 Watchtowers justice transactions in the lightning network. How do watchtowers, which are third-party lightning nodes, detect dishonest parties and fraudulent transactions? Watchtowers could also be used for spying on users. How does the privacy angle, payment channel, and watchtower's trio work? It's a great question, Salim. So if you don't know what a watchtower is, in the canonical construction of payment channels in the current version of the lightning network, the payment channels that are currently used have a penalty mechanism in them. In these payment channels, as they're currently specified, in the basis of lightning technology specification or bolt specification, a payment channel consists of bilateral asymmetric commitment transactions that are exchanged between the two parties and that are anchored on a two-of-two multi-sig UTXO that is recorded on the blockchain. So first, the two parties record an amount as a two-of-two multi-sig that's recorded on the blockchain and is the funding transaction or opening transaction of their channel. From then, they exchange commitment transactions that update the balance or state of the channel to reflect movement of funds from one endpoint of the channel to the other and perhaps back again in the opposite direction. These commitment transactions, however, can potentially be used to cheat. And there is a specific scenario where if one of the two parties in the channel is not online and remains offline for an extended period of time, two to three days, for example, the other party in the channel can take a prior revoked commitment transaction and broadcast the prior state. So let's say, for example, I have a payment channel with Alice and my payment channel shows one Bitcoin on my side, zero Bitcoin on Alice's side and then half a Bitcoin on my side, half a Bitcoin on Alice's side because I sent half a Bitcoin to Alice and then a quarter of a Bitcoin on my side, three quarters of a Bitcoin on Alice's side because I sent Alice another quarter of a Bitcoin. Now, obviously, now we have three different states in that channel. The first state where I had a whole Bitcoin, the second state where I had half a Bitcoin and the third state where I have only a quarter of a Bitcoin and Alice has three quarters of a Bitcoin. Now, if Alice went offline and I then broadcast the commitment transaction from when I had one Bitcoin, effectively, I'm undoing the last two payments. Alice has an immediate recourse in that. In the process of revoking that previous commitment, I gave Alice a revocation key and that revocation key allows Alice to punish me and to punish me so that if I try to broadcast a prior state in which my side of the channel had more balance, Alice can use the revocation key to take the entire balance of the channel and burn it. Basically, burn down the channel and take all of the money for herself and I lose whatever balance I may have had in the channel. So even in the last state that we publish, the correct last commitment, I still had a quarter of a Bitcoin on my end. If I try to cheat, however, I'm going to get zero Bitcoin. So if I try to get more than what I actually have on my side of the channel, I get penalized by losing all of the Bitcoin in the channel and Alice gets rewarded by taking all of the Bitcoin in the channel. That's a penalty. Now, here's the problem. If Alice is offline and I broadcast a prior state, she only has a certain amount of time to take the payment using the revocation key because there are time locks within the commitment transaction and the time locks give Alice an opportunity to use the penalty and take all of the money from the channel and force me to wait before that commitment is actually in my favor. But if Alice is offline, she can't execute that penalty and what watchtowers do is they allow a third party to act on behalf of Alice in order to protect the channel integrity. A watchtower basically receives a hash that tells it if you see a commitment transaction that corresponds to spending of this UTXO, then here's the revocation key that you can use to execute the penalty on behalf of Alice. What the watchtower does is it watches the blockchain on behalf of many customers and it looks for any prior commitments broadcasts for those channels and then executes the corresponding penalties if someone tries to commit a prior commitment. There are a couple of mechanisms that can be used to increase the privacy. If you simply tell the watchtower the current state of the channel and you give it a commitment transaction and a penalty transaction and you give it the channel endpoint, then the watchtower not only can act on your behalf to execute the penalty, but it also has a lot more information about the channel than you might want to have public. When you've created a funding transaction for a channel, the channel itself is invisible, all you see on the blockchain is a multi-sig address, which basically is a P2SH paid script hash 3 address, for example, that hides a lightning funding transaction multi-sig channel. So sorry, the funding transaction of the channel, which is a multi-sig transaction. So you can't really tell that that's a lightning transaction, you can't tell it's a channel, you can't tell who the participants are, all of that information is invisible to the world from the blockchain, but the watchtower would have more information and that can create some privacy problems. There are some mechanisms that can be used to hide from the watchtower the details of the channel and provide them with the information they need to execute a penalty transaction, but in such a way that they can't actually see that information until they execute the penalty transaction. So you can actually balance these things. In fact, in future versions of payment channels, this entire mechanism is unnecessary. The next generation of payment channels are likely to be based on a protocol called L2 ELTOO and L2 is a channel construction mechanism that uses a SIG hash no input construction that hasn't yet been implemented in the Bitcoin consensus rules. But if that opcode was implemented and L2 channels became possible in an L2 channel, a prior commitment is revoked in such a way that there is no need to do this game theory penalty mechanism because it simply cannot be broadcast. And as a result with L2 channels, all of the need for watchtowers and watching online to ensure you can enforce penalties and the possibility of cheating by broadcasting a prior state, all of that goes away. We are going to see several more iterations of how payment channels work in Lightning.