Why do payment channels require monitoring or watchtowers?

Because punishment requires a timely on‑chain response: if a counterparty publishes an old (revoked) commitment, the honest party has a limited CSV/CLTV delay window in which to submit the revocation remedy and sweep the funds; if they miss that window they can lose funds. Users can watch themselves or outsource monitoring to a watchtower that stores encrypted breach‑remedy data and broadcasts penalty transactions on their behalf, but watchtowers and chosen timelocks are mitigations, not eliminations, of the timing requirement.

How does the revocation/penalty mechanism stop someone from publishing an old channel state?

Lightning‑style channels use a revocation/penalty design: each commitment gives a delayed local output protected by a relative timelock, and when a state is revoked the counterparty reveals a secret that allows them to claim that delayed output immediately if the revoked state is published, making publishing old states economically irrational.

What is an HTLC and how does it enable safe routed payments across channels?

An HTLC conditions each hop’s claim on knowing a preimage R whose hash H is advertised; the final recipient reveals R to claim the incoming HTLC, intermediaries learn R and use it to claim their incoming HTLCs, and staggered timeouts ensure intermediaries have time to respond or reclaim funds if the payment fails, so either the payment completes end‑to‑end or rolls back.

What are the main trade‑offs of using payment channels instead of on‑chain payments?

Channels trade blockchain throughput for locked liquidity, operational complexity, and reliance on timely responsiveness: funds are committed to channel capacity (which can be directionally constrained), participants or watchers must be reachable to react to disputes, and disputes or mass closures still need block space and can become expensive during congestion.

How can payment channels be attacked or congested in practice?

Researchers have demonstrated practical attacks like HTLC‑congestion and probing/congestion routing that can jam channels or discover balances, and mass or targeted forced closures can stress the blockchain fee market; mitigations exist but defaults and operational choices across implementations materially affect risk and cost.

Which Bitcoin protocol features are required for current payment‑channel designs and why?

Channels depend on specific Bitcoin features: stable transaction identifiers (SegWit) to avoid malleability, CLTV and especially CSV/BIP68 relative timelocks so dispute windows start at publication, and proposed eltoo optimizations require sighash modes like SIGHASH_NOINPUT/ANYPREVOUT which are not currently widely available.

What is eltoo and why hasn’t it replaced Lightning’s current revocation model yet?

Eltoo is an alternative update model that lets later states supersede earlier ones on‑chain (avoiding poison‑penalty secrets and simplifying watcher logic), but it relies on a sighash mode such as SIGHASH_NOINPUT/ANYPREVOUT that the deployed Bitcoin base layer does not yet provide in the form eltoo assumes, so it remains a prospective improvement rather than a deployed replacement.

What kinds of transactions actually get published on‑chain for channel operation and disputes?

Not just open and close: in cooperative cases the chain sees a funding tx and a mutual close, but the protocol must also handle unilateral closes, HTLC‑success and HTLC‑timeout transactions, and penalty transactions when parties misbehave — the invariant is that normal updates stay off‑chain but a supply of on‑chain exit paths exists for settlement or dispute.

How do timelock choices (relative vs absolute and length) affect channel security and usability?

Relative timelocks (CSV/BIP68) start the dispute window when a commitment confirms, which makes the response window predictable and avoids periodic refreshes that absolute deadlines (CLTV) would force; however, longer timelocks increase fund lockup and shorter timelocks raise the risk that an offline party cannot respond in time, so conservative parameter choice is required.

When is it better to make an ordinary on‑chain Bitcoin payment rather than open a channel?

If two parties only transact once or very rarely, the overhead of opening and closing a channel (on‑chain fees, complexity, and required monitoring) can exceed the cost‑and‑latency benefits of off‑chain updates, making a single on‑chain payment preferable in such cases.

What Are Payment Channels?

#PROTOCOLS #BITCOIN

Learn what payment channels are, how they enable off-chain Bitcoin payments, how commitment transactions and HTLCs work, and what tradeoffs they involve.

Introduction

Payment channels are a way to make many payments between parties without putting each individual payment on the blockchain. That matters because blockchains like Bitcoin are very good at final settlement and censorship resistance, but they are expensive and slow if every coffee, API call, or routing hop has to compete for block space.

The basic puzzle is simple. If Alice and Bob trust Bitcoin to settle a payment, why not just pay on-chain each time? The answer is that Bitcoin gives strong guarantees by making global consensus expensive. Every node verifies every transaction, miners include only a limited number of bytes per block, and confirmation takes time. If two people expect to pay each other repeatedly, that machinery is often more than they need for each intermediate transfer.

A payment channel changes the division of labor. The blockchain is used to open the relationship, to enforce it if something goes wrong, and to close it at the end. The frequent balance changes in the middle happen off-chain between the two participants. In effect, the chain becomes a court of final appeal rather than the place where every interaction must be recorded.

That single shift explains both the appeal and the difficulty of payment channels. They are attractive because they can turn many small payments into only a small number of on-chain transactions. They are difficult because an off-chain update is only useful if either party can later enforce the latest agreed state on-chain, even when the other party becomes uncooperative.

Why do payment channels exist and what specific problem do they solve?

Best when	Typical cost	Latency	Trust required	On-chain fallback
Occasional large transfers	Per-payment on-chain fees	Block confirmation latency	No peer monitoring	Native on-chain settlement
Many small/repeated payments	One-time funding fee plus small	Near-instant off-chain	Requires monitoring or watchtower	Channel close enforces state

Figure 291.1: On-chain vs payment channels: when to use

The problem payment channels solve is not merely “make payments faster.” It is more precise: *how do two parties transfer value many times while paying the blockchain settlement cost only occasionally? * If the answer were “just keep a private spreadsheet,” the system would fail the moment the parties disagree. A useful channel needs a way to convert the current off-chain balance into an enforceable on-chain outcome without asking either side to trust the other.

Suppose Alice expects to pay Bob ten times over the next week. On Bitcoin, ten ordinary payments mean ten separate transactions competing for confirmation and fees. If fees rise, small payments become uneconomic. If confirmation is slow, interactive use becomes awkward. The key observation behind a payment channel is that the blockchain does not need to learn about each step if it can still enforce the final net result.

So the channel works by separating two things that are often conflated. First there is ownership under dispute, which must be enforceable on-chain. Second there is day-to-day balance movement, which can happen privately between the two parties as long as each update can be defended later. Payment channels use script conditions, signatures, and timelocks to connect those two layers.

This is why payment channels are often described as “off-chain,” but that phrase can mislead. They are not outside the blockchain’s security model. They are better understood as blockchain-backed contracts whose common case stays off-chain. The chain still supplies the hard part: final, adversarial settlement.

How do payment channels work: lock funds once and update balances off‑chain?

At a high level, a payment channel begins when two parties create a shared on-chain output. In Lightning-style Bitcoin channels, that funding output is a 2-of-2 multisig, meaning both parties must cooperate to spend it in the ordinary case. The funding output is the pool of coins from which all later balances are derived.

Once that output exists, the parties do not move coins by spending it on-chain after every payment. Instead, they repeatedly create and exchange new commitment transactions. A commitment transaction is an on-chain-valid transaction reflecting a particular channel balance split. One version represents Alice’s view of the current state; another represents Bob’s. Either can later broadcast their current commitment if cooperation breaks down.

The compression point is this: a channel state is really a pair of pre-arranged exit rights. Off-chain updating means replacing the old pair of exit rights with a new pair that reflects the new balances. If the old exits remained safely usable forever, either side could cheat by publishing an outdated state in which they had more money. So every update must do two things at once: create the new valid state and make the old state dangerous to use.

That is why modern bidirectional channels are not just multisig accounts. The multisig funding output is only the starting point. The real design challenge is state replacement under adversarial conditions.

Example: How does a channel update work step‑by‑step?

Imagine Alice and Bob open a channel with 1 BTC total: Alice contributes 0.7 BTC and Bob contributes 0.3 BTC. Their initial off-chain state says exactly that. No one has paid anyone yet, but both already hold the transactions and signatures needed to recover their share if the channel has to close.

Now Alice wants to pay Bob 0.1 BTC. The new state should read Alice 0.6, Bob 0.4. They do not broadcast a new on-chain transaction. Instead, they exchange fresh commitment transactions that reflect the new split, along with the cryptographic material needed to invalidate the old state.

This exchange has to be ordered carefully. If Alice gave up protection on the old state before receiving a valid new one, she could be exposed. If Bob accepted the new state without receiving the revocation for the old one, he could be cheated later. So the update protocol is really a carefully choreographed swap of signatures and revocation secrets.

After that exchange finishes, the old 0.7/0.3 state is no longer safely publishable. The new 0.6/0.4 state is the only one each side should rely on. If they make another payment later, they repeat the same pattern: produce the next pair of exits and revoke the previous pair.

Nothing visible has changed on the blockchain. But economically, the channel balance has changed, and both sides now hold enforceable evidence of the latest state.

How can revoked channel states be punished on Bitcoin?

Lightning-style payment channels use a penalty design. The formal machinery in the original Lightning paper is the Revocable Sequence Maturity Contract, or RSMC. The intuition is simpler than the name suggests.

Each commitment transaction gives one side an output they can eventually spend, but not immediately. Their “local” output is encumbered by a relative timelock using [OP_CHECKSEQUENCEVERIFY](https://github.com/bitcoin/bips/blob/master/bip-0112.mediawiki), often called CSV. That delay creates a response window. During that window, the counterparty can take the funds immediately if they possess the revocation key material corresponding to that old state.

Here is the mechanism. When a state becomes obsolete, each side reveals a secret associated with that state. That secret lets the counterparty derive a revocation key for the obsolete commitment. If someone later broadcasts that revoked commitment anyway, the counterparty can use the revocation path to claim the delayed output as a penalty before the broadcaster’s CSV delay expires.

So the punishment is not social or reputational. It is built directly into the scripts. On the current state, your own delayed output is eventually yours. On an old revoked state, that same output becomes claimable by your counterparty immediately. The threat of losing all funds in the revoked commitment is what makes it irrational to cheat if the other side is watching.

This is also the first place many readers misunderstand the design. The system does not make old states invalid in the usual sense; the blockchain cannot know which off-chain state is “latest.” Instead, it makes old states dangerous to publish. That is a crucial distinction.

What role do timelocks (CLTV and CSV) play in channel security?

Timelock type	Starts counting	Unit	Use in channels	Why it matters
CLTV (absolute)	At specified block/time	Block height or wall time	Non-interactive refunds and deadlines	Deadline can expire while channel open
CSV (relative)	When the commitment confirms	Blocks or 512s-granularity seconds	Revocation response window for penalties	Predictable window starting at publication

Figure 291.2: CLTV vs CSV: choosing timelocks

Timelocks are what turn “dangerous to publish” into something enforceable. Bitcoin provides two main ingredients here.

[OP_CHECKLOCKTIMEVERIFY](https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki), or CLTV, enforces an absolute deadline: an output cannot be spent until a given block height or time. OP_CHECKSEQUENCEVERIFY, or CSV, enforces a relative delay: an output cannot be spent until some amount of time has passed since the transaction confirming it. Relative delay is especially useful in channels because the dispute window begins when the commitment transaction actually hits the chain, not at some fixed date chosen far in advance.

That difference matters mechanically. If a channel used only absolute deadlines, parties would have to worry about the deadline approaching even while everything was going fine, and channels would need periodic refreshes. A relative delay starts counting only from publication, which makes the response window predictable at the moment it is needed.

In Lightning-style commitments, the delayed to_local output is the core example. If I publish my current commitment, I must wait to_self_delay blocks before taking my own output. If I publish an old revoked commitment, my counterparty can use the revocation path during that window to sweep it first. The timelock is therefore not an incidental detail; it is the buffer that gives the punishment mechanism time to work.

How do HTLCs let you route payments across a network of channels?

A two-party payment channel is useful on its own, but its broader significance comes from composition. If Alice has a channel with Bob, and Bob has a channel with Charlie, can Alice pay Charlie without first opening a direct channel? Payment channels become far more powerful when the answer is yes.

The challenge is trust. Bob sits in the middle. Alice does not want to pay Bob unless Charlie gets paid. Bob does not want to pay Charlie unless Bob gets reimbursed by Alice. The mechanism that solves this is the Hashed Timelock Contract, or HTLC.

An HTLC conditions payment on revealing a secret preimage R whose hash H is already known. Charlie, the final recipient, knows R. Alice constructs a conditional payment to Bob that Bob can claim only if he can reveal R before a timeout. Bob constructs a similar conditional payment to Charlie, but with a shorter timeout. When Charlie claims the incoming HTLC by revealing R, Bob learns R and uses it to claim from Alice. If Charlie never reveals the preimage, the HTLCs expire and each hop can reclaim its funds after the relevant timeout.

The reason this works is cause-and-effect, not magic. The same secret unlocks every hop, so either the payment completes all the way through or times out back up the route. The timelocks are staggered so intermediaries have time to react safely. Bob cannot steal the payment because Bob only gets paid by Alice if Bob can produce the same preimage Charlie used. And Bob is protected because Bob’s outgoing HTLC expires earlier than Bob’s incoming one, giving Bob time to cancel backward if necessary.

This is what turns isolated channels into a network such as Lightning: a graph of bilateral channels over which conditional payments can be routed.

What transactions are published on‑chain for channel operation and disputes?

A common oversimplification says a payment channel uses “two transactions”: one to open and one to close. That captures the goal, but not the full mechanics. In the cooperative case, it is close to true: a funding transaction opens the channel, and a mutual close transaction settles it. But the protocol must also be ready for unilateral closes, HTLC timeout transactions, HTLC success transactions, and penalty transactions when something goes wrong.

The important invariant is not the exact count. It is that the normal case keeps repeated balance updates off-chain, while the chain remains available for settlement and enforcement. In a healthy channel that is updated many times and then closed cooperatively, the blockchain still sees far less activity than it would if every payment had been made on-chain.

BOLT specifications make this concrete. The funding output is a P2WSH 2-of-2 multisig. Commitment transactions have carefully defined output scripts, fee rules, ordering rules, and key-derivation schemes so implementations interoperate. These details matter because a payment channel is not merely an idea; it is a set of transactions that must be identically understood by both peers and by Bitcoin consensus rules.

Which Bitcoin features do payment channels require and why?

Payment channels are often described as a second-layer protocol, but their safety depends on very specific base-layer capabilities. This is not optional plumbing. The channel design is only as strong as the on-chain contract tools it can fall back to.

Historically, transaction malleability was a major obstacle. Many channel constructions need to pre-sign transactions that spend outputs not yet confirmed on-chain. If the transaction identifier of a parent transaction can change after signing, descendants referring to it can break. Segregated Witness addressed the practical malleability problem for Lightning-style constructions by stabilizing transaction identifiers in the way the design needed.

Timelock support is equally central. OP_CHECKLOCKTIMEVERIFY made non-interactive time-locked refund patterns much more practical. OP_CHECKSEQUENCEVERIFY, together with BIP68 relative lock-time semantics, made the revocation-based dispute window workable because the delay starts when a commitment actually confirms.

So a payment channel is not a generic abstraction floating above Bitcoin. It is a contract pattern built out of Bitcoin script, transaction structure, and consensus-enforced timelocks.

Why must participants monitor the blockchain or use watchtowers?

Approach	Who watches	Reaction speed required	Cost/complexity	Primary risk if offline
Self-monitoring	User or node operator	Must be online for the dispute window	Low monetary cost; operational burden	Missed breach → likely fund loss
Watchtower	Third‑party service	Tower reacts within window for you	Subscription or bounty; outsource complexity	Tower failure or locator abuse risks
No monitoring	Nobody	No guaranteed reaction	Zero ongoing cost	High probability of unrecoverable loss

Figure 291.3: Monitoring options for channel security

The clean story about penalties hides an operational assumption: someone has to notice if a revoked commitment hits the blockchain. If Alice disappears for longer than her response window and Bob publishes an old state, the scripts will not rescue her automatically. The protocol gives her the right to punish; she still needs to exercise that right in time.

This is why Lightning’s security model includes monitoring. A user can watch the chain themselves, or they can outsource this job to a watchtower. A watchtower is a service that stores encrypted breach-remedy data and watches the chain for matching revoked commitments. If a breach appears, the tower broadcasts the penalty transaction on the user’s behalf.

That does not mean watchtowers eliminate all concerns. They are a mitigation for being offline, not a removal of the timing assumption. Channel parameters such as dispute delays must still be chosen conservatively enough that honest parties or their delegates can react under realistic network and fee conditions.

This dependence on timely on-chain recourse is fundamental. Payment channels are scalable precisely because they assume recourse to the chain is rare. But when many channels need the chain at once, the assumption comes under stress.

What are the main tradeoffs of payment channels (liquidity, responsiveness, and fee risk)?

Payment channels improve throughput by not asking the blockchain to process every payment. But they do not make the underlying constraints disappear; they rearrange them.

The first constraint is liquidity. Funds in a channel are locked into that relationship until the channel is rebalanced or closed. If Alice has capacity in the wrong direction, she may be unable to make a payment even though she has plenty of bitcoin overall. So channels trade some capital flexibility for payment speed and fee savings.

The second constraint is online responsiveness. Because the channel relies on revocation windows and timeout handling, participants must remain reachable enough to react. This is milder than “always online every second,” but it is stronger than ordinary on-chain self-custody, where you can ignore the chain for long periods and still retain your coins.

The third constraint is fee-market dependence at bad times. Off-chain updates are cheap because they avoid the chain, but unilateral closes and disputes still need block space. If many channels close during congestion, on-chain recovery can become expensive or time-sensitive. Research on attacks such as mass forced closures and HTLC congestion has highlighted that this is not merely a theoretical concern.

So payment channels do not repeal blockchain scarcity. They use the chain less often, which is exactly why they scale, but they still depend on the chain being available when enforcement matters most.

When do payment channels break down or become impractical?

Payment channels work best when there is repeated payment flow, enough locked liquidity, and enough reliability that disputes are unusual. They become less attractive when those conditions weaken.

If parties interact only once, opening and closing a channel may cost more complexity than it saves. If payment direction is highly one-sided, one side may run out of spendable balance and need rebalancing. If routes are long and liquidity is fragmented, finding a path can fail even when sufficient capacity exists somewhere in the network. And if too many unresolved HTLCs accumulate, channels can be jammed, reducing availability for honest users.

There are also privacy limits. Channel capacity is often publicly visible for routed channels, while exact directional balances are meant to remain private. In practice, probing attacks have shown that balance privacy is imperfect. This is a reminder that “off-chain” and “private” are related but not identical claims.

None of this means channels do not work. It means they are a specific engineering trade: excellent for some payment patterns, awkward for others, and always dependent on assumptions about liquidity, monitoring, and the base chain.

How payment channels relate to Lightning and state channels

A payment channel is the bilateral primitive. The Lightning Network is the routed network built from many such channels plus the messaging, routing, and transaction rules needed to operate them. So Lightning depends on payment channels in the same way the internet depends on links between individual machines: the network is the larger system, but the link is the basic unit.

Payment channels are also a specialized case of state channels. A state channel moves some application state off-chain while preserving on-chain enforcement as a fallback. Payment channels are the simplest and most commercially important form because the state being updated is just “who owns how much.” That narrow state makes the contracts easier to reason about than more general off-chain computation.

This is also why payment channels appear beyond Bitcoin in concept. The pattern (lock collateral on-chain, exchange off-chain state updates, use the chain as final arbiter) is not Bitcoin-specific. What is Bitcoin-specific is the exact transaction and script design used by Lightning-style channels.

What is eltoo and how does it differ from Lightning’s revocation model?

The current Lightning design uses punishment: publish an old state and you can lose everything in that commitment. An important proposed alternative is eltoo, which replaces penalty-based invalidation with update-order enforcement using state numbers and a different signature model.

The underlying idea is that later states should directly supersede earlier ones on-chain, rather than making earlier ones publishable-but-punishable. That would remove the “toxic” old-state secrets and simplify watchtower behavior because the watchtower would only need to publish the latest state, not a penalty transaction. It would also reduce the severity of accidental old-state publication.

But eltoo requires base-layer support not currently available in deployed Bitcoin in the way the proposal expects, specifically a SIGHASH_NOINPUT-style capability, often discussed in evolved form as ANYPREVOUT. So it is best understood as evidence that the current channel design is a contingent engineering solution, not the only imaginable one.

That distinction matters. The fundamental goal of payment channels is off-chain state update with on-chain enforceability. The punishment model is one way to achieve it, not the essence of the concept.

Conclusion

Payment channels let two parties lock funds on-chain, update balances off-chain many times, and fall back to the blockchain only for settlement or dispute resolution. Their key insight is that the blockchain does not need to record every intermediate payment if it can still enforce the latest valid outcome.

Everything else follows from that requirement. Commitment transactions provide enforceable exit paths. Revocation and timelocks make old states unsafe to publish. HTLCs let channels compose into routed networks such as Lightning.

And the tradeoffs come directly from using the blockchain as a court rather than a chat log.

locked liquidity
monitoring requirements
stress during congestion

The short version to remember tomorrow is this: a payment channel is a blockchain-backed relationship that settles rarely but updates often. That is why it scales, and that is also where its assumptions live.

How do I get practical exposure to Bitcoin payment channels?

Acquire BTC on Cube to get direct exposure to the asset that payment channels route. If you want to experiment with channels, buy BTC on Cube and use Cube’s on‑chain transfer flow to fund a Lightning‑enabled wallet to open or receive channel payments. This keeps the purchase and transfer steps in one straightforward workflow on Cube.

Fund your Cube account with fiat via the on‑ramp or deposit a supported crypto.
Open the BTC/USD or BTC/USDC market on Cube and place a limit order for price control or a market order for immediate execution.
Use Cube’s BTC transfer flow to withdraw BTC on‑chain to a Lightning‑enabled wallet; wait for ~3 confirmations before opening a channel.
In your Lightning wallet, open a channel with a chosen node or receive a Lightning invoice to test routed payments, and watch on‑chain fees when the channel opens.

Frequently Asked Questions

Why do payment channels require monitoring or watchtowers?: Because punishment requires a timely on‑chain response: if a counterparty publishes an old (revoked) commitment, the honest party has a limited CSV/CLTV delay window in which to submit the revocation remedy and sweep the funds; if they miss that window they can lose funds. Users can watch themselves or outsource monitoring to a watchtower that stores encrypted breach‑remedy data and broadcasts penalty transactions on their behalf, but watchtowers and chosen timelocks are mitigations, not eliminations, of the timing requirement.
How does the revocation/penalty mechanism stop someone from publishing an old channel state?: Lightning‑style channels use a revocation/penalty design: each commitment gives a delayed local output protected by a relative timelock, and when a state is revoked the counterparty reveals a secret that allows them to claim that delayed output immediately if the revoked state is published, making publishing old states economically irrational.
What is an HTLC and how does it enable safe routed payments across channels?: An HTLC conditions each hop’s claim on knowing a preimage R whose hash H is advertised; the final recipient reveals R to claim the incoming HTLC, intermediaries learn R and use it to claim their incoming HTLCs, and staggered timeouts ensure intermediaries have time to respond or reclaim funds if the payment fails, so either the payment completes end‑to‑end or rolls back.
What are the main trade‑offs of using payment channels instead of on‑chain payments?: Channels trade blockchain throughput for locked liquidity, operational complexity, and reliance on timely responsiveness: funds are committed to channel capacity (which can be directionally constrained), participants or watchers must be reachable to react to disputes, and disputes or mass closures still need block space and can become expensive during congestion.
How can payment channels be attacked or congested in practice?: Researchers have demonstrated practical attacks like HTLC‑congestion and probing/congestion routing that can jam channels or discover balances, and mass or targeted forced closures can stress the blockchain fee market; mitigations exist but defaults and operational choices across implementations materially affect risk and cost.
Which Bitcoin protocol features are required for current payment‑channel designs and why?: Channels depend on specific Bitcoin features: stable transaction identifiers (SegWit) to avoid malleability, CLTV and especially CSV/BIP68 relative timelocks so dispute windows start at publication, and proposed eltoo optimizations require sighash modes like SIGHASH_NOINPUT/ANYPREVOUT which are not currently widely available.
What is eltoo and why hasn’t it replaced Lightning’s current revocation model yet?: Eltoo is an alternative update model that lets later states supersede earlier ones on‑chain (avoiding poison‑penalty secrets and simplifying watcher logic), but it relies on a sighash mode such as SIGHASH_NOINPUT/ANYPREVOUT that the deployed Bitcoin base layer does not yet provide in the form eltoo assumes, so it remains a prospective improvement rather than a deployed replacement.
What kinds of transactions actually get published on‑chain for channel operation and disputes?: Not just open and close: in cooperative cases the chain sees a funding tx and a mutual close, but the protocol must also handle unilateral closes, HTLC‑success and HTLC‑timeout transactions, and penalty transactions when parties misbehave — the invariant is that normal updates stay off‑chain but a supply of on‑chain exit paths exists for settlement or dispute.
How do timelock choices (relative vs absolute and length) affect channel security and usability?: Relative timelocks (CSV/BIP68) start the dispute window when a commitment confirms, which makes the response window predictable and avoids periodic refreshes that absolute deadlines (CLTV) would force; however, longer timelocks increase fund lockup and shorter timelocks raise the risk that an offline party cannot respond in time, so conservative parameter choice is required.
When is it better to make an ordinary on‑chain Bitcoin payment rather than open a channel?: If two parties only transact once or very rarely, the overhead of opening and closing a channel (on‑chain fees, complexity, and required monitoring) can exceed the cost‑and‑latency benefits of off‑chain updates, making a single on‑chain payment preferable in such cases.