For Lightning nodes (especially nodes set up explicitly for earning money routing payments) to work properly, they should have the signing keys for their part of the 2-of-2 multisig script available to their node at all times in order to sign.
This makes it nearly impossible for someone to run a 24/7 lightning node using cold keys without sacrificing transaction throughput to the speed a human can perform their cold signing steps.
This BOLT is meant to create a safe way for Lightning node operators to prevent loss of funds due to security breaches on their node's hardware.
TODO
A node SHOULD allow the maintainer to set a master public key (below: mpk) and use public key derivation from that mpk to generate the payment-basepoint delayed-payment-basepoint pubkeys used in channel creation.
A node that follows this BOLT MUST allow for an interface for signing transactions offline (exporting and importing unsigned/signed transactions) OR hardware key management devices (Trezor, Ledger, etc.) for coins that have settled as a balance resulting from a closed channel.
A node that follows this BOLT MUST allow for an interface for importing an external transaction for the funding process (that it will hold while waiting for funding steps to complete.) so that people can fund a channel using a transaction that was signed using offline signing.
In order for normal users to create nodes with large capacity channels, there needs to be a method for people to securely fund, and secure funds that are closed from the channel.
The main risk to be avoided with this BOLT is the case when the machine running the Lightning node is compromised and all private keys on the machine are known to an attacker. If the outputs are set to pubkeys of cold storage, and the funding has come from a cold outside source, there will then at no point be any funds available to the holder of the private key(s) stored on the node.
If an attacker was successful in compromising both sides of a given channel, the channel funds would be able to be stolen.
This work is licensed under a Creative Commons Attribution 4.0 International License.