The Eye of Satoshi

Intro: Lightning

Lightning Network (LN) is a layer 2 protocol on top of Bitcoin. It fixes Bitcoin's scalability issues. Bitcoin at the moment can process ~7 transactions per second (which can never serve 8 billion people :v).

LN on the other hand can process ~1M transactions per second. This is because lightning transactions don't make it to the blockchain, they happen off-chain (except the transactions for opening and closing the lightning channels).

Channel partners start with an on-chain funding transaction, this is the transaction that opens a channel between these two partners. After the channel is open and confirmed on the blockchain, they can start transferring funds to each other with what's called a commitment transaction. This transaction basically updates the funds distribution that was originally set in the funding transaction. Each time a partner wants to pay the other, they create a new commitment transaction updating the fund distribution of the past commitment transaction. These commitment transactions doesn't get broadcasted to the blockchain, meaning that one can send and receive funds from that partner without sluggishing the network and totally fee-free*.

^{*Unless the payment passes through multiple hops.}

But how is this off-chain interaction safe?
Commitment transactions can be used to close the lightning channel anytime by either channel parties. All the old and yet to come commitment transactions are valid channel closing transactions and could be used to close the channel. Thus, One could broadcast an old commitment transaction that suggests an old fund distribution that favors one party (cheating). Ethically, when closing a lightning channel, the latest commitment transaction should be the one to broadcast to the Bitcoin network. Should we now assume everybody is ethical and start trusting each other, heh. Of course no.

Each commitment transaction has backdoors for each of the two parties that let each of them take out all the funds of the channel. This backdoor on transaction N isn't revealed for each of the parties until the commitment transaction N+1 is created.

Lightning achieves the off-chain security with this backdoor plus some timelock magic. Said simply, the broadcaster of the channel closing transaction (a commitment transaction) must wait some amount of time before spending their share of the funds that were in the channel. This gives time to the other party of the channel to notice the broadcasted closing transaction and assert that their counter party didn't cheat on them (use an old/revoked commitment transaction). If one party cheats the other will have some time to punish them through the backdoor and take out all the funds of the channel with a transaction called penalty (or justice) transaction.

With this setup, you should always watch the blockchain and never go offline or all your open channels are compromised. This is the problem watchtowers are for.

Watchtowers

A watchtower is a third party service that keeps an eye on your lightning channels and reacts if they were breached (your channel partner tried to cheat on you).

How would they know if your channel is breached?

This is mentioned in details in BOLT 13 (still WIP). But basically, the client (one channel party) supplies the tower with all the information it needs to act upon any breach. The client also won't have to compromise their privacy with exposing penalty transactions to the tower. They can send it encrypted and the tower won't be able to decrypt it unless a breach has actually occured.

The Eye of Satoshi

The Eye of Satoshi (TEOS) is a BOLT 13 compliant lightning watchtower written in Rust and was written in python before.

There is no docker image for the project at the moment not is it packaged, so you will have to build it from source. Install Rust from here to build the project.

TEOS consists of two main binaries:

• teosd which is the tower deamon that watches the blockchain and is running on top of bitcoind.
• teos-cli which is a CLI for controlling the tower and querying it. This is used by the tower owner.

The tower has recently got Tor support, which means the clients of the tower can interact with the tower over Tor for more privacy.

To run the tower, you need to:

• Make sure bitcoind is running.
• Setup TEOS config in ~/.teos/teos.toml.
• Head to the project directory and run cargo install --path teos to install the watchtower daemon on your system.
  • This also installs the CLI teos-cli.
• Run teosd to start the watchtower daemon.

The output would be something like this:

To stop the tower run teos-cli stop.

With the tower being setup, you can interact with it using its http endpoint:

• /register to register yourself with the tower. This will cost no money since the tower is offering an altruistic only service at the moment. But tower owners can setup their towers with subscription fees.
• /add_appointment to send a watch request to the tower. The appointment consists of a locator that is used to locate the revoked commitment transaction on the blockchain and the encrypted penalty transaction that the tower should broadcast in case of breach. The tower won't be able to decrypt the penalty transaction unless it has found the revoked transaction on the blockchain.
• /get_appointment to request a previously sent appointment to the tower. This is crucial to assure that the tower doesn't be lazy and delete appointment to free up some space.
• /get_subscription_info to know how much of the subscription is left so you decide whether to top-up your registration/subscription.

It's really hard to craft http requests and send it to the tower say using something like curl. There is an open PR right now that will add a new crate to the project, namely, watchtower-client. It is a Core Lightning plugin that will send your appointments to the tower in your behalf on each commitment transaction revocation.

This way, you can make your lightning transactions and go on a vacation feeling safe. That said, it's recommended to register with more than one tower and give them the same appointments. It's redundant but more failure proof.