Evolving this IRT

Instead of trusting us not to sign even if we get a signature to not cooperate, we keep a live set of death close txs on the user’s device that update when channel updates happen.

These deathclose txs would be fully signed and valid, and close channels directly into a timelocked contract. From this contract, one of the two keys on the user’s device could spend immediately, or the safety key kept away for death can spend after a certain (configurable?) time period.

These txs are then encrypted to the safety key’s public key, and published publicly. They are perfectly valid but can’t disrupt anything unless the safety key is activated, decrypts the tx and broadcasts it.

Now the original user’s device is completely aware of these transactions’ existence (it created them after all) so every time it periodically syncs transactions relevant to its UTXOs via Neutrino, which would pick up these deathcloses if ever broadcast. The device can then send a local emergency notification that the key has been activated and to open the app. Upon opening, user gets details of what’s happening and provides authorisation for the wallet to broadcast cancellations and reopens the channels.

Of course, it all gets a little more complicated when you introduce multi-device FROST signatures for the onchain savings account but that’s for another day lol