A woman peers out from a watchtower.
Below her, hundreds of people are walking the streets of a bustling marketplace. She has one power: If a vendor tries to cheat a buyer or vice versa, she pushes a button, instantly notifying the innocent party. Once the swindle is known, the victim can zap the cheater, retrieving his or her funds and even penalizing extra for bad behavior.
Not simply abstract, though, the scene displays how a crucial part of bitcoin’s Lightning Network, a complex transaction relaying layer still being built, is supposed to work.
Thought of as bitcoin’s best hope for increasing its transaction capacity and reducing user costs, Lightning has been getting significant attention of late from both users and developers, but some are now even starting to tackle more advanced components of the network.
Among the first to see development is this “Watchtower” concept, which is being spearheaded in part by Olaoluwa “Laolu” Osuntokun, the co-founder of startup Lightning Labs (one of several working on the technology) and one of the nascent network’s more respected developers.
In an interview, Osuntokun revealed to CoinDesk that Lightning Labs is working on an “initial” watchtower implementation, whereby the role of watching a channel for fraud would be outsourced to certain entities.
“The initial goal post is just to get a basic system up without any sort of compensation to get the ball rolling,” Osuntokun said.
Yet, the “end goal” is wider than that. Osuntokun hopes to launch a “marketplace” on top of the Lightning Network that would help match users, willing to pay small fees, with these watchtowers, as well as provide other services that help the network run.
Osuntokun continued, saying:
“They should be incentivized. If they’re paid for the data they’re storing, that’s a pretty strong incentive. I feel like anyone that wants to outsource to watchers should be able to.”
From the watchtower
More broadly, the Watchtower concept stems from the potentially burdensome nature of the Lightning Network’s dispute mechanism.
While Lightning transactions are instant, if there’s a dispute – say if a fraudster tries to broadcast a transaction which effectively steals money from another user – the defrauded user has time to oppose the transaction. But for users to catch this kind of fraud, they’d have to be watching their Lightning accounts diligently.
Speaking to this in one of the most in-depth lectures on the topic of watchtowers, Lightning Network co-author Tadge Dryja summed up the issue well, stating:
“The price of scalability is eternal vigilance.”
But if the Lightning Network becomes the go-to channel for everyday bitcoin transactions, this vigilance would become quite burdensome. As such, the Watchtower concept allows users to outsource the “eternal vigilance” to other entities, who will send users a message should something look awry.
To some, this setup might sound odd. After all, the Lightning Network is being built to mirror the “trustless” properties of bitcoin, whereby users don’t need to rely on a single entity to, say, validate or secure their transactions.
But Osuntokun and other Lightning developers envision a distributed system where users can connect to as many watchtowers as they want at once. In this way, users aren’t trusting one entity and can limit potential hazards associated with trusting just one entity.
If just one of them is trustworthy, the system should work, Osuntokun said.
Another step developers plan to look into in the long term, he said, is making both components – the marketplaces and the watchtowers – invisible to bitcoin users.
“Ideally within our application, this is all abstracted away from the end user,” Osuntokun said, though he added the goal is still to make it easy for “power users” with more tech experience to construct and run their own towers.
All Osuntokun’s work on watchtowers is notable, showing they’re a crucial step for preparing lightning for a live implementation on bitcoin. Yet, it’s worth noting the concept hasn’t been added to Lightning’s “specifications,” which describe the technicals of how the network works.
Indeed, the thinking on this topic is so new, not everyone agrees on how to deal with certain hurdles. Firstly, developers are trying to make the watchtowers more scalable.
For example, say a watchtower wants to monitor more than one channel, maybe thousands or millions of channels at the same time. Depending on how many channels a watchtower decides to monitor, this database could be larger than the entire bitcoin blockchain itself, which already causes syncing and storage issues today.
With that in mind, Osuntokun is trying to build a better, easier to manage watchtower system, the research into that being revealed at his “Hardening Lightning” presentation at the Stanford blockchain conference in January.
“One goal is to make outsourcers more scalable so they can service more clients,” he told CoinDesk.
Toward that goal, Osuntokun proposed a new scheme that would allow watchtowers to store less data for the same security and is pushing for a new bitcoin “opcode” that make Lightning data simpler. Though bitcoin’s development process is a slow one, Osuntokun hopes the feature can be added by the end of the year.
Beyond scalability, there’s another piece of watchtowers under discussion – participant incentives.
While Osuntokun mentioned the free marketplace, other developers aren’t sure about how best to structure the system to create the best incentives.
Dryja, for instance, argued that the Watchtower concept doesn’t really need a fee structure. That’s partly because he thinks only one honest watchtower is needed to keep the network safe.
“One altruistic node defending the whole network would be fine,” he said, during the Stanford talk. “Someone will do it.”
He went on to argue that if only one watchtower needs to provide honest information, that’s good for the security of Lightning as a whole. And in actuality, it wouldn’t be surprising if many users run honest watchtowers.
Yet, Dryja continued, arguing that if lightning actually works in practice, the watchtowers will rarely have to punish bad actors anyway, because those that break the rules, will lose money.
Adding to that, Dryja said:
“I think invalid channel closes will be pretty much impossible. That’s sort of the fun aspect of this. The risks are so high, and the gains are so small.”