juraj on Nostr: A suggestion for acinq's phoenixd. Allow creating a special channel that requires ...
A suggestion for acinq's phoenixd.
Allow creating a special channel that requires acinq's side to sign the channel state that decreases the balance in the channel only with additional key. And allow the commitment transaction's destination address to be on HW wallet (say xpub).
This way:
- phoenixd running as a hot wallet to receive payments (hopefully soon in BtcpayServer) can only receive payments (while paying fees of course).
- for sending, additional signature is needed (this could be a key signed message, possibly with hw wallet integration later)
- broadcasting latest commitment transaction is possible, but it will not end up at backup seed derived wallet, but on the hardware wallet of the owner.
This way:
- hacking of machine where phoenixd resides is not catastrophic. Hacker can broadcast last state (commitment transaction), old state should not be saved. This will end up with the funds safely arriving in the hw wallet eventually.
- an attacker can only receive to the phoenixd, but not send. For sending, a cold wallet key is required. Phoenixd has all the keys to sign new states, but acinq would not sign a new state that would decrease the channel balance without a third key.
Please ?!?
Allow creating a special channel that requires acinq's side to sign the channel state that decreases the balance in the channel only with additional key. And allow the commitment transaction's destination address to be on HW wallet (say xpub).
This way:
- phoenixd running as a hot wallet to receive payments (hopefully soon in BtcpayServer) can only receive payments (while paying fees of course).
- for sending, additional signature is needed (this could be a key signed message, possibly with hw wallet integration later)
- broadcasting latest commitment transaction is possible, but it will not end up at backup seed derived wallet, but on the hardware wallet of the owner.
This way:
- hacking of machine where phoenixd resides is not catastrophic. Hacker can broadcast last state (commitment transaction), old state should not be saved. This will end up with the funds safely arriving in the hw wallet eventually.
- an attacker can only receive to the phoenixd, but not send. For sending, a cold wallet key is required. Phoenixd has all the keys to sign new states, but acinq would not sign a new state that would decrease the channel balance without a third key.
Please ?!?