[LND] Creating and restoring backups of your node

[NotATether]

So, I thought I would make this post in order to inform people how you would back up your entire Lightning Network state using LND. LND seems to be the market leader here; I haven't seen anyone outside of Blockstream use c-lightning (CMIIW).

So, there are two parts to an LND backup - the mnemonic phrase itself and the channel state.

The mnemonic phrase part should be familiar to most of you. It is just a regular 24-word BIP39 phrase. LND calls it an "aezeed". It allows you to restore all of the on-chain funds - pending a re-scan of course.

There is usually only one phrase per LND installation; it is created when you run lncli create for the first time.

The other thing you need to know about is something called a static channel backup. It is a file that contains the state of a channel that you have open with another node.

According to the LND documentation at: https://docs.lightning.engineering/lightning-network-tools/lnd/recovery-planning-for-failure#static-channel-backups-scb:

To obtain our SCBs, we can use the channel.backup file found in .lnd/data/chain/bitcoin/channel.backup. This file contains all backups for all our currently existing channels and it is updated every time we or somebody else opens a new channel. We can also obtain the SCB for a specific channel with the command lncli exportchanbackup --chan_point <channel point>

Keep a copy of your channel.backup file on a separate machine and update it whenever a new channel is opened between your node and a peer.

Where the channel point is just a UTXO (written in txid:index format) that represents an open channel of yours.

So if you back up your static channel backup files and your mnemonic phrase, then you will always have access to your funds even if your LND node is destroyed; you just have to create it again and then use the static channel backups to cooperative-close your channels.

Do note that your channel backups always have to be up-to-date. Don't forget to back up your channel after you send or receive some sats, otherwise if you try to close a channel with this invalid state, it is seen as a malicious close attempt and you will lose your off-chain balance. See https://bitcoin.stackexchange.com/a/80399 for details.

[DaveF]

There are some automated or semi automated tools that will do the channel backups for you.
Some are better then others, but I will say look at and play with a bunch of them and make sure you are comfortable with the one you choose.

Keep in mind that even things that are just routed through your node even without you making a transaction will make you want to create another channel backup.

-Dave

[nc50lc]

Do note that your channel backups always have to be up-to-date. Don't forget to back up your channel after you send or receive some sats, otherwise if you try to close a channel with this invalid state, it is seen as a malicious close attempt and you will lose your off-chain balance.

Electrum's implementation prevents this scenario by only allowing "Remote Force Close" if the channel is restored from a static backup.
Because it's weird to tell users to backup their channels in every lightning transaction, right?

Is there an option in LND to request the remote node to force close in case the backup is not the channel's latest state?
If so, it should be safer to do that if the user isn't sure on the backup's state.

[NotATether]

Is there an option in LND to request the remote node to force close in case the backup is not the channel's latest state?
If so, it should be safer to do that if the user isn't sure on the backup's state.

I'm actually not sure. And such an option would have to be implemented in its RPC console, so with lncli.

The closest you have are these (in lncli):

Code:

   Channels:
~
     closechannel       Close an existing channel.
     closeallchannels   Close all existing channels.
     abandonchannel     Abandons an existing channel.

Also, there appears to be no way of viewing the mnemonic phrase (the "aezeed") after the LND wallet is created with lncli create. That is quite weird. Because normally you should be able to type your password and it shows the seed.

[Cricktor]

The mnemonic phrase part should be familiar to most of you. It is just a regular 24-word BIP39 phrase. LND calls it an "aezeed". It allows you to restore all of the on-chain funds - pending a re-scan of course.

Aezeed is not BIP39 compatible. It might use the same wordlist, but that's to my knowledge the only shared part (see https://github.com/lightningnetwork/lnd/tree/master/aezeed, based on AEZ, https://web.cs.ucdavis.edu/~rogaway/aez/).

You can try it out (in a safe environment, of course): your 24 Aezeed recovery words won't give you a valid BIP39 checksum. (I was puzzled at first when I checked my carefully documented LND recovery words quite some time ago as I somehow assumed, it's BIP39 compatible, too. I questioned my sanity until I read a bit more about Aezeed and what it means.)

[NotATether]

Aezeed is not BIP39 compatible. It might use the same wordlist, but that's to my knowledge the only shared part (see https://github.com/lightningnetwork/lnd/tree/master/aezeed, based on AEZ, https://web.cs.ucdavis.edu/~rogaway/aez/).

If I recall correctly the aezeed stores some things that BIP39 doesn't have, like for example things required to create things like channel state and stuff.

[Cricktor]

I don't recall, and there's no hint to it in the README.md on Github, that any details concerning "channel state and stuff" is stored in the Aezeed LND uses.

Aezeed has versioning and stores a birthdate with day granularity counted from Genesis block's date. Versioning allows tracking of changes with respect to used cipher and parameters or how exactly to re-derive keys and addresses, birthdate of wallet stores from which day on scanning of blockchain needs to start for that particular wallet.

16 bytes of raw entropy are used. A user can define a passphrase for the CipherSeed and this passphrase can be changed later by the user, which is a quite nice option (changing an optional BIP39 mnemonic passphrase, the additional thing, gives you a totally different wallet).

Having a strong passphrase allows the Aezeed recovery words to be kept in plain sight if one wants it. (Of course, you need a safe and redundant backup of your Aezeed passphrase and you shouldn't loose the recovery words. Not going into details of the dos and don'ts...)

It may be beneficial to read the short README.md text from the provided Github link above.