Open TheBlueMatt opened 4 years ago
I've had a quick skim on #404, I think external signer support could be also extended to key_storage in ChannelMonitor, make Storage some kind of abstract interface too.
Indeed, I haven't started playing with it in the ChannelMonitor context, cause that's quite a different thing (eg you may just do it in the "watchtower" mode), but that would have to come eventually.
Here are some design considerations to think about. I'm mostly motivated by the goals of the Lightning Signer project, which defines an API and reference implementation in Rust for external Lightning signers that will interface with any node implementation. The project maintains a comprehensive list of policy controls that are required in order for the external signer to secure funds even if the rest of the node software is compromised by an attacker.
Here are some design constraints on the external signer:
Given the above constraints, here are some plausible design choices:
There are a series of PRs that are working towards this goal, including https://github.com/rust-bitcoin/rust-lightning/pull/658.
Some open questions:
ChannelKeys
API to be stateful. This means that we are losing the original stateless design. Do we still want that design for implementations that don't want to use an external signer, or for use as a utility for external signers?Part of this work is to pass around the semantic transaction rather than the Bitcoin transaction. This will allow a higher level of assurance that all relevant aspects of the transactions were checked for policy violations in the signer.
Dropping the milestone because I dunno if we need to tie any RL releases to this. It can continue to happen as lightning-signer moves forward.
404 is starting a signing API, which should support hardware wallets and have some guarantees about what the external signer can enforce on the library in terms of what its willing to sign. Lots of work to be done here, but first we've gotta not have any access to private keys except through the API.