Damus
brugeman · 23w
I mean if keys can't be extracted and operator just kills the enclave then keys are gone and LN node's channels are force closed and node's sats are gone with the keys and operator gets no benefit fro...
Repeatedly nuked profile profile picture
Ah right, my understanding is that even if the node were birthed in the enclave the bitcoin would return to on-chain in case of force close. If the node is destroyed before a force close event can be sent, and also no backup was obtained (a problematic setup in itself), then I think any of the destroyed node's past outside peers can still initiate the force close and the bitcoin is still released on-chain. And the malicious operator would be behind one of those peers. I have to defer to a lighting dev on this, but the gist of my understanding is that the operator in this scenario is always going to have *some* way to access the bitcoin on-chain if the node is destroyed. Who here would be good to ask this I wonder?
brugeman · 23w
Channel peers could try to broadcast old channel state, but there are watchtowers for that, and you can just code it to use reputable LSP. My wallet uses phoenixd, I'm pretty sure Asinq won't try to benefit from my channel if the enclave terminates.