Watchtower architecture

[chris-belcher]

A suggestion for the architecture of coinswap software. Possibly an obvious point now that LN is on everyone's minds. Coinswap should use "private watchtowers" (from LN terminology), where they only monitor contracts belonging to a single person. This would help add redundancy to the system, so that one software crash bug doesn't stop the backout transactions being broadcast.

Coinswap and other off-chain schemes introduce a liveness assumption, because there are timed backout paths to the smart contracts. If the software is unable to broadcast the backout transactions in time then all the money locked in a contract could be lost. This could happen for any number of reasons including: power cuts, bugs causing the software to crash, hardware failures, internet blackouts, DDOSing, etc.

It would be good to separate the chain-monitoring and backout-transaction-broadcasting part into another application, called a watchtower, which can be made much more redundant against those failure types. These watchtowers could be run on the same computer as the rest of the coinswap software, and run on multiple different computers in different geographical locations. People running coinswap makers would also have to run at least one watchtower for themselves (which could be just on the same machine, if the person is feeling brave).

Watchtowers don't need to store any private key information, but only the backout transactions. They can use a full node running with blocksonly, -listen=0 and pruning. They'd be lightweight enough to run on raspberry PIs, old hardware or cheap VPSs. They would contain privacy-relevant information if compromised but that's not as bad as losing money, and anyway it depends on the threat model. Once the coinswap server creates a backout transaction it can send it to one or more configured watchtowers, knowing that if the machine running the coinswap server itself fails then those watchtowers can still try to protect the escrowed money.

[chris-belcher]

Actually we can avoid coinswap watchtowers needing to know any privacy-relevant information at all. We can use the same breach hint with encrypted blob trick that LN watchtowers use. This would mean that watchtowers could even run on random VPSes, if they are accessed only through Tor the VPS provider wouldn't learn anything about the coinswaps at all (unless there's a theft attempt and the watchtower needs to take action).