🧙♂️
Did you know it’s technically possible for your lightning channel partner to attempt to steal money that is supposed to belong to you?
Let me explain how that’s possible and why they likely won’t try it 👇
Did you know it’s technically possible for your lightning channel partner to attempt to steal money that is supposed to belong to you?
Let me explain how that’s possible and why they likely won’t try it 👇
To understand why this is possible we need to understand how payments are made over lightning channels.
Let’s imagine Alice opens a 100,000 sat channel with Bob by funding a 2-of-2 multisig address that can only be spent from using both Alice and Bob’s signature.
Let’s imagine Alice opens a 100,000 sat channel with Bob by funding a 2-of-2 multisig address that can only be spent from using both Alice and Bob’s signature.
Before Alice locks her funds in the multisig they create a commitment tx that spends from the multisig address sending Alice her 100,000 sats and 0 sats to Bob.
She gets Bob to sign it but doesn't broadcast it so she can get her money out of the multisig if Bob disappears.
She gets Bob to sign it but doesn't broadcast it so she can get her money out of the multisig if Bob disappears.
As payments are made over the channel, these commitment transactions are how the balance of who is owed what is maintained.
This means at any time either party can broadcast the latest commitment tx to the chain and both parties will receive exactly what they are owed.
This means at any time either party can broadcast the latest commitment tx to the chain and both parties will receive exactly what they are owed.
Whenever a payment is made over the channel they need to agree on a new commitment transaction that reflects the new state.
For example, if Alice wants to send 10,000 sats to Bob they will construct and sign a new commitment tx that has 90,000 to Alice and 10,000 to Bob.
For example, if Alice wants to send 10,000 sats to Bob they will construct and sign a new commitment tx that has 90,000 to Alice and 10,000 to Bob.
If Alice then wants to send another 15,000 sats to Bob they construct yet another commitment transaction that has 75,000 to Alice and 25,000 to Bob.
This process continues until the channel is closed.
So how can Alice try to take money that is supposed to be owned by Bob?
This process continues until the channel is closed.
So how can Alice try to take money that is supposed to be owned by Bob?
Because each of these commitment transactions are signed and can be broadcast at any time to the network, Alice could try to broadcast any of the old commitment transactions where she had more money than she does now. These are all valid transactions the network would accept.
So how does the lightning network prevent Alice from doing this?
Each commitment tx includes an extra spending condition that allows the other party to take ALL of the funds in the channel if they know the revocation secret.
Each commitment tx includes an extra spending condition that allows the other party to take ALL of the funds in the channel if they know the revocation secret.
Before signing a new commitment tx you must make sure to obtain your channel partner's revocation secret for the previous transaction.
Once obtained you know that if your counter-party broadcasts the previous state you will be able to use the secret to take all of their funds.
Once obtained you know that if your counter-party broadcasts the previous state you will be able to use the secret to take all of their funds.
The risk of losing all of their funds keeps someone from trying to broadcast an old state that pays them more money than they are truly owed.
I hope this helps you better understand the mechanics of the lightning network. Please let me know if you have any questions below!
I hope this helps you better understand the mechanics of the lightning network. Please let me know if you have any questions below!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
