Eltoo
Eltoo is a proposed enforcement layer for LN that allows any later channel state to replace any earlier channel state. Although eltoo can be used with a penalty mechanism similar to the one used with existing LN channels, eltoo doesn’t need the penalty mechanism in order to be secure.
If eltoo is used without a penalty mechanism, there’s no harm in publishing an old state, except that it costs transaction fees to publish. This makes it less dangerous to try to restore an LN node from a backup after a sudden failure or some other problem. It also makes it much simpler for three or more parties to open a single LN channel together, enabling features such as channel factories.
Another consequence of LN channels without penalties is that LN nodes using eltoo only need to store the latest state. For certain devices that lack large amounts of persistent storage (for example, hardware wallets), they may not be able to store enough data to effectively use penalty-based LN—but as long as they can store a few kB, they should be able to use eltoo-based LN.
Primary code and documentation
Optech newsletter and website mentions
2022
2021
- Summary of LN developer conference, including discussion of eltoo
- LN PTLC proposal providing some of the same benefits of eltoo without a soft fork
- Inherited identifiers proposal with an alternative channel commiment mechanism to eltoo
- Eltoo demo implementation with new blog post overview
2020
- Using attacks like transaction pinning and selective relay against eltoo
- Upgrading LN commitment formats, including for eltoo
- Impact of SIGHASH_NOINPUT and eltoo on LN backups
- Implementing statechains without eltoo
- Modification to
SIGHASH_ANYPREVOUTANYSCRIPT
to improve eltoo flexibility
2019
- Eltoo demo implementation
- SIGHASH_ANYPREVOUT proposal compatible with Eltoo
- Optimization for Eltoo-based payment channels
2018
See also
Previous Topic:
Eclipse attacks
Next Topic:
Erlay