Whoops!
Looks like this is lost, due to the symmetric nature of Decker-Wattenhofer. With the scheme proposed in this writeup as-is, every participant, including the LSPs individually, get a signed copy of the kickoff transaction, and can unilaterally exit without permission from any of the other members.
As noted, the goal of this construction is to reduce censorship risk by reducing funds loss risk for LSPs. The original Poon-Dryja-based MultiChannel construction put significant funds loss risk for the LSPs, meaning that the most likely setup was a single corporation setting up multiple LSPs and only allowing MultiChannels for the LSPs it set up. This puts Ursula at significant risk of being censored if that single corporation is pressured to censor her.
If any single LSP can unilaterally exit the MultiChannel anyway, then the same censorship risk is still present.
To ameliorate this, I propose returning the asymmetric nature of Poon-Dryja.
Instead of a single chain of transactions funding→kickoff→decrementing-nSequence→…→decrementing-nSequence→Spilman complex, we have two chains:
- Ursula-side chain: funding→Ursula kickoff→decrementing-
nSequence→…→decrementing-nSequence→Spilman complex - LSPs-side chain: funding→LSPs kickoff→decrementing-
nSequence→…→decrementing-nSequence→Spilman complex
The Ursula kickoff is signed as an n-of-n of Ursula and the LSPs Alice, Bob, and Carol. All the subsequent transactions are also signed as n-of-n of all participants, with the Spilman Complex dividing out the funds into the Spilman channels with varying signing protocols as discussed in the main text.
The LSP-side kickoff is signed with two sets of signatures:
- Funds safety set: n-of-n of Ursula and the LSPs Alice, Bob, and Carol
- Unilateral exit set: k-of-n of the LSPs Alice, Bob, and Carol
Subsequent transactions in the LSPs-side chain are all signed as n-of-n of all participants, with the Spilman Complex yada yada.
For the kickoff transactions only, the LSPs provide signatures for the Ursula kickoff, while Ursula provides its signature for the LSPs kickoff. For all other dependent transactions, all participants have to share full sets of signatures at setup time and at each Cleanup/Onchain Cleanup (Spilman channels are great in that they do not need pre-signed transactions now since OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY activation…. I miss the good old days when we could still add opcodes. I sometimes hallucinate that people are still working on covenant opcodes, even).