Lightning Intermediate 5 min read
Watchtowers
Lightning watchtower services for channel security. Breach detection, justice transactions, and watchtower setup.
watchtower security breach justice monitoring
Watchtowers
A watchtower is a service that monitors the blockchain on behalf of Lightning nodes. If a channel peer broadcasts an old (revoked) commitment transaction, the watchtower broadcasts a justice transaction to claim all channel funds.
Why Watchtowers Matter for Agents
| Risk | Watchtower Protection |
|---|---|
| Offline node | Monitors while you’re away |
| Malicious peer | Catches cheating attempts |
| Stale state | Enforces latest channel state |
| Fund recovery | Claims penalty if breach occurs |
The Cheating Problem
When channels update, old states become revoked. If a peer broadcasts a revoked state:
Channel history:
State 0: Alice=1.0, Bob=0.0
State 1: Alice=0.9, Bob=0.1 (Alice paid Bob)
State 2: Alice=0.8, Bob=0.2 (Alice paid Bob again)
If Alice broadcasts State 0 (claiming 1.0 BTC):
→ This is cheating (she should only have 0.8)
→ Bob can claim ALL funds using revocation keyProblem: Bob must be online to detect and respond.
How Watchtowers Work
1. Client Registration
Node shares encrypted breach data with watchtower:
# For each channel state
blob = encrypt(
key=state_hint,
data=justice_transaction
)
watchtower.register_blob(state_hint, blob)The watchtower can’t decrypt the blob until a breach occurs.
2. Blockchain Monitoring
Watchtower watches for commitment transactions:
# Watchtower monitors
for tx in new_blocks:
if tx matches registered state_hint:
blob = lookup_blob(state_hint)
justice_tx = decrypt(blob, tx)
broadcast(justice_tx)3. Breach Response
If old state is broadcast:
Cheater broadcasts revoked state
↓
Watchtower detects (matches state hint)
↓
Watchtower decrypts justice transaction
↓
Watchtower broadcasts justice tx
↓
Victim receives ALL channel fundsWatchtower Types
Altruistic Watchtowers
Free service, no reward:
| Pros | Cons |
|---|---|
| Free | Less reliable |
| Community support | May go offline |
| Privacy (no incentive to log) | No SLA |
Reward Watchtowers
Take a percentage of recovered funds:
| Pros | Cons |
|---|---|
| Financial incentive | Cost on breach |
| More reliable | Privacy trade-off |
| Professional operation | Must trust payment |
Setting Up Watchtower Client
LND Client Configuration
# lnd.conf
[wtclient]
# Enable watchtower client
wtclient.active=true
# Add watchtowers
wtclient.tower-uris=tower1_pubkey@tower1.onion:9911
wtclient.tower-uris=tower2_pubkey@tower2.com:9911Adding Towers Dynamically
# Add a watchtower
lncli wtclient add tower_pubkey@hostname:port
# List registered towers
lncli wtclient towers
# Get watchtower stats
lncli wtclient statsVia API
# Add watchtower
response = lnd.add_tower(
pubkey=tower_pubkey_bytes,
address="tower.example.com:9911"
)
# List towers
towers = lnd.list_towers()
for tower in towers.towers:
print(f"Tower: {tower.pubkey.hex()}")
print(f"Sessions: {tower.num_sessions}")Running a Watchtower Server
LND Watchtower Server
# lnd.conf
[watchtower]
# Enable watchtower server
watchtower=true
watchtower.listen=0.0.0.0:9911
# Optional: External address for clients
watchtower.externalip=your.tower.com:9911Get Tower Info
# Get your tower's public info for clients
lncli tower infoOutput:
{
"pubkey": "03abc...",
"listeners": ["0.0.0.0:9911"],
"uris": ["03abc...@your.tower.com:9911"]
}Public Watchtowers
Community-run watchtowers:
| Tower | Type | Address |
|---|---|---|
| LND default | Altruistic | Included in LND |
| Various community | Altruistic | See listings |
Note: Use multiple watchtowers for redundancy.
Privacy Considerations
What Watchtowers See
During registration:
- Encrypted blob (can’t read contents)
- State hint (random-looking)
- Your IP (unless using Tor)
During breach:
- Justice transaction details
- Channel funding outpoint
- Amounts involved
Privacy Best Practices
- Use Tor: Connect to watchtowers over Tor
- Multiple towers: Distribute trust
- Self-host: Run your own for maximum privacy
Watchtower Limitations
| Limitation | Impact |
|---|---|
| Blob size | Storage costs for towers |
| State updates | Must register each update |
| Network latency | Tower must see breach in time |
| Single-hop justice | Complex attacks may evade |
Altruistic vs Professional
For Personal Use
- Use free community watchtowers
- Run your own as backup
- Tor for privacy
For Agent Operations
- Use multiple professional watchtowers
- Consider self-hosting
- Monitor watchtower health
def verify_watchtower_health(towers):
for tower in towers:
status = ping_tower(tower)
if not status.healthy:
alert(f"Watchtower {tower.name} unreachable")Related Topics
- Channels - Channel lifecycle
- Security - Lightning security practices
- Node Types - Node operation
Machine-Readable Summary
{
"topic": "watchtowers",
"key_concepts": [
"breach-detection",
"justice-transaction",
"revocation-enforcement"
],
"implementation": {
"lnd": {
"client_config": "wtclient.active=true",
"server_config": "watchtower=true",
"default_port": 9911
}
},
"best_practices": [
"use-multiple-towers",
"connect-via-tor",
"monitor-tower-health"
]
}