If a settlement is shut down for whatever reason, any settler from that settlement can start a connection with any other settlement, send them a BIP322 signed transaction for the 1-of-N MuSig (to prove that they were part of a pool). Once the settlement verifies the signature, the settler can send a proper 1-of-N MuSig transaction for the desired amount [of course this tx will be invalid on-chain, because the 1-of-N MuSig is not funded]. The settlement will then make an entry in its database to credit whatever addresses were specified inside it with their respective amounts, when the next block is mined and a global M-of-N MuSig transaction is made for it.
Settlement pool owners earn fees proportional to the volume of transactions they process, so all tx fees for L1 will be paid from settlement pool fees.
Are you saying if a settlement pool goes down, that *every user* from that settlement must create an on-chain transaction, or only one user from that pool?
If the former, then we are back to square one. If the latter, then I need more time to wrap my head around this.
Neither.
I think the prior talk about the 1-of-N MuSig having funds must have confused you, sonlets clear things up:
- The 1-of-N MuSig is for identity purposes
only; its sole purpose is to keep track who has funds on the (off-chain) network.
- Actual finds are stored in an M-of-N MuSig (a completely different N from above), where each key is the aggregate 1-of-N MuSig key.
Two important things to note here:
- M is greater than half of N, which means you need a greater than 50% network "approval" (actually just settlement pools signing the M-of-N) to spend a transaction on this network.
- This network is designed so that anybody running or connecting to a pool - anybody part of a 1-of-N identity MuSig - can sign one (1) part of the M-of-N transaction.
It means that if a pool goes down between any period of two consecutive L1 blocks being mined, users can still access their funds by connecting to some other pool and showing them their 1-of-N identity MuSig signature (signed with their own key of course - they don't have and don't need to know the pool operator's private key).
In fact, it would take over 50% of the settlement pools to go down to make the funds inaccessible to everyone (but if enough of those nodes come back online, the funds can be accessed again). Why? Because they're aren't enough signers for the M-of-N MuSig.
M is automatically adjusted based on the number of pools existing when a block is mined.
PS: For fees I decided to use the same calculation to determine transaction size - since the format for posting a transaction remains the same as L1 - but the fee rate in sats/byte will be fixed to a constant. That will make it profitable to use Settlement Pools at certain times of the day and vice versa. The fee goes to the pool who is sent the transaction first, as timestamps for all requests are recorded.