FAQ - Lykke Offchain Settlement
Offchain settlement is a secure method of settling a Bitcoin transaction that involves the Bitcoin Blockchain as little as possible. By this method, two parties register a mutually agreed initial state for a bidirectional payment channel (as represented by a multisignature address) on the Blockchain and then gradually modify the agreement off the Blockchain until both parties agree to continue.
Commitment transactions are messaged in the peer-to-peer channels established between the client and the exchange without hitting the Blockchain. However, at any time, either party can safely broadcast the final balance of traded coins on the Blockchain.
Payment channels are based on 2-of-2 multisig wallets, where the collateral is stored by the counterparties to provide a dispute resolution mechanism between the market participant and the exchange. The final settlement is performed at the moment the channel is closed by broadcasting the most recent commitment transaction.
With payment channels, Lykke users can securely complete trades off the Blockchain. This substantially reduces settlement times and fees..
There are various reasons why offchain settlement is desirable:
- Settlement time is lower. Offchain settlement takes seconds, while Blockchain settlement may take from 10 minutes to more than an hour, depending on the state of the mempool.
- The Bitcoin Blockchain’s capacity limit is about 7 transactions per second. Offchain negotiations have no such limitation.
- Settlement costs are lower.
- Offchain settlement enables the implementation of limit orders based on offchain collateral transactions.
Offchain settlement maintains payment channel security by initially freezing both parties’ funds on the Blockchain and providing commitments to each other off the Blockchain. When the parties agree to the terms of the new trade, commitments are updated off the Blockchain. At the same time, the commitment transaction enables either party to reclaim frozen funds simply by broadcasting the transaction on the Blockchain.
In addition to the usual security, which requires keys to update the payment channel in a multisig environment, there is another layer of security for both parties to consider: that the payment channel be closed in its most recent state, not in an expired one. This could be achieved by monitoring the Blockchain for the broadcast commitment. Lykke does this, and a monitor code that could be used by clients independently of Lykke is being developed. More info can be found in Question 27.
We adapted ideas for maintaining bidirectional channels initially proposed by the Lightning Network project (https://lightning.network/), with some key differences:
- Since the Segregated Witness improvement has not yet been adopted by the Bitcoin Blockchain, whenever trust is required because of protocol design, it is assumed that Lykke can be trusted to open channels.
- We added a new feature to the channel setup phase for accepting new deposits to the channel, whenever required.
- We added a new feature to the channel setup phase for accepting withdrawals from the channel without closing the channel, whenever required.
Broadly speaking, offchain implementation consists of the following parts:
During this part, the channel setup transaction is created and broadcast, and the first pair of commitments are exchanged.
Because the Segregated Witness improvement has not yet been adopted by the Bitcoin network, and also because we cannot have transaction IDs without the signatures of both parties, Lykke is assumed to have trust when the channel is created.
In addition to what is described in the Lightning Network article, which creates a channel by accepting deposits from two parties, we have some additional operations for setting up channels, as described in the sections that follow.
In this operation, another deposit, this time directly to the multisig address, is used as another input to set up a channel. This kind of setup can be used to upgrade an existing channel, when a new deposit is made to the multisig address, probably after some sort of confirmation.
This operation is actually a mix of a cashout from the channel’s multisig output, which effectively closes the channel, and the opening of a new channel (using the previous step) for the remaining balance.
When needed to transfer funds from the client to Lykke, or from Lykke to the client, the channel state should be updated, and a new set of commitments should be created.
In this part, the new commitments are exchanged, and the old commitments are revoked, by exchanging the key used to prevent the counterparty from accessing the broadcast funds of the commitment. The key enables either party to take all the funds from the broadcast revoked commitment on the Blockchain for at least 24 hours.
Either the client or Lykke can close the channel by broadcasting the latest commitment. Whichever party broadcasts the commitment must wait 24 hours to reclaim collateral funds.
Since the previous states of a channel can be broadcast to the Blockchain, which closes the channel in an invalid state, the Blockchain should be monitored, and the designated arbitrator should take action in the event of this sort of malfeasance. The initiation of this event can originate from either side for whatever reason.
A service that will enable clients to monitor the Blockchain independently of Lykke is being finalized.
For more information on the workings of offchain implementation, you are free to examine the source code; see Question 27.
We have many plans and ideas for the future:
- Displaying offchain transactions in the Lykke Blockchain Explorer
- Creating a tool for broadcasting commitment transactions from the client side
- Launching a service for the independent monitoring of channel commitments
- Implementing a trustless deposit feature for trading wallets
- Running a third-party liquidity provider as an open-source service
Remember, when you trade from your multisignature address, the new balance is not immediately settled on the Blockchain. Hence, you get discrepancies. The balance on the Blockchain is equal to your balance plus extra coins deposited by Lykke.
Offchain settlement assumes that the Lykke Exchange might deposit some extra coins into your multisignature address. These extra coins enable you to settle off the Blockchain.
If you buy the coins, there’s no need to settle the transaction on the Blockchain, since these coins have already been deposited in your multisignature address.
Your multisignature balance on the Blockchain shows the total amount of coins that belong to you as well as to Lykke. Using the Blockchain, you can make sure that your balance is not less than the balance shown on the Blockchain.
There’s no way to tell simply by looking at the balance on the Blockchain. Offchain commitment transactions reflect the true corresponding balances.
However, in the future, the Lykke Blockchain Explorer will provide accurate offchain balances for your multisignature address. (See the answer to Question 6 above.)
Your latest commitment transaction is stored in your Lykke Wallet app. (In the future, it will be available for download; see the answer to Question 6 above.) Transaction notifications are also sent by email after each trade.
Offchain transactions will also be publicly available in the Lykke Blockchain Explorer.
Your offchain commitment transaction is actually a Lykke Wallet refund. You can broadcast the commitment transaction to cash out coins from your multisignature address without Lykke within 24 hours.
No. A withdrawal that is signed by both you and Lykke is instant. The 24-hour delay is related only to withdrawals with commitment transactions that do not have the second of the two signatures. (This second signature is Lykke’s in this case.)
Your Bitcoins will be transferred to the refund address that you specified in the settings of your Lykke Wallet at the time of channel setup. This process will take 24 hours.
Lykke will transfer Bitcoins into the multisignature address on the Blockchain when this is required for trades. Technically speaking, this will work as the opening of a new payment channel, including new Bitcoins.
Lykke might either keep the Bitcoins in your multisignature address for further offchain settlement or cash out these extra Bitcoins back to our hot wallet.
The Lykke Blockchain Explorer will provide offchain balances for multisignature addresses. (See the answer to Question 6 above.)
No. The output of the related commitment transaction has a relative time lock of 24 hours. This means that you must wait 24 hours before you get the refund. An instant withdrawal requires two signatures: yours and Lykke’s. Commitment transactions should be used in case of emergency.
The time lock enables counterparties to inspect broadcast transactions and take proper action in case of a dispute.
All old commitment transactions must be deleted. Only the most recent commitment transaction can be used to for a channel closure on the blockchain. You can revoke an old commitment transaction by providing us with its temporary key, which enables us to spend all the outputs of a commitment transaction.
Lykke is constantly monitoring the Blockchain. We have 24 hours to detect the revoked commitment transaction broadcast on the Blockchain. With the temporary key for each revoked transaction, we will broadcast a penalty transaction, which spends the inappropriately refunded coins. We will then start an investigation.
No. Any published commitment transaction has only one signature on it. Another signature is required to broadcast the commitment to transfer coins from one multisignature address to the other.
Yes. You provide the commitments for Lykke in the same way that Lykke provides them for you. Lykke might want to use a commitment for getting back the extra coins that we deposited into your multisignature address.
You have at least 24 hours to detect the revoked transaction on the Blockchain and broadcast the penalty transaction.
Blockchain monitoring can be safely outsourced. We assume that there will be multiple independent third-party monitoring services available for you.
Until the Segregated Witness improvement becomes a reality, instead of monitoring transaction IDs, Lykke monitors addresses and outputs.
But since the Bitcoin Blockchain does not yet have Segregated Witness, whenever trust is required because of protocol design, it is assumed that Lykke can be trusted to open channels.
The code by which we implement offchain settlement can be found in multiple places in our Lykke GitHub repositories, including:
https://github.com/LykkeCity/bitcoinservice (Search for offchain)
Lykke Underlying System Improvements: scalability and extended functionality
Lykke Wallet exchange has been on the market for more than five years, it’s a fully functional trading environment that combines a web terminal and mobile device applications.
How to Buy ADA With Fiat Without Fees
Wondering how to buy Cardano (ADA) without fees? It’s easier than you might think.
About Lykke's Updated Listing and Delisting Policy
Since the emergence of the first cryptocurrency more than ten years ago, new and new projects have been appearing on the market offering new blockchains and cryptocurrencies.
Lykke Wallet Security Measures
Security is a trending topic in the blockchain industry: How to protect your funds against hackers? How to store the private key? Who should be responsible if a DeFi platform is hacked? These and many other questions related to security issues cause a headache both to the cryptocurrency service providers and their clients.
Anonymity versus regulation in cryptocurrency trading: what’s the trend?
With mass adoption, hopefully, around the corner, a smaller and smaller proportion of the growing cryptocurrency user base knows where the debate about anonymity - regulation comes from.