymous currency created by cryptographer David Chaum in the 1980s, and is considered to be one of the precursors to bitcoin.

The idea is to allow lightning users to pay for watchtowers in a way that isn’t “linkable.”

Then, there’s one other big step. Right now, LND is the only main lightning network implementation following the official specifications to have an up-and-running watchtower so far. As such, other implementations will need to implement their own watchtowers as well.

CN Tower and lightning strike image via Shutterstock

Correction: An earlier version of this article implied BLW’s Olympus Server is not open source. This has been fixed.