Open: BNT-10 - (All along) the IC Watchtower

Developers Bounties
1

Overview

Status: Paused
Project Type: Cooperative/Contest - Multiple workers can submit work and the bounty is shared
Time Commitment: Days - weeks
Experience Level: Intermediate/Advanced
Size: USD 5’000 in ICP (at time of distribution)
Deadline: Open

Description

A payment channel on the lightning network is essentially a 2-of-2 multi-sig contract between parties holding Bitcoin. From the perspective of the blockchain, bitcoin is held cooperatively by the 2 parties while each party maintains a local record of its respective ownership. The 2 parties can cooperate at any time to update their balances as frequently as they see fit without making any on-chain Bitcoin transactions.

As long as both parties sign a closure transaction the channel can be closed in a cooperative manner. However, channels can be closed unilaterally by either party via a commitment transaction. If your node goes offline for an extended period of time, the counterparty may attempt to force close the channel via an outdated commitment transaction.

An IC Watchtower canister would be a tamperproof, high reliability, high availability solution that will constantly monitor the channel state data and submit a penalty transaction should the counterparty maliciously attempt to close the channel with an old state.

Requirements

  • The canister allows for a lightning channel UTXO to be monitored
  • The canister allows for channel state data to be backed up.
  • The canister stores and updates the latest balance of the parties involved
  • The canister is able to read any closure or commitment transaction issued by any of the parties using HTTPS outcalls.
  • The canister is able to submit a penalty transaction should the commitment transaction be malicious.

Acceptance Criteria

  • Service deployed to the Internet Computer
  • Proper Readme, see here
  • Video Pitch/Demo (max. 4min)
  • Open Source license (MIT or Apache-2.0)

Evaluation Criteria

  • Functionality
  • Code quality

How to participate?

Post your submission in thread.
Please be aware that Terms and Conditions of the DFINITY Developer Grants Program apply.

References

5 Likes
2

Hey @domwoe, @timo I’ve been trying to understand this bounty but I’m quite new to the bitcoin ecosystem so it’s a bit challenging for me. Here is my current understanding:

The canister allows for a lightning channel UTXO to be monitored.

The lightning nodes need to register themselves to a watchtower, and for that the watchtower interface has to follow these specs. I guess I could reuse and adapt the code from rust-teos to run it inside a canister, but I struggle to understand how the RPC communication would work between the node and the canister. Is there any example or guide on how to talk with a canister via RPC?

The canister allows for channel state data to be backed up.
The canister stores and updates the latest balance of the parties involved

By channel state you mean the encrypted penalty transaction and locator received for every transaction done via the registred channels right ? Cause I’ve read that the balances are never revealed to the watchtower.

The canister is able to read any closure or commitment transaction issued by any of the parties using HTTPS outcalls.

My guess is using the HTTPS outcalls to browse a bitcoin explorer (e.g. blockstream.info), and then check if any tx id starts with one of the locator stored in the canister.

The canister is able to submit a penalty transaction should the commitment transaction be malicious.

:ok_hand:

1 Like
3

Hi @sardariuss,

awesome, that you want to dive into this.

Here’s an example of how a canister could provide a JSON-RPC interface. You just use the http_request and http_request_update methods.

That makes sense. I haven’t dived deep into the spec myself.

Yep.

1 Like
4

I was hoping this could be detected by contacting the Bitcoin canister and no trusted third party would be required.

This bounty definitely requires a very deep understanding of Bitcoin, lightning and the Bitcoin canister infrastructure available on the IC. It might also be underestimated by an order of magnitude in terms of work required because there are so many details to figure out.

3 Likes
5

Yeah it’s also more complex that what I initialy thought, I could definitely use some guidance.

In the rust-teos implementation, the watcher compares the list of locators with the list of transactions from the last block, this every time a new block is received.

Right now I don’t think it’s possible to directly query bitcoin blocks, I don’t see any method allowing that on the system canister.

I don’t think the faulty commitment transaction will ever appear in the list of the transaction_ids returned by the method bitcoin_get_utxos if we use the public key of the node that subscribed to the watchtower as argument, or ? I guess one should call bitcoin_get_utxos with the multi_sig btc address of the channel instead, but the watch tower does not have this information.

6

Yep, that’s true. The API could be extended to allow that, though. The idea with this bounty was to prototype an advanced use case.

That was indeed the idea. It seems a “watchtower” on the IC would either be incompatible with the privacy-preserving model defined in the spec, or would need to monitor all blocks. You could prototype the latter using HTTPS Outcalls.

1 Like
7

Hey @sardariuss I wonder If you are working on this bounty?

2 Likes
8

Hey sorry I should have posted an update, I’ve chosen to focus on something else for now.

I haven’t produced anything really valuable but I could try to share my notes with you if you’re interested, or even work a bit together if that’s something you want.

For me the main challenge was to be able to make a gRPC request to a canister, so the canister can then follow the spec of the tower and is able to register to the bitcoind teos plugin. When I stopped I was trying to understand how the tonic library is converting an HTTP request to a gRPC request to do the same inside the canister.

3 Likes
9

Thanks for the update @sardariuss . Yeah it would be great if you can share your notes it may help to move forward with it.

2 Likes
10

It’s here, it’s really not much, but I struggled a bit already to get there myself not being familiar with lightning network nor gRPC.

gl&hf and feel free to contact me in direct if you need more info.

4 Likes
11

Sure.Thanks for help @sardariuss.

12

Hey @domwoe here is our proposal for working on this bounty
Proposal for an IC Watchtower Canister

Problem:

Lightning network channels can be unilaterally closed by either party via a commitment transaction. If your node goes offline for an extended period of time, the counterparty may attempt to force close the channel via an outdated commitment transaction.

Solution:

An IC Watchtower canister is a tamperproof, high reliability, high availability solution that will constantly monitor the channel state data and submit a penalty transaction should the counterparty maliciously attempt to close the channel with an old state.

Requirements:

  1. The canister allows for a lightning channel UTXO to be monitored.
  2. The canister allows for channel state data to be backed up.
  3. The canister stores and updates the latest balance of the parties involved.
  4. The canister is able to read any closure or commitment transaction issued by any of the parties using HTTPS outcalls.
  5. The canister is able to submit a penalty transaction should the commitment transaction be malicious.

Implementation:

The IC Watchtower canister can be implemented using the following steps:

  1. Create a canister that can store the following data:
    • The lightning channel UTXO
    • The channel state data
    • The latest balance of the parties involved
    • A cryptographic commitment to the channel state data
  2. Create a function that allows the canister to monitor the blockchain for commitment transactions.
    • This function should use HTTPS outcalls to read any commitment transactions issued by any of the parties.
    • If the function detects a commitment transaction, it should verify the cryptographic signature and check to see if the commitment transaction is valid.
    • If the commitment transaction is valid, the function should update the channel state data and the latest balance of the parties involved.
  3. Create a function that allows the canister to submit a penalty transaction should the counterparty maliciously attempt to close the channel with an old state.
    • This function should use HTTPS outcalls to broadcast a penalty transaction to the lightning network.
    • The penalty transaction should be structured in such a way that it can only be claimed by the canister if the counterparty has attempted to close the channel with an old state.

Technical details:

  • The cryptographic commitment to the channel state data can be implemented using a variety of techniques, such as a hash function or a Merkle tree.
  • The function that monitors the blockchain for commitment transactions can be implemented using a variety of techniques, such as subscribing to a block notification service or periodically polling the blockchain.
  • The function that submits a penalty transaction should the counterparty maliciously attempt to close the channel with an old state can be implemented using a variety of techniques, such as broadcasting a signed transaction to the lightning network or using a watchtower service.

More Details:

  1. Create a new canister project using the Motoko programming language.
  2. In the canister’s source code, create a struct to store the channel state data. This struct should include the following fields:
    • The lightning channel UTXO
    • The latest balance of the parties involved
  3. Create a function to generate a cryptographic commitment to the channel state data. This function can use a variety of techniques, such as a hash function or a Merkle tree.
  4. Create a function to store the channel state data and the cryptographic commitment in the canister’s storage.
  5. Create a function to retrieve the channel state data and the cryptographic commitment from the canister’s storage.

  • Here is a pseudocode example of a function that allows the IC Watchtower canister to monitor the blockchain for commitment transactions and update the channel state data and the latest balance of the parties involved:

    function monitorBlockchainForCommitmentTransactions() {
    // Use HTTPS outcalls to read any commitment transactions issued by any of the parties.
    // This can be done by subscribing to a block notification service or periodically polling the blockchain.
    commitmentTransactions = getCommitmentTransactions();

    // Verify the cryptographic signature of each commitment transaction.
    // This can be done using the IC’s built-in cryptography features.
    for (commitmentTransaction in commitmentTransactions) {
    if (!verifyCryptographicSignature(commitmentTransaction)) {
    // The commitment transaction is invalid.
    continue;
    }

    `// The commitment transaction is valid.

    // Update the channel state data and the latest balance of the parties involved.
    updateChannelStateDataAndLatestBalance(commitmentTransaction);`

    }
    }

  • There are two main ways to monitor the blockchain for commitment transactions:

    Subscribing to a block notification service:

    A block notification service is a service that sends notifications to subscribers when a new block is added to the blockchain. This allows subscribers to be notified of new commitment transactions immediately after they are added to the blockchain.

    To subscribe to a block notification service, the IC Watchtower canister would need to create an account with the service and provide a callback URL. When the service detects a new block, it would send a POST request to the callback URL with the details of the new block.

    The IC Watchtower canister would then need to parse the new block and extract any commitment transactions. Once the commitment transactions have been extracted, the canister can verify their cryptographic signatures and update the channel state data and the latest balance of the parties involved.

    Periodically polling the blockchain:

    Periodically polling the blockchain involves periodically checking the blockchain for new blocks. If a new block is found, the new block is downloaded and parsed to extract any commitment transactions. Once the commitment transactions have been extracted, the canister can verify their cryptographic signatures and update the channel state data and the latest balance of the parties involved.

    The frequency at which the IC Watchtower canister polls the blockchain will depend on a number of factors, such as the desired level of security and the cost of polling the blockchain.

    Which method to choose:

    1. Subscribing to a block notification service is the most efficient way to monitor the blockchain for commitment transactions. However, block notification services can be expensive, especially if the canister needs to monitor a large number of channels.

    2. Periodically polling the blockchain is a less efficient way to monitor the blockchain for commitment transactions, but it is also less expensive. The frequency at which the canister polls the blockchain can be adjusted to balance the cost and security of the system.

    The IC Watchtower canister can be implemented to use either method of monitoring the blockchain for commitment transactions. The choice of method will depend on the specific requirements of the canister.

  • To create the function that allows the IC Watchtower canister to submit a penalty transaction should the counterparty maliciously attempt to close the channel with an old state, we can use the following steps:

    1. Create a function that can generate a penalty transaction.
      • This function should take the channel state data and the latest balance of the parties involved as input.
      • The function should generate a penalty transaction that is structured in such a way that it can only be claimed by the canister if the counterparty has attempted to close the channel with an old state.
    2. Create a function that can broadcast a penalty transaction to the lightning network.
      • This function should take a penalty transaction as input and broadcast it to the lightning network.
    3. Combine the two functions into a single function that can submit a penalty transaction should the counterparty maliciously attempt to close the channel with an old state.

    Here is a pseudocode example of the function:

    `function submitPenaltyTransaction(channelStateData, latestBalance) {
    // Generate a penalty transaction.
    penaltyTransaction = generatePenaltyTransaction(channelStateData, latestBalance);

    // Broadcast the penalty transaction to the lightning network.
broadcastPenaltyTransaction(penaltyTransaction);

    }`

    This function can be implemented using the Motoko programming language. The function should use the IC’s built-in cryptography features to generate and sign the penalty transaction. The function should also use the IC’s built-in networking features to broadcast the penalty transaction to the lightning network.

    Once the function is implemented, it can be used to monitor lightning network channels for malicious closure attempts. If the function detects a malicious closure attempt, it can submit a penalty transaction to the lightning network to protect the canister’s funds.

Security:

The IC Watchtower canister should be implemented with the following security considerations in mind:

  • The canister should be tamperproof. This can be achieved by using the IC’s built-in security features, such as Motoko’s type system and the IC’s consensus mechanism.
  • The canister should be highly reliable and highly available. This can be achieved by using the IC’s built-in reliability and availability features, such as replication and sharding.
  • The canister should be able to detect and prevent malicious activity. This can be achieved by using a variety of techniques, such as signature verification and monitoring for unusual activity.

Comparison to Bitcoin watchtowers:

Bitcoin watchtowers work in a similar way to IC Watchtower canisters. Bitcoin watchtowers monitor the blockchain for commitment transactions and submit justice transactions if the counterparty attempts to close the channel with an old state.

One key difference between IC Watchtower canisters and Bitcoin watchtowers is that IC Watchtower canisters can be implemented in a tamperproof and highly available way using the IC’s built-in security features.

Another key difference is that IC Watchtower canisters can use HTTPS outcalls to read commitment transactions issued by any of the parties. This means that IC Watchtower canisters can be used to monitor lightning network channels that are not hosted on the IC.

Benefits:

The IC Watchtower canister provides a number of benefits, including:

  • Increased security: The canister can help to protect lightning network channels from malicious closure attempts.
  • Reduced risk: The canister can help to reduce the risk of losing funds due to a malicious closure attempt.
  • Peace of mind: The canister can provide peace of mind for lightning network users, knowing that their channels are being monitored and protected.

Cost:

The cost of implementing the IC Watchtower canister will depend on a number of factors, such as the complexity of the implementation and the desired level of security and reliability. However, it is expected that the cost will be relatively low, given the IC’s efficient and scalable architecture.

Conclusion:

The IC Watchtower canister is a valuable tool for lightning network users. It can help to protect channels from malicious closure attempts and reduce the risk of losing funds. The canister is also relatively inexpensive to implement, making it a cost-effective way to improve the security of lightning network channels.

Bounty:

I propose a bounty of USD 5’000 in ICP for the implementation of the IC Watchtower canister.

Timeline:

I propose a timeline of 2 months for the implementation of the IC Watchtower canister.

Team:

Me and Hritwik is interested in implementing the IC Watchtower canister.

Additional Notes:

  • I am open to suggestions for improving the proposal.
  • I am also open to discussing other aspects of the bounty, such as the budget and the timeline.

Thank you for your time and consideration.

3 Likes
13

Hey @Sylvester, I was wondering if you made any progress and still plan to submit something. If not, I might give it another shot.

14

Hey @sardariuss yeah you may give it a shot i got into some other project.

1 Like