Good morning Margherita,
> In case of a breach while node A is offline, can the Watchtowers do anything?
> In my solution, the function of backup is not destinated to substitute the
> first function of the watchtower, that is monitoring the status channel, but
> instead, the backup option can be considered as a sort of additional feature.
Watchtowers being designed currently are keyed to a txid, whose appearance
onchain triggers the watchtower behavior.
Your scheme is keyed on a node public key.
There is an immediate incompatibility here.
The reason why txid is used, is to protect privacy of the node.
The watchtower has no identifying information, and cannot have identifying
information.
The txid is for a transaction that is not broadcast (except in a breach
attempt), so the watchtower cannot identify the node using it at all.
This can be important, since a hack of the watchtower might give the hackers
the ability to find nodes that could be vulnerable and possibly targetable for
attack.
Distributed backup may be better implemented using standard techniques such as
DHT.
> How does this scheme protect the privacy of a node?
> This scheme protects the privacy of the node because the payload contained
> the information of status channel and nonce-time are encrypted on the public
> key of A. So the watchtowers cannot decrypt the payload and modify it (e.g.
> with a higher nonce value as you wrote) since just A has the own private key.
>
> If you refer that another node can personify A and send the payload to a
> watchtower, this is not possible since the payload has to contain the
> channel_id between A and the specific watchtower, and this information is not
> known by the other node of the network. So, A can discover a malicious
> activity because that channel_id is not correct.
It is indeed possible, and the `channel_id` is immaterial.
All an attacker has to do is corrupt the backup data, not replace it with data
that is favorable to it.
With corrupted backup data, the operation of A is doomed and irrecoverable,
especially if private keys or even just derivation paths are part of the
backed-up data.
> Please note also, that you cannot make a single channel with multiple peers;
> [...]
> As regarding the channel, If A has three watchtowers, it has to have three
> distinct payment channels. Every watchtower is independence from the others.
Then why is the watchtower keyed to the node? Should it not be keyed to
something that is distinct for each payment channel?
Regards,
ZmnSCPxj
_______________________________________________
Lightning-dev mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
