Merge branch 'main' into cash-app-date-edit

Conor Okus · web-flow · commit 031924237a94 · 2022-11-17T18:36:12.000Z
diff --git a/docs/_blog/cashapp-enables-lightning-withdrawals-and-deposits-using-ldk.md b/docs/_blog/cashapp-enables-lightning-withdrawals-and-deposits-using-ldk.md
@@ -8,24 +8,22 @@ tags:
   - Case Studies 
 --- 
 
-Our team builds the Cash App lightning wallet. We power all lightning bitcoin withdrawals and deposits within Cash App.
+Cash App allows users to instantly deposit and withdraw bitcoin over the lightning network. As an engineer on the Cash App Lightning Wallet team, I was very involved in the entire implementation process.
 
-Cash App is the #1 finance app in the App Store – we have extremely high standards for product development and the infrastructure that powers all our cool features. We were looking for a solution that would ensure high reliability, high scalability, and a stellar developer experience. Cash App is the financial hub for millions of people and often the first place an individual acquires bitcoin, so having a slick user experience, and the infrastructure to onboard lots of new users is extremely important. As a publicly traded company, we take security very seriously, so having the ability to customize our wallet implementation to adhere to our security standards was necessary.
+Cash App is the #1 Finance App in the app store – we have extremely high standards for product development and the infrastructure that powers all our cool features. We were looking for a solution that would ensure high reliability, high scalability, and a stellar developer experience. Cash App is the financial hub for millions of people and often the first place an individual acquires bitcoin. It’s important to have a slick user experience and robust infrastructure that can onboard many new users. As a publicly traded company we take security seriously and need the ability to customize our wallet implementation in order to adhere to strict standards.
 
-We chose LDK for various reasons over other implementations. It provided us with a lot of customizability and flexibility. The [Java bindings](https://github.com/lightningdevkit/ldk-garbagecollected) let us develop in Kotlin, which is the preferred language we use at Cash for backend services. We also had a great working relationship with the [Spiral](https://spiral.xyz/) folks and so it was great to collaboratively work together on more advanced feature asks (phantom invoices!).
+We chose LDK for various reasons over other implementations. It provided us with a lot of customizability and flexibility. The [Java bindings](https://github.com/lightningdevkit/ldk-garbagecollected) let us develop in Kotlin, which is the preferred language for backend services. We also have a great working relationship with the [Spiral](https://spiral.xyz/) folks, making it easy to collaborate on more advanced feature requests such as phantom invoices.
 
 # What we did
-LDK allowed us to develop an extremely scalable lightning node infrastructure. We run multiple wallet nodes and have strict requirements on what peers we can connect to and strict parameters around opening channels. We have logic that does advanced probing in the background, to ensure we have an up to date snapshot of the liquidity on the lighting network.
+LDK allowed us to develop a scalable lightning node infrastructure. Cash App runs multiple wallet nodes and has strict parameters around opening channels and connecting to peers. We have logic that does advanced probing in the background in order to ensure an up-to-date snapshot of liquidity on the lightning network.
 
 ![CashApp architecture](../assets/cash-app-architecture.svg)
 
-We also do probing before every send, so that we can pre-fetch a route and execute the send after a customer has confirmed the send. We have utilized LDK’s [phantom node](https://lightningdevkit.org/blog/introducing-phantom-node-payments/) feature, so we can generate invoices that can be claimed by more than one node. We use MySQL to save our channel state data and node metadata, this allows us to quickly shut down and start up nodes at will on different servers. LDK allows us to run A/B tests on different pathfinding algorithms.
+Probing is done before every send, allowing us to pre-fetch a route and execute the send once the customer confirms. LDK’s [phantom node](https://lightningdevkit.org/blog/introducing-phantom-node-payments/) feature makes it possible to generate invoices that can be claimed by more than one node. We use MySQL to save our channel state data + node metadata in order to quickly shut down and start up nodes at will on different servers. Additionally, LDK lets us run AB tests on different pathfinding algorithms.
 
 # Results
 
-The outcome was that we were able to relatively quickly build a lightning wallet to power bitcoin withdrawals and deposits on Cash App taking into account the complicated constraints we had as a publicly traded company with tens of millions of users.
-
-Users can now deposit and withdraw their bitcoin to Cash App over lightning, so essentially instant BTC deposits and withdrawals for free.
+LDK made it possible to relatively quickly build an easy-to-use lightning wallet while adhering to the complicated constraints Cash App faces as a publicly traded company with tens of millions of users. Users can now instantly deposit and withdraw bitcoin to Cash App over lightning.
 
 To learn more check out this [presentation](https://www.youtube.com/watch?v=kbhL5RqL8Aw) at btc++ explaining some of the trade-offs the Cash App team had to think about when comparing LDK to other solutions.
 
diff --git a/docs/key_management.md b/docs/key_management.md
@@ -2,19 +2,143 @@
 
 Relevant reference: [Rust docs](https://docs.rs/lightning/*/lightning/chain/keysinterface/struct.KeysManager.html)
 
-LDK Private Key Information is primarily provided through the `chain::keysinterface::KeysInterface` trait. It includes a few basic methods to get public and private key information, as well as a method to get an instance of a second trait which provides per-channel information - `chain::keysinterface::ChannelKeys`. While a custom `KeysInterface` implementation allows simple flexibility to control derivation of private keys, `ChannelKeys` focuses on signing Lightning transactions and is primarily useful if you want to store private key material on a separate device which enforces Lightning protocol details.
+LDK Private Key Information is primarily provided through the `chain::keysinterface::KeysInterface` trait. It includes a few basic methods to get public and private key information, as well as a method to get an instance of a second trait which provides per-channel information - `chain::keysinterface::ChannelKeys`.
+ 
+While a custom `KeysInterface` implementation allows simple flexibility to control derivation of private keys, `ChannelKeys` focuses on signing Lightning transactions and is primarily useful if you want to store private key material on a separate device which enforces Lightning protocol details.
 
 A simple implementation of `KeysInterface` is provided in the form of `chain::keysinterface::KeysManager`, see its documentation for more details on its key derivation. It uses `chain::keysinterface::InMemoryChannelKeys` for channel signing, which is likely an appropriate signer for custom `KeysInterface` implementations as well.
 
 A `KeysManager` can be constructed simply with only a 32-byte seed and some integers which ensure uniqueness across restarts (defined as `starting_time_secs` and `starting_time_nanos`).
 
+<CodeSwitcher :languages="{rust:'Rust', java:'Java', kotlin:'Kotlin'}">
+  <template v-slot:rust>
+
 ```rust
 let mut random_32_bytes = [0; 32];
 // Fill in random_32_bytes with secure random data, or, on restart, reload the seed from disk.
 let start_time = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap();
 let keys_interface_impl = lightning::chain::keysinterface::KeysManager::new(&random_32_bytes, start_time.as_secs(), start_time.subsec_nanos());
 ```
 
+  </template>
+
+  <template v-slot:java>
+
+```java
+byte[] key_seed = new byte[32];
+// Fill in random_32_bytes with secure random data, or, on restart, reload the seed from disk.
+KeysManager keys_manager = KeysManager.of(key_seed,
+    System.currentTimeMillis() / 1000,
+    (int) (System.currentTimeMillis() * 1000)
+);
+```
+
+  </template>
+
+  <template v-slot:kotlin>
+
+```kotlin
+val key_seed = ByteArray(32)
+// Fill in random_32_bytes with secure random data, or, on restart, reload the seed from disk.
+val keys_manager = KeysManager.of(
+    key_seed,
+    System.currentTimeMillis() / 1000, (System.currentTimeMillis() * 1000).toInt()
+)
+```
+
+  </template>
+</CodeSwitcher>
+
+# Creating a Unified Wallet
+LDK makes it simple to combine an on-chain and off-chain wallet in the same app. This means users don’t need to worry about storing 2 different recovery phrases. For apps containing a hierarchical deterministic wallet (or “HD Wallet”) we recommend using the entropy from a [hardened child key derivation](https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#hardened-child-key-derivation) path for your LDK seed.
+
+Using a [BDK](https://bitcoindevkit.org/)-based wallet the steps would be as follows:
+ 1) Generate a mnemonic/entropy 
+ 2) Build an HD wallet from that. That's now your on-chain wallet, and you can derive any BIP-compliant on-chain wallet/path for it from there.
+ 3) Derive the private key at `m/535h` (or some other custom path). That's 32 bytes and is your starting entropy for your LDK wallet.
+
+<CodeSwitcher :languages="{rust:'Rust', java:'Java', kotlin:'Kotlin'}">
+  <template v-slot:rust>
+
+```rust
+// Use BDK to create and build the HD wallet
+let mnemonic = Mnemonic::parse_in_normalized(
+        Language::English,
+        "sock lyrics village put galaxy famous pass act ship second diagram pull"
+    ).unwrap();
+let seed: [u8; 64] = mnemonic.to_seed_normalized("");
+// Other supported networks include mainnet (Bitcoin), Regtest, Signet
+let master_xprv = ExtendedPrivKey::new_master(Network::Testnet, &seed).unwrap();
+let secp = Secp256k1::new();
+let xprv: ExtendedPrivKey = master_xprv.ckd_priv(&secp, ChildNumber::Hardened { index: 535 }).unwrap();
+let ldk_seed: [u8; 32] = xprv.private_key.secret_bytes();
+
+// Seed the LDK KeysManager with the private key at m/535h
+let cur = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap();
+let keys_manager = KeysManager::new(&ldk_seed, cur.as_secs(), cur.subsec_nanos());
+```
+
+ </template>
+
+ <template v-slot:java>
+
+```java
+// Use BDK to create and build the HD wallet
+Mnemonic mnemonic = Mnemonic.Companion.fromString("sock lyrics " +
+                "village put galaxy " +
+                "famous pass act ship second diagram pull");
+
+// Other supported networks include mainnet (Bitcoin), Regtest, Signet
+DescriptorSecretKey bip32RootKey = new DescriptorSecretKey(Network.TESTNET, mnemonic, null);
+
+DerivationPath ldkDerivationPath = new DerivationPath("m/535h");
+DescriptorSecretKey ldkChild = bip32RootKey.derive(ldkDerivationPath);
+        
+ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ObjectOutputStream oos = new ObjectOutputStream(bos);
+oos.writeObject(ldkChild.secretBytes());
+byte[] entropy = bos.toByteArray();
+
+// Seed the LDK KeysManager with the private key at m/535h
+var startupTime = System.currentTimeMillis();
+KeysManager keysManager = KeysManager.of(
+        entropy,
+        startupTime / 1000,
+        (int) (startupTime * 1000)
+);
+```
+
+ </template>
+
+ <template v-slot:kotlin>
+
+```kotlin
+// Use BDK to create and build the HD wallet
+val mnemonic = Mnemonic.fromString("sock lyrics village put galaxy famous pass act ship second diagram pull")
+val bip32RootKey = DescriptorSecretKey(network = Network.TESTNET, mnemonic = mnemonic, password = null)
+val ldkDerivationPath = DerivationPath("m/535h")
+val ldkChild: DescriptorSecretKey = bip32RootKey.derive(ldkDerivationPath)
+
+@OptIn(kotlin.ExperimentalUnsignedTypes::class)
+val entropy: ByteArray = ldkChild.secretBytes().toUByteArray().toByteArray()
+
+// Seed the LDK KeysManager with the private key at m/535h
+val keysManager = KeysManager.of(
+    entropy,
+    System.currentTimeMillis() / 1000,
+    (System.currentTimeMillis() * 1000).toInt()
+);
+```
+
+ </template>
+</CodeSwitcher>
+
+::: tip Protection for on-chain wallet
+
+An advantage to this approach is that the LDK entropy is contained within your initial mnemonic and a user only has one master private key to backup and secure. Another added benefit is that if your lightning keys were to be leaked we reduce the exposure to those funds and not the rest of the on-chain wallet. 
+
+:::
+
 Spending On-Chain Funds
 =======================
 When a channel has been closed and some outputs on chain are spendable only by us, LDK provides a `util::events::Event::SpendableOutputs` event in return from `ChannelMonitor::get_and_clear_pending_events()`. It contains a list of `chain::keysinterface::SpendableOutputDescriptor` objects which describe the output and provide all necessary information to spend it.
