Watchtower

The core function of a watchtower is to automatically detect and submit fraud proofs to the blockchain if a counterparty attempts to broadcast an old, revoked state. This action penalizes the cheating party by allowing the victim to claim the entire channel balance.

• Mechanism: The watchtower scans new blocks for transactions spending a specific revoked commitment transaction.
• Action: Upon detection, it immediately broadcasts a justice transaction, which is time-sensitive and must be included before a deadline.

To preserve user privacy, watchtowers use blinding techniques. They store encrypted data necessary to construct a justice transaction without knowing the actual channel details or the user's identity.

• How it works: The client provides data encrypted with a secret that is only revealed if a fraud attempt is detected on-chain.
• Privacy Benefit: The watchtower cannot steal funds or learn about the user's channel activity unless fraud occurs.

Watchtowers enable asynchronous punishment, allowing users to go offline indefinitely without risk. The service acts as a persistent guardian, enforcing the channel's security rules on the user's behalf long after a channel is closed.

• Key Concept: Security is decoupled from constant online presence.
• Use Case: Essential for mobile wallets or nodes with intermittent connectivity, ensuring they remain protected against breach attempts.

Interaction between a user's node (client) and a watchtower is governed by a specific protocol, such as the Watchtower BOLT in the Lightning Network. This defines the format for session negotiation and data upload.

• Session Establishment: A client creates a session with a tower, agreeing on terms and payment.
• State Updates: The client periodically sends encrypted justice transactions and revocation data for each new channel state.

Watchtowers are typically run as incentivized services. Operators charge fees to cover operational costs and profit, aligning their economic interest with providing reliable service.

• Fee Structures: Can be a one-time session fee, a per-update fee, or a success fee upon submitting a justice transaction.
• Trust Assumption: The model ensures the watchtower is financially motivated to stay online and monitor the chain diligently.

Several implementations exist within the Lightning Network ecosystem, providing this critical infrastructure layer.

• Lightning Network Daemon (LND): Has a built-in watchtower client and supports compatible server implementations.
• Eye of Satoshi: A popular, standalone watchtower server implementation.
• Neutrino: Light clients can use watchtowers for security without needing a full node.

A watchtower's primary role is to continuously monitor the Bitcoin blockchain for breach remedy transactions broadcast by a malicious counterparty. If a user is offline and their channel partner attempts to close the channel with an outdated, revoked state, the watchtower can automatically broadcast the necessary justice transaction to penalize the cheater and return funds to the victim.

• Monitors for: State breaches, old commitment transactions.
• Key Action: Submits a penalty transaction to claim the cheater's funds.

Watchtowers are economically incentivized to perform their duty correctly. The standard model involves sweeping the penalty.

• How it works: The justice transaction crafted by the watchtower includes an output that pays a fee to the watchtower itself from the penalized funds.
• No upfront cost: Users typically do not pay unless the watchtower successfully defends them, aligning incentives.
• Alternative models: Some implementations may use subscription fees or service-level agreements.

To protect user privacy, modern watchtowers use a client-side encryption protocol. The user provides encrypted data, not plaintext transaction details.

• What the watchtower sees: Only an encrypted blob and a specific breach transaction ID (txid) to watch for.
• What it cannot see: The user's identity, channel counterparty, or the specific penalty transaction until the breach occurs.
• Protocols: Implementations like The Eye of Satoshi and Lightning Network's wtclient use this blinded approach.

Using a watchtower introduces specific trust assumptions, though they are minimized.

• Reliability: The user must trust the watchtower is online and monitoring when a breach occurs.
• Honesty: The watchtower must not collude with the cheating counterparty.
• Decentralization: The ecosystem is more robust with multiple, independent watchtower operators. Users can delegate to several watchtowers simultaneously for redundancy, a practice known as watchtower delegation.

The watchtower's power comes from the penalty mechanism built into the Lightning protocol.

• Revoked State: When a channel state is updated, the old state is revoked, giving the other party a revocation secret.
• Breach Remedy Transaction: A cheater who broadcasts an old state reveals this secret.
• Justice Transaction: The watchtower (or user) uses this secret to create a transaction that can take all funds from the cheater's channel balance as a penalty, a concept known as punitive justice.

In this common model, a user delegates watchtower duties to a specialized service provider before going offline. The process involves:

• State Sharing: The user provides encrypted, partial transaction data (a justice transaction) to the watchtower.
• Continuous Scanning: The watchtower scans new blocks for the user's revoked state.
• Automated Penalty: If fraud is detected, the watchtower broadcasts the justice transaction to claim the offending party's entire channel balance as a penalty.

Commercial entities offer Watchtower-as-a-Service, providing robust, high-uptime monitoring for a subscription fee or a percentage of the penalized funds. This model ensures professional-grade security and reliability, making payment channels viable for non-technical users and enterprises. It creates an economic incentive for watchtower operators to maintain honest, highly available nodes.

Watchtower design must solve for trust minimization. Key mechanisms include:

• Blinded Data: Users share only the data needed to punish fraud, not their full channel state.
• Slasher Fees: Watchtowers are paid from the penalty they claim, aligning their incentive with the user's security.
• Reputation Systems: Users may choose watchtowers based on historical reliability and uptime, creating a market for honest service.

Specific protocols standardize watchtower communication. Notable examples include:

• Eltoo: A proposed Lightning upgrade using SIGHASH_NOINPUT that simplifies watchtower logic by needing to monitor only for the latest state.
• Altruistic Watchtowers: Some implementations run as a public good to strengthen the overall network, though they may lack the same economic guarantees as commercial services.

The watchtower concept extends to generalized state channels for complex applications like gaming or decentralized exchanges. Here, watchtowers must monitor for invalid state transitions, not just payment balances. This requires more complex fraud proofs but follows the same core principle: delegated, incentivized surveillance to secure off-chain activity.

State channels are a generalized Layer 2 scaling technique where participants lock funds on-chain and then conduct numerous transactions off-chain, only settling the final state on the base layer. Watchtowers provide a security-as-a-service model for these channels. They vigilantly watch for fraud proofs, which are cryptographic evidence that a participant is trying to cheat by submitting an invalid prior state.

A fraud proof is a piece of cryptographically verifiable data that demonstrates a protocol rule has been violated. In the context of watchtowers, this is typically a signed transaction from a malicious counterparty attempting to close a channel with an old state. The watchtower's core function is to detect and automatically submit this proof to the blockchain, triggering a punishment transaction that penalizes the cheater.

A punishment transaction (or justice transaction) is the on-chain action taken by a watchtower upon detecting fraud. If a user's counterparty broadcasts an old channel state, the watchtower uses a pre-signed transaction to claim all the funds in the disputed channel for the victim. This severe economic disincentive is the primary mechanism that secures off-chain protocols, making cheating financially irrational.

Data availability refers to the guarantee that the data needed to validate a blockchain's state is published and accessible to all participants. For watchtowers, this is a fundamental requirement. They must have reliable access to the blockchain's mempool and confirmed blocks to monitor for fraudulent transactions. Solutions like data availability committees or data availability layers can enhance the reliability of this critical data feed.

Delegated custody in watchtower design refers to a user granting limited, time-bound authority to a third-party service to act on their behalf. The user delegates the ability to submit a specific punishment transaction but does not give up control of their private keys. This creates a trust-minimized model where the watchtower can perform its security function without having direct custody of the user's funds.