2

Keys for creating lightning channels seem to be derived differently than in usual bitcoin wallets. Lightning node data corruption, despite backup of master seed phrase, seems to prevent recovery of channel keys. How are channel keys currently derived, and why is recovering these keys with a corrupted node extremely difficult?

This question is in response to #3 of the following video (timestamped) https://www.youtube.com/watch?v=5fMv8MpzLgQ&feature=youtu.be&t=143

Shaun
  • 35
  • 3

1 Answers1

3

While I have experienced the same situation as the person described in the video the information is only partially true.

It is very well described in BOLT 03 how keys are being derived. The general derivation of the keys you are looking fore is described in this formula:

privkey = basepoint_secret + SHA256(per_commitment_point || basepoint)

so what you can see is that your secret is added with a per_commitment_point which contains information about the channel state. This is done to increase your privacy and is the reason why lightning nodes need the channel state in order to derive the keys from your seed.

Rene Pickhardt
  • 11,670
  • 8
  • 35
  • 1
    I understand the need for privacy, but couldn't these keys just have been derived from a hardened path of the usual BIP-32 derivation? I'm sure this is a naive outlook, but what would break or what could not be done if we had all the different keys attached somehow to one's seed? This would allow the recovery of funds from seed alone, which is pretty attractive. – Bilthon Jun 23 '22 at 13:05