Last week’s article dealt with Turbo Channels. Today, I’ll cover Hosted Channels, another kind of channels that seek to enhance the Lightning channels UX while staying in line with the specification and mitigating the required tradeoffs.
Not on-chain enforceable channels
The big difference between a hosted channel and a regular Lightning channel is that the former is not enforceable on-chain, simply because there is no channel opening transaction to spend from. That’s right, hosted channels are not opened using a Bitcoin transaction. There is no funding transaction. Instead, there is a certain level of trust between the client and the host of the channel.
Indeed, the two participants of a hosted channel are not equal:
- the host provides the channel, with liquidity on their side,
- the client enjoys access to the Lightning Network using the Host’s channel(s) and can receive right away because the funds are on the host’s side.
In reality, the money never actually leaves the host’s side, even after some transactions occur. Hosted channels are therefore a certain type of custodial channels. Once some satoshis have been received on the hosted channel (and the host therefore owes them to the client), the client must trust the host not to exit scam with the funds. So what’s the matter? Why are hosted channels worth mentionning?
Trust is a spectrum
I’ve had some trouble myself grasp what makes hosted channels any more interesting than regular custodial wallets such as Wallet of Satoshi. What truly helped me figure it out was this very insightful discussion between Matt Odell, Anton Kumaigorodski, fiatjaf and Eric Sirion during the episode 45 of Citadel Dispatch. I really recommend giving it a listen (the actual discussion I mention lasts around 15 minutes, from 13:30 to 28:00), but I’ll sum it up in the following lines anyway1).
When you use a custodial wallet such as Wallet of Satoshi, the wallet provider takes care of everything. Your balance says 10,000 sats, but in reality the sats are in one of the wallet provider’s channel. If you receive a payment, it’s actually the wallet provider that receives it and increment you balance accordingly. When you send a payment, you just ask the wallet provider to send a payment on your behalf, and it is the wallet provider that will calculate the route to your recipient and actually process the payment. There is therefore a lot of trust between you and the wallet provider, and a lot of ways in which this trust can be abused.
Imagine that you want to receive a payment. In a completely custodial wallet, the invoice is actually crafted by the wallet provider. When the payment completes and the funds are received, the wallet provider should increase your balance of the amount of the payment. But they could very well tell you that the payment failed, let your balance as is and pocket the funds for themselves. That’s effectively stealing from you, and you have no way of detecting it. Even if the person that pays you insists on the fact that the payment went trough, showing you that they have the preimage, you have no way of telling who tells the truth between them and your wallet provider, because the invoice was generated by the wallet provider and you therefore do not know the associated preimage.
When you use a custodial wallet that leverages hosted channels (such as Simple Bitcoin Wallet (SBW) for example), things are a bit different but the UX remains the same: you’re able to receive and send sats on Lightning almost for free2. The sats that are displayed as yours on the app are still on the side of the host, so its equivalent to the situation with Wallet of Satoshi. But because your wallet acts as a light Lightning node, receiving and sending payments is much more private and secure.
Let’s consider again the case where you want to receive a payment. This time, you are the one crafting the invoice, not the wallet provider. Therefore, the wallet provider cannot receive the payment and pretend like it didn’t, because it needs to get the preimage from you in order to unlock the HTLC from the previous hop.
On the other hand, if you send a payment, the only way for the host to unlock your HTLC is to give you a valid preimage for the payment, like in any regular payment routing. It can therefore not cheat on you by pretending the payment worked while they kept the funds to themselves.
Another interesting aspect of hosted channels compared to regular custodial channels is privacy. As I stated before, when you send a payment using a custodial wallet such as Wallet of Satoshi, the wallet takes care of calculating the route and therefore knows everything about the payment, from the amount to the destination. With hosted channels, the route is calculated locally by the client, and the host only acts as a hop along the way (but please note that the host knows that the payment comes from the client).
Finally, because things are conducted on a hosted channel as they are on a regular channel, the host and the client exchange cross-signed channel state data (the hosted channel equivalent to commitment transaction). The user therefore has some kind of cryptographic proof regarding what the host owes them, which is absolutely not the case for traditional custodial wallets.
TL;DR: with hosted channels, if a user gets fucked, they can prove it.
Finally, hosted channels exhibit an interesting property. Although they are custodial, they can be provided by other entities than the wallet provider. You can for example have a hosted channel where fiatjaf is the host, inside your SBW app. It decorelates the channel and funds custody from the app and the information it displays. In my opinion, this can add strong guarantees and funnel the emergence of a wide, reputation-based hosted channels marketplace.
One last interesting thing with hosted channels is that they can be publicly announced to the network. Other peers can therefore use your hosted channel without additionnal trust. In fact, they don’t even need to care wether the channel is a hosted or a regular one: in case of a problem, their funds would not be affected. To paraphrase what Anton says in the podcast, a hosted channel requires trust between two peers of the network at the protocol level, but then, if the channel is public, other peers on the network can leverage this channel without additional trust.
Hosted channels are custodial channels. They are not enforceable on-chain. But among all the custodial solutions, they appear to me as the least worst. They allow to onboard new users on Lightning at a very low cost, since it is not necessary to actually publish a channel funding transaction. Of course, they require much more trust than Turbo Channels, but in the same time they fix one of the main issues of this kind of channels: the upfront cost required to join the Lightning Network.
Also feel free do donate some sats to Citadel Dispatch. In my opinion it is one of the best shows on Bitcoin currently available, and is completely free of ads and sponsors. ↩︎
You must pay routing fees, but the channel opening is free, since no Bitcoin transaction is published. This contrats with non custodial solutions using Turbo Channels (such as Phoenix), where the user pays for the channel opening. ↩︎