watchtower: convert JusticeKit to interface

In this commit, we convert the `JusticeKit` struct to an interface. Then, we add two implementations of that interface: 1) The `legacyJusticeKit` which implements all the methods of `JusticeKit` 2) The `anchorJusticKit` which wraps the `legacyJusticeKit` and just re-implements the `ToRemoteOutputSpendInfo` method since.
2025-06-27 17:21:09 +02:00 · 2023-08-23 10:51:57 +02:00 · 2023-08-23 10:51:57 +02:00 · 154e9fafec
commit 154e9fafec
parent 048dc54110
14 changed files with 666 additions and 520 deletions
--- a/watchtower/blob/commitments.go
+++ b/watchtower/blob/commitments.go
@ -172,3 +172,42 @@ func (c CommitmentType) ParseRawSig(witness wire.TxWitness) (lnwire.Sig,
 			c)
 	}
 }
 // NewJusticeKit can be used to construct a new JusticeKit depending on the
 // CommitmentType.
 func (c CommitmentType) NewJusticeKit(sweepScript []byte,
 	breachInfo *lnwallet.BreachRetribution, withToRemote bool) (JusticeKit,
 	error) {
 	switch c {
 	case LegacyCommitment, LegacyTweaklessCommitment:
 		return newLegacyJusticeKit(
 			sweepScript, breachInfo, withToRemote,
 		), nil
 	case AnchorCommitment:
 		return newAnchorJusticeKit(
 			sweepScript, breachInfo, withToRemote,
 		), nil
 	default:
 		return nil, fmt.Errorf("unknown commitment type: %v", c)
 	}
 }
 // EmptyJusticeKit returns the appropriate empty justice kit for the given
 // CommitmentType.
 func (c CommitmentType) EmptyJusticeKit() (JusticeKit, error) {
 	switch c {
 	case LegacyTweaklessCommitment, LegacyCommitment:
 		return &legacyJusticeKit{}, nil
 	case AnchorCommitment:
 		return &anchorJusticeKit{
 			legacyJusticeKit: legacyJusticeKit{},
 		}, nil
 	default:
 		return nil, fmt.Errorf("unknown commitment type: %v", c)
 	}
 }
--- a/watchtower/blob/justice_kit.go
+++ b/watchtower/blob/justice_kit.go
@ -1,153 +1,288 @@
 package blob
 import (
 	"io"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightningnetwork/lnd/input"
 	"github.com/lightningnetwork/lnd/lnwallet"
 	"github.com/lightningnetwork/lnd/lnwire"
 )
-// JusticeKit is lé Blob of Justice. The JusticeKit contains information
+// JusticeKit is an interface that describes lé Blob of Justice. An
-// required to construct a justice transaction, that sweeps a remote party's
+// implementation of the JusticeKit contains information required to construct
-// revoked commitment transaction. It supports encryption and decryption using
+// a justice transaction, that sweeps a remote party's revoked commitment
-// chacha20poly1305, allowing the client to encrypt the contents of the blob,
+// transaction. It supports encryption and decryption using chacha20poly1305,
-// and for a watchtower to later decrypt if action must be taken. The encoding
+// allowing the client to encrypt the contents of the blob, and for a
-// format is versioned to allow future extensions.
+// watchtower to later decrypt if action must be taken.
-type JusticeKit struct {
+type JusticeKit interface {
-	// BlobType encodes a bitfield that inform the tower of various features
+	// ToLocalOutputSpendInfo returns the info required to send the to-local
-	// requested by the client when resolving a breach. Examples include
+	// output. It returns the output pub key script and the witness required
-	// whether the justice transaction contains a reward for the tower, or
+	// to spend the output.
-	// whether the channel is a legacy or anchor channel.
+	ToLocalOutputSpendInfo() (*txscript.PkScript, wire.TxWitness, error)
 	//
 	// NOTE: This value is not serialized in the encrypted payload. It is
 	// stored separately and added to the JusticeKit after decryption.
 	BlobType Type
-	// SweepAddress is the witness program of the output where the client's
+	// ToRemoteOutputSpendInfo returns the info required to send the
-	// fund will be deposited. This value is included in the blobs, as
+	// to-remote output. It returns the output pub key script, the witness
-	// opposed to the session info, such that the sweep addresses can't be
+	// required to spend the output and the sequence to apply.
-	// correlated across sessions and/or towers.
+	ToRemoteOutputSpendInfo() (*txscript.PkScript, wire.TxWitness, uint32,
-	//
+		error)
 	// NOTE: This is chosen to be the length of a maximally sized witness
 	// program.
 	SweepAddress []byte
-	// RevocationPubKey is the compressed pubkey that guards the revocation
+	// HasCommitToRemoteOutput returns true if the kit does include the
-	// clause of the remote party's to-local output.
+	// information required to sweep the to-remote output.
-	RevocationPubKey PubKey
+	HasCommitToRemoteOutput() bool
-	// LocalDelayPubKey is the compressed pubkey in the to-local script of
+	// AddToLocalSig adds the to-local signature to the kit.
-	// the remote party, which guards the path where the remote party
+	AddToLocalSig(sig lnwire.Sig)
 	// claims their commitment output.
 	LocalDelayPubKey PubKey
-	// CSVDelay is the relative timelock in the remote party's to-local
+	// AddToRemoteSig adds the to-remote signature to the kit.
-	// output, which the remote party must wait out before sweeping their
+	AddToRemoteSig(sig lnwire.Sig)
 	// commitment output.
 	CSVDelay uint32
-	// CommitToLocalSig is a signature under RevocationPubKey using
+	// SweepAddress returns the sweep address to be used on the justice tx
-	// SIGHASH_ALL.
+	// output.
-	CommitToLocalSig lnwire.Sig
+	SweepAddress() []byte
-	// CommitToRemotePubKey is the public key in the to-remote output of the
+	// PlainTextSize is the size of the encoded-but-unencrypted blob in
-	// revoked commitment transaction.
+	// bytes.
-	//
+	PlainTextSize() int
 	// NOTE: This value is only used if it contains a valid compressed
 	// public key.
 	CommitToRemotePubKey PubKey
-	// CommitToRemoteSig is a signature under CommitToRemotePubKey using
+	encode(w io.Writer) error
-	// SIGHASH_ALL.
+	decode(r io.Reader) error
 	//
 	// NOTE: This value is only used if CommitToRemotePubKey contains a
 	// valid compressed public key.
 	CommitToRemoteSig lnwire.Sig
 }
-// CommitToLocalWitnessScript returns the serialized witness script for the
+// legacyJusticeKit is an implementation of the JusticeKit interface which can
-// commitment to-local output.
+// be used for backing up commitments of legacy (pre-anchor) channels.
-func (b *JusticeKit) CommitToLocalWitnessScript() ([]byte, error) {
+type legacyJusticeKit struct {
-	revocationPubKey, err := btcec.ParsePubKey(
+	justiceKitPacketV0
 		b.RevocationPubKey[:],
 	)
 	if err != nil {
 		return nil, err
 	}
 	localDelayedPubKey, err := btcec.ParsePubKey(
 		b.LocalDelayPubKey[:],
 	)
 	if err != nil {
 		return nil, err
 	}
 	return input.CommitScriptToSelf(
 		b.CSVDelay, localDelayedPubKey, revocationPubKey,
 	)
 }
-// CommitToLocalRevokeWitnessStack constructs a witness stack spending the
+// A compile-time check to ensure that legacyJusticeKit implements the
-// revocation clause of the commitment to-local output.
+// JusticeKit interface.
 var _ JusticeKit = (*legacyJusticeKit)(nil)
 // newLegacyJusticeKit constructs a new legacyJusticeKit.
 func newLegacyJusticeKit(sweepScript []byte,
 	breachInfo *lnwallet.BreachRetribution,
 	withToRemote bool) *legacyJusticeKit {
 	keyRing := breachInfo.KeyRing
 	packet := justiceKitPacketV0{
 		sweepAddress:         sweepScript,
 		revocationPubKey:     toBlobPubKey(keyRing.RevocationKey),
 		localDelayPubKey:     toBlobPubKey(keyRing.ToLocalKey),
 		csvDelay:             breachInfo.RemoteDelay,
 		commitToRemotePubKey: pubKey{},
 	}
 	if withToRemote {
 		packet.commitToRemotePubKey = toBlobPubKey(
 			keyRing.ToRemoteKey,
 		)
 	}
 	return &legacyJusticeKit{packet}
 }
 // ToLocalOutputSpendInfo returns the info required to send the to-local output.
 // It returns the output pub key script and the witness required to spend the
 // output.
 //
-//	<revocation-sig> 1
+// NOTE: This is part of the JusticeKit interface.
-func (b *JusticeKit) CommitToLocalRevokeWitnessStack() ([][]byte, error) {
+func (l *legacyJusticeKit) ToLocalOutputSpendInfo() (*txscript.PkScript,
-	toLocalSig, err := b.CommitToLocalSig.ToSignature()
+	wire.TxWitness, error) {
 	revocationPubKey, err := btcec.ParsePubKey(l.revocationPubKey[:])
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	witnessStack := make([][]byte, 2)
+	localDelayedPubKey, err := btcec.ParsePubKey(l.localDelayPubKey[:])
-	witnessStack[0] = append(toLocalSig.Serialize(),
+	if err != nil {
-		byte(txscript.SigHashAll))
+		return nil, nil, err
-	witnessStack[1] = []byte{1}
+	}
-	return witnessStack, nil
+	script, err := input.CommitScriptToSelf(
 		l.csvDelay, localDelayedPubKey, revocationPubKey,
 	)
 	if err != nil {
 		return nil, nil, err
 	}
 	scriptPubKey, err := input.WitnessScriptHash(script)
 	if err != nil {
 		return nil, nil, err
 	}
 	toLocalSig, err := l.commitToLocalSig.ToSignature()
 	if err != nil {
 		return nil, nil, err
 	}
 	witness := make(wire.TxWitness, 3)
 	witness[0] = append(toLocalSig.Serialize(), byte(txscript.SigHashAll))
 	witness[1] = []byte{1}
 	witness[2] = script
 	pkScript, err := txscript.ParsePkScript(scriptPubKey)
 	if err != nil {
 		return nil, nil, err
 	}
 	return &pkScript, witness, nil
 }
 // ToRemoteOutputSpendInfo returns the info required to spend the to-remote
 // output. It returns the output pub key script, the witness required to spend
 // the output and the sequence to apply.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (l *legacyJusticeKit) ToRemoteOutputSpendInfo() (*txscript.PkScript,
 	wire.TxWitness, uint32, error) {
 	if !btcec.IsCompressedPubKey(l.commitToRemotePubKey[:]) {
 		return nil, nil, 0, ErrNoCommitToRemoteOutput
 	}
 	toRemoteScript := l.commitToRemotePubKey[:]
 	// Since the to-remote witness script should just be a regular p2wkh
 	// output, we'll parse it to retrieve the public key.
 	toRemotePubKey, err := btcec.ParsePubKey(toRemoteScript)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	// Compute the witness script hash from the to-remote pubkey, which will
 	// be used to locate the output on the breach commitment transaction.
 	toRemoteScriptHash, err := input.CommitScriptUnencumbered(
 		toRemotePubKey,
 	)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	toRemoteSig, err := l.commitToRemoteSig.ToSignature()
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	witness := make(wire.TxWitness, 2)
 	witness[0] = append(toRemoteSig.Serialize(), byte(txscript.SigHashAll))
 	witness[1] = toRemoteScript
 	pkScript, err := txscript.ParsePkScript(toRemoteScriptHash)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	return &pkScript, witness, 0, nil
 }
 // HasCommitToRemoteOutput returns true if the blob contains a to-remote p2wkh
 // pubkey.
 func (b *JusticeKit) HasCommitToRemoteOutput() bool {
 	return btcec.IsCompressedPubKey(b.CommitToRemotePubKey[:])
 }
 // CommitToRemoteWitnessScript returns the witness script for the commitment
 // to-remote output given the blob type. The script returned will either be for
 // a p2wpkh to-remote output or an p2wsh anchor to-remote output which includes
 // a CSV delay.
 func (b *JusticeKit) CommitToRemoteWitnessScript() ([]byte, error) {
 	if !btcec.IsCompressedPubKey(b.CommitToRemotePubKey[:]) {
 		return nil, ErrNoCommitToRemoteOutput
 	}
 	// If this is a blob for an anchor channel, we'll return the p2wsh
 	// output containing a CSV delay of 1.
 	if b.BlobType.IsAnchorChannel() {
 		pk, err := btcec.ParsePubKey(b.CommitToRemotePubKey[:])
 		if err != nil {
 			return nil, err
 		}
 		return input.CommitScriptToRemoteConfirmed(pk)
 	}
 	return b.CommitToRemotePubKey[:], nil
 }
 // CommitToRemoteWitnessStack returns a witness stack spending the commitment
 // to-remote output, which consists of a single signature satisfying either the
 // legacy or anchor witness scripts.
 //
-//	<to-remote-sig>
+// NOTE: This is part of the JusticeKit interface.
-func (b *JusticeKit) CommitToRemoteWitnessStack() ([][]byte, error) {
+func (l *legacyJusticeKit) HasCommitToRemoteOutput() bool {
-	toRemoteSig, err := b.CommitToRemoteSig.ToSignature()
+	return btcec.IsCompressedPubKey(l.commitToRemotePubKey[:])
-	if err != nil {
+}
-		return nil, err
+
 // SweepAddress returns the sweep address to be used on the justice tx
 // output.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (l *legacyJusticeKit) SweepAddress() []byte {
 	return l.sweepAddress
 }
 // AddToLocalSig adds the to-local signature to the kit.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (l *legacyJusticeKit) AddToLocalSig(sig lnwire.Sig) {
 	l.commitToLocalSig = sig
 }
 // AddToRemoteSig adds the to-remote signature to the kit.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (l *legacyJusticeKit) AddToRemoteSig(sig lnwire.Sig) {
 	l.commitToRemoteSig = sig
 }
 // PlainTextSize is the size of the encoded-but-unencrypted blob in
 // bytes.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (l *legacyJusticeKit) PlainTextSize() int {
 	return V0PlaintextSize
 }
 // anchorJusticeKit is an implementation of the JusticeKit interface which can
 // be used for backing up commitments of anchor channels. It inherits most of
 // the methods from the legacyJusticeKit and overrides the
 // ToRemoteOutputSpendInfo method since the to-remote output of an anchor
 // output is a P2WSH instead of the P2WPKH used by the legacy channels.
 type anchorJusticeKit struct {
 	legacyJusticeKit
 }
 // A compile-time check to ensure that legacyJusticeKit implements the
 // JusticeKit interface.
 var _ JusticeKit = (*anchorJusticeKit)(nil)
 // newAnchorJusticeKit constructs a new anchorJusticeKit.
 func newAnchorJusticeKit(sweepScript []byte,
 	breachInfo *lnwallet.BreachRetribution,
 	withToRemote bool) *anchorJusticeKit {
 	legacyKit := newLegacyJusticeKit(sweepScript, breachInfo, withToRemote)
 	return &anchorJusticeKit{
 		legacyJusticeKit: *legacyKit,
 	}
 }
 // ToRemoteOutputSpendInfo returns the info required to send the to-remote
 // output. It returns the output pub key script, the witness required to spend
 // the output and the sequence to apply.
 //
 // NOTE: This is part of the JusticeKit interface.
 func (a *anchorJusticeKit) ToRemoteOutputSpendInfo() (*txscript.PkScript,
 	wire.TxWitness, uint32, error) {
 	if !btcec.IsCompressedPubKey(a.commitToRemotePubKey[:]) {
 		return nil, nil, 0, ErrNoCommitToRemoteOutput
 	}
-	witnessStack := make([][]byte, 1)
+	pk, err := btcec.ParsePubKey(a.commitToRemotePubKey[:])
-	witnessStack[0] = append(toRemoteSig.Serialize(),
+	if err != nil {
-		byte(txscript.SigHashAll))
+		return nil, nil, 0, err
 	}
-	return witnessStack, nil
+	toRemoteScript, err := input.CommitScriptToRemoteConfirmed(pk)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	toRemoteScriptHash, err := input.WitnessScriptHash(toRemoteScript)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	toRemoteSig, err := a.commitToRemoteSig.ToSignature()
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	witness := make([][]byte, 2)
 	witness[0] = append(toRemoteSig.Serialize(), byte(txscript.SigHashAll))
 	witness[1] = toRemoteScript
 	pkScript, err := txscript.ParsePkScript(toRemoteScriptHash)
 	if err != nil {
 		return nil, nil, 0, err
 	}
 	return &pkScript, witness, 1, nil
 }
--- a/watchtower/blob/justice_kit_packet.go
+++ b/watchtower/blob/justice_kit_packet.go
@ -74,22 +74,68 @@ var (
 //	nonce:                24 bytes
 //	enciphered plaintext:  n bytes
 //	MAC:                  16 bytes
-func Size(blobType Type) int {
+func Size(kit JusticeKit) int {
-	return NonceSize + PlaintextSize(blobType) + CiphertextExpansion
+	return NonceSize + kit.PlainTextSize() + CiphertextExpansion
 }
-// PlaintextSize returns the size of the encoded-but-unencrypted blob in bytes.
+// pubKey is a 33-byte, serialized compressed public key.
-func PlaintextSize(blobType Type) int {
+type pubKey [33]byte
-	switch {
+
-	case blobType.Has(FlagCommitOutputs):
+// toBlobPubKey serializes the given public key into a pubKey that can be set
-		return V0PlaintextSize
+// as a field on a JusticeKit.
-	default:
+func toBlobPubKey(pk *btcec.PublicKey) pubKey {
-		return 0
+	var blobPubKey pubKey
-	}
+	copy(blobPubKey[:], pk.SerializeCompressed())
 	return blobPubKey
 }
-// PubKey is a 33-byte, serialized compressed public key.
+// justiceKitPacketV0 is lé Blob of Justice. The JusticeKit contains information
-type PubKey [33]byte
+// required to construct a justice transaction, that sweeps a remote party's
 // revoked commitment transaction. It supports encryption and decryption using
 // chacha20poly1305, allowing the client to encrypt the contents of the blob,
 // and for a watchtower to later decrypt if action must be taken.
 type justiceKitPacketV0 struct {
 	// sweepAddress is the witness program of the output where the client's
 	// fund will be deposited. This value is included in the blobs, as
 	// opposed to the session info, such that the sweep addresses can't be
 	// correlated across sessions and/or towers.
 	//
 	// NOTE: This is chosen to be the length of a maximally sized witness
 	// program.
 	sweepAddress []byte
 	// revocationPubKey is the compressed pubkey that guards the revocation
 	// clause of the remote party's to-local output.
 	revocationPubKey pubKey
 	// localDelayPubKey is the compressed pubkey in the to-local script of
 	// the remote party, which guards the path where the remote party
 	// claims their commitment output.
 	localDelayPubKey pubKey
 	// csvDelay is the relative timelock in the remote party's to-local
 	// output, which the remote party must wait out before sweeping their
 	// commitment output.
 	csvDelay uint32
 	// commitToLocalSig is a signature under RevocationPubKey using
 	// SIGHASH_ALL.
 	commitToLocalSig lnwire.Sig
 	// commitToRemotePubKey is the public key in the to-remote output of the
 	// revoked commitment transaction.
 	//
 	// NOTE: This value is only used if it contains a valid compressed
 	// public key.
 	commitToRemotePubKey pubKey
 	// commitToRemoteSig is a signature under CommitToRemotePubKey using
 	// SIGHASH_ALL.
 	//
 	// NOTE: This value is only used if CommitToRemotePubKey contains a
 	// valid compressed public key.
 	commitToRemoteSig lnwire.Sig
 }
 // Encrypt encodes the blob of justice using encoding version, and then
 // creates a ciphertext using chacha20poly1305 under the chosen (nonce, key)
@ -97,11 +143,11 @@ type PubKey [33]byte
 //
 // NOTE: It is the caller's responsibility to ensure that this method is only
 // called once for a given (nonce, key) pair.
-func (b *JusticeKit) Encrypt(key BreachKey) ([]byte, error) {
+func Encrypt(kit JusticeKit, key BreachKey) ([]byte, error) {
 	// Encode the plaintext using the provided version, to obtain the
 	// plaintext bytes.
 	var ptxtBuf bytes.Buffer
-	err := b.encode(&ptxtBuf, b.BlobType)
+	err := kit.encode(&ptxtBuf)
 	if err != nil {
 		return nil, err
 	}
@ -115,7 +161,7 @@ func (b *JusticeKit) Encrypt(key BreachKey) ([]byte, error) {
 	// Allocate the ciphertext, which will contain the nonce, encrypted
 	// plaintext and MAC.
 	plaintext := ptxtBuf.Bytes()
-	ciphertext := make([]byte, Size(b.BlobType))
+	ciphertext := make([]byte, Size(kit))
 	// Generate a random  24-byte nonce in the ciphertext's prefix.
 	nonce := ciphertext[:NonceSize]
@ -134,7 +180,7 @@ func (b *JusticeKit) Encrypt(key BreachKey) ([]byte, error) {
 // chacha20poly1305 with the chosen (nonce, key) pair. The internal plaintext is
 // then deserialized using the given encoding version.
 func Decrypt(key BreachKey, ciphertext []byte,
-	blobType Type) (*JusticeKit, error) {
+	blobType Type) (JusticeKit, error) {
 	// Fail if the blob's overall length is less than required for the nonce
 	// and expansion factor.
@ -161,42 +207,27 @@ func Decrypt(key BreachKey, ciphertext []byte,
 		return nil, err
 	}
-	// If decryption succeeded, we will then decode the plaintext bytes
+	commitment, err := blobType.CommitmentType(nil)
 	// using the specified blob version.
 	boj := &JusticeKit{
 		BlobType: blobType,
 	}
 	err = boj.decode(bytes.NewReader(plaintext), blobType)
 	if err != nil {
 		return nil, err
 	}
-	return boj, nil
+	kit, err := commitment.EmptyJusticeKit()
-}
+	if err != nil {
-
+		return nil, err
 // encode serializes the JusticeKit according to the version, returning an
 // error if the version is unknown.
 func (b *JusticeKit) encode(w io.Writer, blobType Type) error {
 	switch {
 	case blobType.Has(FlagCommitOutputs):
 		return b.encodeV0(w)
 	default:
 		return ErrUnknownBlobType
 	}
 }
-// decode deserializes the JusticeKit according to the version, returning an
+	// If decryption succeeded, we will then decode the plaintext bytes
-// error if the version is unknown.
+	// using the specified blob version.
-func (b *JusticeKit) decode(r io.Reader, blobType Type) error {
+	err = kit.decode(bytes.NewReader(plaintext))
-	switch {
+	if err != nil {
-	case blobType.Has(FlagCommitOutputs):
+		return nil, err
 		return b.decodeV0(r)
 	default:
 		return ErrUnknownBlobType
 	}
 	return kit, nil
 }
-// encodeV0 encodes the JusticeKit using the version 0 encoding scheme to the
+// encode encodes the JusticeKit using the version 0 encoding scheme to the
 // provided io.Writer. The encoding supports sweeping of the commit to-local
 // output, and  optionally the  commit to-remote output. The encoding produces a
 // constant-size plaintext size of 274 bytes.
@ -211,21 +242,21 @@ func (b *JusticeKit) decode(r io.Reader, blobType Type) error {
 //	commit to-local revocation sig: 64 bytes
 //	commit to-remote pubkey:        33 bytes, maybe blank
 //	commit to-remote sig:           64 bytes, maybe blank
-func (b *JusticeKit) encodeV0(w io.Writer) error {
+func (b *justiceKitPacketV0) encode(w io.Writer) error {
 	// Assert the sweep address length is sane.
-	if len(b.SweepAddress) > MaxSweepAddrSize {
+	if len(b.sweepAddress) > MaxSweepAddrSize {
 		return ErrSweepAddressToLong
 	}
 	// Write the actual length of the sweep address as a single byte.
-	err := binary.Write(w, byteOrder, uint8(len(b.SweepAddress)))
+	err := binary.Write(w, byteOrder, uint8(len(b.sweepAddress)))
 	if err != nil {
 		return err
 	}
 	// Pad the sweep address to our maximum length of 42 bytes.
 	var sweepAddressBuf [MaxSweepAddrSize]byte
-	copy(sweepAddressBuf[:], b.SweepAddress)
+	copy(sweepAddressBuf[:], b.sweepAddress)
 	// Write padded 42-byte sweep address.
 	_, err = w.Write(sweepAddressBuf[:])
@ -234,42 +265,42 @@ func (b *JusticeKit) encodeV0(w io.Writer) error {
 	}
 	// Write 33-byte revocation public key.
-	_, err = w.Write(b.RevocationPubKey[:])
+	_, err = w.Write(b.revocationPubKey[:])
 	if err != nil {
 		return err
 	}
 	// Write 33-byte local delay public key.
-	_, err = w.Write(b.LocalDelayPubKey[:])
+	_, err = w.Write(b.localDelayPubKey[:])
 	if err != nil {
 		return err
 	}
 	// Write 4-byte CSV delay.
-	err = binary.Write(w, byteOrder, b.CSVDelay)
+	err = binary.Write(w, byteOrder, b.csvDelay)
 	if err != nil {
 		return err
 	}
 	// Write 64-byte revocation signature for commit to-local output.
-	_, err = w.Write(b.CommitToLocalSig.RawBytes())
+	_, err = w.Write(b.commitToLocalSig.RawBytes())
 	if err != nil {
 		return err
 	}
 	// Write 33-byte commit to-remote public key, which may be blank.
-	_, err = w.Write(b.CommitToRemotePubKey[:])
+	_, err = w.Write(b.commitToRemotePubKey[:])
 	if err != nil {
 		return err
 	}
 	// Write 64-byte commit to-remote signature, which may be blank.
-	_, err = w.Write(b.CommitToRemoteSig.RawBytes())
+	_, err = w.Write(b.commitToRemoteSig.RawBytes())
 	return err
 }
-// decodeV0 reconstructs a JusticeKit from the io.Reader, using version 0
+// decode reconstructs a JusticeKit from the io.Reader, using version 0
 // encoding scheme. This will parse a constant size input stream of 274 bytes to
 // recover information for the commit to-local output, and possibly the commit
 // to-remote output.
@ -284,7 +315,7 @@ func (b *JusticeKit) encodeV0(w io.Writer) error {
 //	commit to-local revocation sig: 64 bytes
 //	commit to-remote pubkey:        33 bytes, maybe blank
 //	commit to-remote sig:           64 bytes, maybe blank
-func (b *JusticeKit) decodeV0(r io.Reader) error {
+func (b *justiceKitPacketV0) decode(r io.Reader) error {
 	// Read the sweep address length as a single byte.
 	var sweepAddrLen uint8
 	err := binary.Read(r, byteOrder, &sweepAddrLen)
@ -305,23 +336,23 @@ func (b *JusticeKit) decodeV0(r io.Reader) error {
 	}
 	// Parse sweep address from padded buffer.
-	b.SweepAddress = make([]byte, sweepAddrLen)
+	b.sweepAddress = make([]byte, sweepAddrLen)
-	copy(b.SweepAddress, sweepAddressBuf[:])
+	copy(b.sweepAddress, sweepAddressBuf[:])
 	// Read 33-byte revocation public key.
-	_, err = io.ReadFull(r, b.RevocationPubKey[:])
+	_, err = io.ReadFull(r, b.revocationPubKey[:])
 	if err != nil {
 		return err
 	}
 	// Read 33-byte local delay public key.
-	_, err = io.ReadFull(r, b.LocalDelayPubKey[:])
+	_, err = io.ReadFull(r, b.localDelayPubKey[:])
 	if err != nil {
 		return err
 	}
 	// Read 4-byte CSV delay.
-	err = binary.Read(r, byteOrder, &b.CSVDelay)
+	err = binary.Read(r, byteOrder, &b.csvDelay)
 	if err != nil {
 		return err
 	}
@ -333,13 +364,13 @@ func (b *JusticeKit) decodeV0(r io.Reader) error {
 		return err
 	}
-	b.CommitToLocalSig, err = lnwire.NewSigFromWireECDSA(localSig[:])
+	b.commitToLocalSig, err = lnwire.NewSigFromWireECDSA(localSig[:])
 	if err != nil {
 		return err
 	}
 	var (
-		commitToRemotePubkey PubKey
+		commitToRemotePubkey pubKey
 		commitToRemoteSig    [64]byte
 	)
@ -358,8 +389,8 @@ func (b *JusticeKit) decodeV0(r io.Reader) error {
 	// Only populate the commit to-remote fields in the decoded blob if a
 	// valid compressed public key was read from the reader.
 	if btcec.IsCompressedPubKey(commitToRemotePubkey[:]) {
-		b.CommitToRemotePubKey = commitToRemotePubkey
+		b.commitToRemotePubKey = commitToRemotePubkey
-		b.CommitToRemoteSig, err = lnwire.NewSigFromWireECDSA(
+		b.commitToRemoteSig, err = lnwire.NewSigFromWireECDSA(
 			commitToRemoteSig[:],
 		)
 		if err != nil {
--- a/watchtower/blob/justice_kit_test.go
+++ b/watchtower/blob/justice_kit_test.go
@ -1,30 +1,25 @@
-package blob_test
+package blob
 import (
 	"bytes"
 	"crypto/rand"
 	"encoding/binary"
 	"io"
 	"reflect"
 	"testing"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightningnetwork/lnd/input"
 	"github.com/lightningnetwork/lnd/lnwallet"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/watchtower/blob"
 	"github.com/stretchr/testify/require"
 )
-func makePubKey(i uint64) blob.PubKey {
+func makePubKey() *btcec.PublicKey {
-	var pk blob.PubKey
+	priv, _ := btcec.NewPrivateKey()
-	pk[0] = 0x02
+	return priv.PubKey()
 	if i%2 == 1 {
 		pk[0] |= 0x01
 	}
 	binary.BigEndian.PutUint64(pk[1:9], i)
 	return pk
 }
 func makeSig(i int) lnwire.Sig {
@ -46,15 +41,15 @@ func makeAddr(size int) []byte {
 type descriptorTest struct {
 	name                 string
-	encVersion           blob.Type
+	encVersion           Type
-	decVersion           blob.Type
+	decVersion           Type
 	sweepAddr            []byte
-	revPubKey            blob.PubKey
+	revPubKey            *btcec.PublicKey
-	delayPubKey          blob.PubKey
+	delayPubKey          *btcec.PublicKey
 	csvDelay             uint32
 	commitToLocalSig     lnwire.Sig
 	hasCommitToRemote    bool
-	commitToRemotePubKey blob.PubKey
+	commitToRemotePubKey *btcec.PublicKey
 	commitToRemoteSig    lnwire.Sig
 	encErr               error
 	decErr               error
@ -63,79 +58,79 @@ type descriptorTest struct {
 var descriptorTests = []descriptorTest{
 	{
 		name:             "to-local only",
-		encVersion:       blob.TypeAltruistCommit,
+		encVersion:       TypeAltruistCommit,
-		decVersion:       blob.TypeAltruistCommit,
+		decVersion:       TypeAltruistCommit,
 		sweepAddr:        makeAddr(22),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
 	},
 	{
 		name:                 "to-local and p2wkh",
-		encVersion:           blob.TypeRewardCommit,
+		encVersion:           TypeRewardCommit,
-		decVersion:           blob.TypeRewardCommit,
+		decVersion:           TypeRewardCommit,
 		sweepAddr:            makeAddr(22),
-		revPubKey:            makePubKey(0),
+		revPubKey:            makePubKey(),
-		delayPubKey:          makePubKey(1),
+		delayPubKey:          makePubKey(),
 		csvDelay:             144,
 		commitToLocalSig:     makeSig(1),
 		hasCommitToRemote:    true,
-		commitToRemotePubKey: makePubKey(2),
+		commitToRemotePubKey: makePubKey(),
 		commitToRemoteSig:    makeSig(2),
 	},
 	{
 		name:             "unknown encrypt version",
 		encVersion:       0,
-		decVersion:       blob.TypeAltruistCommit,
+		decVersion:       TypeAltruistCommit,
 		sweepAddr:        makeAddr(34),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
-		encErr:           blob.ErrUnknownBlobType,
+		encErr:           ErrUnknownBlobType,
 	},
 	{
 		name:             "unknown decrypt version",
-		encVersion:       blob.TypeAltruistCommit,
+		encVersion:       TypeAltruistCommit,
 		decVersion:       0,
 		sweepAddr:        makeAddr(34),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
-		decErr:           blob.ErrUnknownBlobType,
+		decErr:           ErrUnknownBlobType,
 	},
 	{
 		name:             "sweep addr length zero",
-		encVersion:       blob.TypeAltruistCommit,
+		encVersion:       TypeAltruistCommit,
-		decVersion:       blob.TypeAltruistCommit,
+		decVersion:       TypeAltruistCommit,
 		sweepAddr:        makeAddr(0),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
 	},
 	{
 		name:             "sweep addr max size",
-		encVersion:       blob.TypeAltruistCommit,
+		encVersion:       TypeAltruistCommit,
-		decVersion:       blob.TypeAltruistCommit,
+		decVersion:       TypeAltruistCommit,
-		sweepAddr:        makeAddr(blob.MaxSweepAddrSize),
+		sweepAddr:        makeAddr(MaxSweepAddrSize),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
 	},
 	{
 		name:             "sweep addr too long",
-		encVersion:       blob.TypeAltruistCommit,
+		encVersion:       TypeAltruistCommit,
-		decVersion:       blob.TypeAltruistCommit,
+		decVersion:       TypeAltruistCommit,
-		sweepAddr:        makeAddr(blob.MaxSweepAddrSize + 1),
+		sweepAddr:        makeAddr(MaxSweepAddrSize + 1),
-		revPubKey:        makePubKey(0),
+		revPubKey:        makePubKey(),
-		delayPubKey:      makePubKey(1),
+		delayPubKey:      makePubKey(),
 		csvDelay:         144,
 		commitToLocalSig: makeSig(1),
-		encErr:           blob.ErrSweepAddressToLong,
+		encErr:           ErrSweepAddressToLong,
 	},
 }
@ -152,30 +147,43 @@ func TestBlobJusticeKitEncryptDecrypt(t *testing.T) {
 }
 func testBlobJusticeKitEncryptDecrypt(t *testing.T, test descriptorTest) {
-	boj := &blob.JusticeKit{
+	commitmentType, err := test.encVersion.CommitmentType(nil)
-		BlobType:             test.encVersion,
+	if err != nil {
-		SweepAddress:         test.sweepAddr,
+		require.ErrorIs(t, err, test.encErr)
-		RevocationPubKey:     test.revPubKey,
+		return
 		LocalDelayPubKey:     test.delayPubKey,
 		CSVDelay:             test.csvDelay,
 		CommitToLocalSig:     test.commitToLocalSig,
 		CommitToRemotePubKey: test.commitToRemotePubKey,
 		CommitToRemoteSig:    test.commitToRemoteSig,
 	}
 	breachInfo := &lnwallet.BreachRetribution{
 		RemoteDelay: test.csvDelay,
 		KeyRing: &lnwallet.CommitmentKeyRing{
 			ToLocalKey:    test.delayPubKey,
 			ToRemoteKey:   test.commitToRemotePubKey,
 			RevocationKey: test.revPubKey,
 		},
 	}
 	kit, err := commitmentType.NewJusticeKit(
 		test.sweepAddr, breachInfo, test.hasCommitToRemote,
 	)
 	if err != nil {
 		return
 	}
 	kit.AddToLocalSig(test.commitToLocalSig)
 	kit.AddToRemoteSig(test.commitToRemoteSig)
 	// Generate a random encryption key for the blob. The key is
 	// sized at 32 byte, as in practice we will be using the remote
 	// party's commitment txid as the key.
-	var key blob.BreachKey
+	var key BreachKey
-	_, err := rand.Read(key[:])
+	_, err = rand.Read(key[:])
 	require.NoError(t, err, "unable to generate blob encryption key")
 	// Encrypt the blob plaintext using the generated key and
 	// target version for this test.
-	ctxt, err := boj.Encrypt(key)
+	ctxt, err := Encrypt(kit, key)
-	if err != test.encErr {
+	require.ErrorIs(t, err, test.encErr)
-		t.Fatalf("unable to encrypt blob: %v", err)
+
-	} else if test.encErr != nil {
+	if test.encErr != nil {
 		// If the test expected an encryption failure, we can
 		// continue to the next test.
 		return
@ -183,19 +191,15 @@ func testBlobJusticeKitEncryptDecrypt(t *testing.T, test descriptorTest) {
 	// Ensure that all encrypted blobs are padded out to the same
 	// size: 282 bytes for version 0.
-	if len(ctxt) != blob.Size(test.encVersion) {
+	require.Len(t, ctxt, Size(kit))
 		t.Fatalf("expected blob to have size %d, got %d instead",
 			blob.Size(test.encVersion), len(ctxt))
 	}
 	// Decrypt the encrypted blob, reconstructing the original
 	// blob plaintext from the decrypted contents. We use the target
 	// decryption version specified by this test case.
-	boj2, err := blob.Decrypt(key, ctxt, test.decVersion)
+	boj2, err := Decrypt(key, ctxt, test.decVersion)
-	if err != test.decErr {
+	require.ErrorIs(t, err, test.decErr)
-		t.Fatalf("unable to decrypt blob: %v", err)
+
-	} else if test.decErr != nil {
+	if test.decErr != nil {
 		// If the test expected an decryption failure, we can
 		// continue to the next test.
 		return
@ -210,15 +214,12 @@ func testBlobJusticeKitEncryptDecrypt(t *testing.T, test descriptorTest) {
 	// Check that the original blob plaintext matches the
 	// one reconstructed from the encrypted blob.
-	if !reflect.DeepEqual(boj, boj2) {
+	require.Equal(t, kit, boj2)
 		t.Fatalf("decrypted plaintext does not match original, "+
 			"want: %v, got %v", boj, boj2)
 	}
 }
 type remoteWitnessTest struct {
 	name             string
-	blobType         blob.Type
+	blobType         Type
 	expWitnessScript func(pk *btcec.PublicKey) []byte
 }
@ -229,15 +230,14 @@ func TestJusticeKitRemoteWitnessConstruction(t *testing.T) {
 	tests := []remoteWitnessTest{
 		{
 			name:     "legacy commitment",
-			blobType: blob.Type(blob.FlagCommitOutputs),
+			blobType: TypeAltruistCommit,
 			expWitnessScript: func(pk *btcec.PublicKey) []byte {
 				return pk.SerializeCompressed()
 			},
 		},
 		{
-			name: "anchor commitment",
+			name:     "anchor commitment",
-			blobType: blob.Type(blob.FlagCommitOutputs |
+			blobType: TypeAltruistAnchorCommit,
 				blob.FlagAnchorChannel),
 			expWitnessScript: func(pk *btcec.PublicKey) []byte {
 				script, _ := input.CommitScriptToRemoteConfirmed(pk)
 				return script
@ -257,12 +257,13 @@ func testJusticeKitRemoteWitnessConstruction(
 	// Generate the to-remote pubkey.
 	toRemotePrivKey, err := btcec.NewPrivateKey()
-	require.Nil(t, err)
+	require.NoError(t, err)
-	// Copy the to-remote pubkey into the format expected by our justice
+	revKey, err := btcec.NewPrivateKey()
-	// kit.
+	require.NoError(t, err)
-	var toRemotePubKey blob.PubKey
+
-	copy(toRemotePubKey[:], toRemotePrivKey.PubKey().SerializeCompressed())
+	toLocalKey, err := btcec.NewPrivateKey()
 	require.NoError(t, err)
 	// Sign a message using the to-remote private key. The exact message
 	// doesn't matter as we won't be validating the signature's validity.
@ -273,26 +274,29 @@ func testJusticeKitRemoteWitnessConstruction(
 	commitToRemoteSig, err := lnwire.NewSigFromSignature(rawToRemoteSig)
 	require.Nil(t, err)
-	// Populate the justice kit fields relevant to the to-remote output.
+	commitType, err := test.blobType.CommitmentType(nil)
-	justiceKit := &blob.JusticeKit{
+	require.NoError(t, err)
-		BlobType:             test.blobType,
+
-		CommitToRemotePubKey: toRemotePubKey,
+	breachInfo := &lnwallet.BreachRetribution{
-		CommitToRemoteSig:    commitToRemoteSig,
+		KeyRing: &lnwallet.CommitmentKeyRing{
 			ToRemoteKey:   toRemotePrivKey.PubKey(),
 			RevocationKey: revKey.PubKey(),
 			ToLocalKey:    toLocalKey.PubKey(),
 		},
 	}
 	justiceKit, err := commitType.NewJusticeKit(nil, breachInfo, true)
 	require.NoError(t, err)
 	justiceKit.AddToRemoteSig(commitToRemoteSig)
 	// Now, compute the to-remote witness script returned by the justice
 	// kit.
-	toRemoteScript, err := justiceKit.CommitToRemoteWitnessScript()
+	_, witness, _, err := justiceKit.ToRemoteOutputSpendInfo()
-	require.Nil(t, err)
+	require.NoError(t, err)
 	// Assert this is exactly the to-remote, compressed pubkey.
 	expToRemoteScript := test.expWitnessScript(toRemotePrivKey.PubKey())
-	require.Equal(t, expToRemoteScript, toRemoteScript)
+	require.Equal(t, expToRemoteScript, witness[1])
 	// Next, compute the to-remote witness stack, which should be a p2wkh
 	// witness stack consisting solely of a signature.
 	toRemoteWitnessStack, err := justiceKit.CommitToRemoteWitnessStack()
 	require.Nil(t, err)
 	// Compute the expected first element, by appending a sighash all byte
 	// to our raw DER-encoded signature.
@ -301,19 +305,10 @@ func testJusticeKitRemoteWitnessConstruction(
 	)
 	// Assert that the expected witness stack is returned.
-	expWitnessStack := [][]byte{
+	expWitnessStack := wire.TxWitness{
 		rawToRemoteSigWithSigHash,
 	}
-	require.Equal(t, expWitnessStack, toRemoteWitnessStack)
+	require.Equal(t, expWitnessStack, witness[:1])
 	// Finally, set the CommitToRemotePubKey to be a blank value.
 	justiceKit.CommitToRemotePubKey = blob.PubKey{}
 	// When trying to compute the witness script, this should now return
 	// ErrNoCommitToRemoteOutput since a valid pubkey could not be parsed
 	// from CommitToRemotePubKey.
 	_, err = justiceKit.CommitToRemoteWitnessScript()
 	require.Error(t, blob.ErrNoCommitToRemoteOutput, err)
 }
 // TestJusticeKitToLocalWitnessConstruction tests that a JusticeKit returns the
@ -324,18 +319,10 @@ func TestJusticeKitToLocalWitnessConstruction(t *testing.T) {
 	// Generate the revocation and delay private keys.
 	revPrivKey, err := btcec.NewPrivateKey()
-	require.Nil(t, err)
+	require.NoError(t, err)
 	delayPrivKey, err := btcec.NewPrivateKey()
-	require.Nil(t, err)
+	require.NoError(t, err)
 	// Copy the revocation and delay pubkeys into the format expected by our
 	// justice kit.
 	var revPubKey blob.PubKey
 	copy(revPubKey[:], revPrivKey.PubKey().SerializeCompressed())
 	var delayPubKey blob.PubKey
 	copy(delayPubKey[:], delayPrivKey.PubKey().SerializeCompressed())
 	// Sign a message using the revocation private key. The exact message
 	// doesn't matter as we won't be validating the signature's validity.
@ -344,33 +331,36 @@ func TestJusticeKitToLocalWitnessConstruction(t *testing.T) {
 	// Convert the DER-encoded signature into a fixed-size sig.
 	commitToLocalSig, err := lnwire.NewSigFromSignature(rawRevSig)
-	require.Nil(t, err)
+	require.NoError(t, err)
-	// Populate the justice kit with fields relevant to the to-local output.
+	commitType, err := TypeAltruistCommit.CommitmentType(nil)
-	justiceKit := &blob.JusticeKit{
+	require.NoError(t, err)
-		CSVDelay:         csvDelay,
+
-		RevocationPubKey: revPubKey,
+	breachInfo := &lnwallet.BreachRetribution{
-		LocalDelayPubKey: delayPubKey,
+		RemoteDelay: csvDelay,
-		CommitToLocalSig: commitToLocalSig,
+		KeyRing: &lnwallet.CommitmentKeyRing{
 			RevocationKey: revPrivKey.PubKey(),
 			ToLocalKey:    delayPrivKey.PubKey(),
 		},
 	}
 	justiceKit, err := commitType.NewJusticeKit(nil, breachInfo, false)
 	require.NoError(t, err)
 	justiceKit.AddToLocalSig(commitToLocalSig)
 	// Compute the expected to-local script, which is a function of the CSV
 	// delay, revocation pubkey and delay pubkey.
 	expToLocalScript, err := input.CommitScriptToSelf(
 		csvDelay, delayPrivKey.PubKey(), revPrivKey.PubKey(),
 	)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	// Compute the to-local script that is returned by the justice kit.
-	toLocalScript, err := justiceKit.CommitToLocalWitnessScript()
+	_, witness, err := justiceKit.ToLocalOutputSpendInfo()
-	require.Nil(t, err)
+	require.NoError(t, err)
 	// Assert that the expected to-local script matches the actual script.
-	require.Equal(t, expToLocalScript, toLocalScript)
+	require.Equal(t, expToLocalScript, witness[2])
 	// Next, compute the to-local witness stack returned by the justice kit.
 	toLocalWitnessStack, err := justiceKit.CommitToLocalRevokeWitnessStack()
 	require.Nil(t, err)
 	// Compute the expected signature in the bottom element of the stack, by
 	// appending a sighash all flag to the raw DER signature.
@ -379,9 +369,9 @@ func TestJusticeKitToLocalWitnessConstruction(t *testing.T) {
 	)
 	// Finally, validate against our expected witness stack.
-	expWitnessStack := [][]byte{
+	expWitnessStack := wire.TxWitness{
 		rawRevSigWithSigHash,
 		{1},
 	}
-	require.Equal(t, expWitnessStack, toLocalWitnessStack)
+	require.Equal(t, expWitnessStack, witness[:2])
 }
--- a/watchtower/lookout/justice_descriptor.go
+++ b/watchtower/lookout/justice_descriptor.go
@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/btcsuite/btcd/blockchain"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/btcutil/txsort"
 	"github.com/btcsuite/btcd/txscript"
@ -41,7 +40,7 @@ type JusticeDescriptor struct {
 	// JusticeKit contains the decrypted blob and information required to
 	// construct the transaction scripts and witnesses.
-	JusticeKit *blob.JusticeKit
+	JusticeKit blob.JusticeKit
 }
 // breachedInput contains the required information to construct and spend
@ -56,22 +55,17 @@ type breachedInput struct {
 // commitToLocalInput extracts the information required to spend the commit
 // to-local output.
 func (p *JusticeDescriptor) commitToLocalInput() (*breachedInput, error) {
-	// Retrieve the to-local witness script from the justice kit.
+	kit := p.JusticeKit
 	toLocalScript, err := p.JusticeKit.CommitToLocalWitnessScript()
 	if err != nil {
 		return nil, err
 	}
-	// Compute the witness script hash, which will be used to locate the
+	// Retrieve the to-local output script and witness from the justice kit.
-	// input on the breaching commitment transaction.
+	toLocalPkScript, witness, err := kit.ToLocalOutputSpendInfo()
 	toLocalWitnessHash, err := input.WitnessScriptHash(toLocalScript)
 	if err != nil {
 		return nil, err
 	}
 	// Locate the to-local output on the breaching commitment transaction.
 	toLocalIndex, toLocalTxOut, err := findTxOutByPkScript(
-		p.BreachedCommitTx, toLocalWitnessHash,
+		p.BreachedCommitTx, toLocalPkScript,
 	)
 	if err != nil {
 		return nil, err
@ -84,63 +78,28 @@ func (p *JusticeDescriptor) commitToLocalInput() (*breachedInput, error) {
 		Index: toLocalIndex,
 	}
 	// Retrieve to-local witness stack, which primarily includes a signature
 	// under the revocation pubkey.
 	witnessStack, err := p.JusticeKit.CommitToLocalRevokeWitnessStack()
 	if err != nil {
 		return nil, err
 	}
 	return &breachedInput{
 		txOut:    toLocalTxOut,
 		outPoint: toLocalOutPoint,
-		witness:  buildWitness(witnessStack, toLocalScript),
+		witness:  witness,
 	}, nil
 }
 // commitToRemoteInput extracts the information required to spend the commit
 // to-remote output.
 func (p *JusticeDescriptor) commitToRemoteInput() (*breachedInput, error) {
-	// Retrieve the to-remote witness script from the justice kit.
+	kit := p.JusticeKit
-	toRemoteScript, err := p.JusticeKit.CommitToRemoteWitnessScript()
+
 	// Retrieve the to-remote output script, witness script and sequence
 	// from the justice kit.
 	toRemotePkScript, witness, seq, err := kit.ToRemoteOutputSpendInfo()
 	if err != nil {
 		return nil, err
 	}
 	var (
 		toRemoteScriptHash []byte
 		toRemoteSequence   uint32
 	)
 	if p.JusticeKit.BlobType.IsAnchorChannel() {
 		toRemoteScriptHash, err = input.WitnessScriptHash(
 			toRemoteScript,
 		)
 		if err != nil {
 			return nil, err
 		}
 		toRemoteSequence = 1
 	} else {
 		// Since the to-remote witness script should just be a regular p2wkh
 		// output, we'll parse it to retrieve the public key.
 		toRemotePubKey, err := btcec.ParsePubKey(toRemoteScript)
 		if err != nil {
 			return nil, err
 		}
 		// Compute the witness script hash from the to-remote pubkey, which will
 		// be used to locate the input on the breach commitment transaction.
 		toRemoteScriptHash, err = input.CommitScriptUnencumbered(
 			toRemotePubKey,
 		)
 		if err != nil {
 			return nil, err
 		}
 	}
 	// Locate the to-remote output on the breaching commitment transaction.
 	toRemoteIndex, toRemoteTxOut, err := findTxOutByPkScript(
-		p.BreachedCommitTx, toRemoteScriptHash,
+		p.BreachedCommitTx, toRemotePkScript,
 	)
 	if err != nil {
 		return nil, err
@ -153,18 +112,11 @@ func (p *JusticeDescriptor) commitToRemoteInput() (*breachedInput, error) {
 		Index: toRemoteIndex,
 	}
 	// Retrieve the to-remote witness stack, which is just a signature under
 	// the to-remote pubkey.
 	witnessStack, err := p.JusticeKit.CommitToRemoteWitnessStack()
 	if err != nil {
 		return nil, err
 	}
 	return &breachedInput{
 		txOut:    toRemoteTxOut,
 		outPoint: toRemoteOutPoint,
-		witness:  buildWitness(witnessStack, toRemoteScript),
+		witness:  witness,
-		sequence: toRemoteSequence,
+		sequence: seq,
 	}, nil
 }
@ -193,7 +145,7 @@ func (p *JusticeDescriptor) assembleJusticeTxn(txWeight int64,
 	// reward sweep, there will be two outputs, one of which pays back to
 	// the victim while the other gives a cut to the tower.
 	outputs, err := p.SessionInfo.Policy.ComputeJusticeTxOuts(
-		totalAmt, txWeight, p.JusticeKit.SweepAddress[:],
+		totalAmt, txWeight, p.JusticeKit.SweepAddress(),
 		p.SessionInfo.RewardAddress,
 	)
 	if err != nil {
@ -271,7 +223,7 @@ func (p *JusticeDescriptor) CreateJusticeTxn() (*wire.MsgTx, error) {
 	// Add the sweep address's contribution, depending on whether it is a
 	// p2wkh or p2wsh output.
-	switch len(p.JusticeKit.SweepAddress) {
+	switch len(p.JusticeKit.SweepAddress()) {
 	case input.P2WPKHSize:
 		weightEstimate.AddP2WKHOutput()
@ -344,9 +296,9 @@ func (p *JusticeDescriptor) CreateJusticeTxn() (*wire.MsgTx, error) {
 //
 // NOTE: The search stops after the first match is found.
 func findTxOutByPkScript(txn *wire.MsgTx,
-	pkScript []byte) (uint32, *wire.TxOut, error) {
+	pkScript *txscript.PkScript) (uint32, *wire.TxOut, error) {
-	found, index := input.FindScriptOutputIndex(txn, pkScript)
+	found, index := input.FindScriptOutputIndex(txn, pkScript.Script())
 	if !found {
 		return 0, nil, ErrOutputNotFound
 	}
@ -354,15 +306,6 @@ func findTxOutByPkScript(txn *wire.MsgTx,
 	return index, txn.TxOut[index], nil
 }
 // buildWitness appends the witness script to a given witness stack.
 func buildWitness(witnessStack [][]byte, witnessScript []byte) [][]byte {
 	witness := make([][]byte, len(witnessStack)+1)
 	lastIdx := copy(witness, witnessStack)
 	witness[lastIdx] = witnessScript
 	return witness
 }
 // prevOutFetcher returns a txscript.MultiPrevOutFetcher for the given set
 // of inputs.
 func prevOutFetcher(inputs []*breachedInput) (*txscript.MultiPrevOutFetcher,
--- a/watchtower/lookout/justice_descriptor_test.go
+++ b/watchtower/lookout/justice_descriptor_test.go
@ -12,6 +12,7 @@ import (
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightningnetwork/lnd/input"
 	"github.com/lightningnetwork/lnd/keychain"
 	"github.com/lightningnetwork/lnd/lnwallet"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/watchtower/blob"
 	"github.com/lightningnetwork/lnd/watchtower/lookout"
@ -221,16 +222,19 @@ func testJusticeDescriptor(t *testing.T, blobType blob.Type) {
 		RewardAddress: makeAddrSlice(22),
 	}
-	// Begin to assemble the justice kit, starting with the sweep address,
+	breachInfo := &lnwallet.BreachRetribution{
-	// pubkeys, and csv delay.
+		RemoteDelay: csvDelay,
-	justiceKit := &blob.JusticeKit{
+		KeyRing: &lnwallet.CommitmentKeyRing{
-		BlobType:     blobType,
+			ToLocalKey:    toLocalPK,
-		SweepAddress: makeAddrSlice(22),
+			ToRemoteKey:   toRemotePK,
-		CSVDelay:     csvDelay,
+			RevocationKey: revPK,
 		},
 	}
-	copy(justiceKit.RevocationPubKey[:], revPK.SerializeCompressed())
+
-	copy(justiceKit.LocalDelayPubKey[:], toLocalPK.SerializeCompressed())
+	justiceKit, err := commitType.NewJusticeKit(
-	copy(justiceKit.CommitToRemotePubKey[:], toRemotePK.SerializeCompressed())
+		makeAddrSlice(22), breachInfo, true,
 	)
 	require.NoError(t, err)
 	// Create a transaction spending from the outputs of the breach
 	// transaction created earlier. The inputs are always ordered w/
@ -256,7 +260,7 @@ func testJusticeDescriptor(t *testing.T, blobType blob.Type) {
 	}
 	outputs, err := policy.ComputeJusticeTxOuts(
-		totalAmount, int64(txWeight), justiceKit.SweepAddress,
+		totalAmount, int64(txWeight), justiceKit.SweepAddress(),
 		sessionInfo.RewardAddress,
 	)
 	require.NoError(t, err)
@ -316,8 +320,8 @@ func testJusticeDescriptor(t *testing.T, blobType blob.Type) {
 	require.Nil(t, err)
 	// Complete our justice kit by copying the signatures into the payload.
-	justiceKit.CommitToLocalSig = toLocalSig
+	justiceKit.AddToLocalSig(toLocalSig)
-	justiceKit.CommitToRemoteSig = toRemoteSig
+	justiceKit.AddToRemoteSig(toRemoteSig)
 	justiceDesc := &lookout.JusticeDescriptor{
 		BreachedCommitTx: breachTxn,
--- a/watchtower/lookout/lookout_test.go
+++ b/watchtower/lookout/lookout_test.go
@ -8,8 +8,10 @@ import (
 	"testing"
 	"time"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightningnetwork/lnd/chainntnfs"
 	"github.com/lightningnetwork/lnd/lnwallet"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/watchtower/blob"
 	"github.com/lightningnetwork/lnd/watchtower/lookout"
@ -30,10 +32,9 @@ func (p *mockPunisher) Punish(
 	return nil
 }
-func makeArray32(i uint64) [32]byte {
+func makeRandomPK() *btcec.PublicKey {
-	var arr [32]byte
+	pk, _ := btcec.NewPrivateKey()
-	binary.BigEndian.PutUint64(arr[:], i)
+	return pk.PubKey()
 	return arr
 }
 func makeArray33(i uint64) [33]byte {
@ -142,32 +143,49 @@ func TestLookoutBreachMatching(t *testing.T) {
 	// Construct a justice kit for each possible breach transaction.
 	blobType := blob.FlagCommitOutputs.Type()
-	blob1 := &blob.JusticeKit{
+	breachInfo1 := &lnwallet.BreachRetribution{
-		BlobType:         blobType,
+		RemoteDelay: 144,
-		SweepAddress:     makeAddrSlice(22),
+		KeyRing: &lnwallet.CommitmentKeyRing{
-		RevocationPubKey: makePubKey(1),
+			ToLocalKey:    makeRandomPK(),
-		LocalDelayPubKey: makePubKey(1),
+			RevocationKey: makeRandomPK(),
-		CSVDelay:         144,
+		},
 		CommitToLocalSig: makeTestSig(1),
 	}
-	blob2 := &blob.JusticeKit{
+	commitment1, err := blobType.CommitmentType(nil)
-		BlobType:         blobType,
+	require.NoError(t, err)
-		SweepAddress:     makeAddrSlice(22),
+
-		RevocationPubKey: makePubKey(2),
+	blob1, err := commitment1.NewJusticeKit(
-		LocalDelayPubKey: makePubKey(2),
+		makeAddrSlice(22), breachInfo1, false,
-		CSVDelay:         144,
+	)
-		CommitToLocalSig: makeTestSig(2),
+	require.NoError(t, err)
 	blob1.AddToLocalSig(makeTestSig(1))
 	breachInfo2 := &lnwallet.BreachRetribution{
 		RemoteDelay: 144,
 		KeyRing: &lnwallet.CommitmentKeyRing{
 			ToLocalKey:    makeRandomPK(),
 			RevocationKey: makeRandomPK(),
 		},
 	}
 	commitment2, err := blobType.CommitmentType(nil)
 	require.NoError(t, err)
 	blob2, err := commitment2.NewJusticeKit(
 		makeAddrSlice(22), breachInfo2, false,
 	)
 	require.NoError(t, err)
 	blob2.AddToLocalSig(makeTestSig(1))
 	key1 := blob.NewBreachKeyFromHash(&hash1)
 	key2 := blob.NewBreachKeyFromHash(&hash2)
 	// Encrypt the first justice kit under breach key one.
-	encBlob1, err := blob1.Encrypt(key1)
+	encBlob1, err := blob.Encrypt(blob1, key1)
 	require.NoError(t, err, "unable to encrypt sweep detail 1")
 	// Encrypt the second justice kit under breach key two.
-	encBlob2, err := blob2.Encrypt(key2)
+	encBlob2, err := blob.Encrypt(blob2, key2)
 	require.NoError(t, err, "unable to encrypt sweep detail 2")
 	// Add both state updates to the tower's database.
--- a/watchtower/wtclient/backup_task.go
+++ b/watchtower/wtclient/backup_task.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/btcsuite/btcd/blockchain"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/btcutil/txsort"
 	"github.com/btcsuite/btcd/chaincfg"
@ -247,25 +246,11 @@ func (t *backupTask) craftSessionPayload(
 	var hint blob.BreachHint
-	// First, copy over the sweep pkscript, the pubkeys used to derive the
+	justiceKit, err := t.commitmentType.NewJusticeKit(
-	// to-local script, and the remote CSV delay.
+		t.sweepPkScript, t.breachInfo, t.toRemoteInput != nil,
-	keyRing := t.breachInfo.KeyRing
+	)
-	justiceKit := &blob.JusticeKit{
+	if err != nil {
-		BlobType:         t.blobType,
+		return hint, nil, err
 		SweepAddress:     t.sweepPkScript,
 		RevocationPubKey: toBlobPubKey(keyRing.RevocationKey),
 		LocalDelayPubKey: toBlobPubKey(keyRing.ToLocalKey),
 		CSVDelay:         t.breachInfo.RemoteDelay,
 	}
 	// If this commitment has an output that pays to us, copy the to-remote
 	// pubkey into the justice kit. This serves as the indicator to the
 	// tower that we expect the breaching transaction to have a non-dust
 	// output to spend from.
 	if t.toRemoteInput != nil {
 		justiceKit.CommitToRemotePubKey = toBlobPubKey(
 			keyRing.ToRemoteKey,
 		)
 	}
 	// Now, begin construction of the justice transaction. We'll start with
@ -348,9 +333,9 @@ func (t *backupTask) craftSessionPayload(
 		// field
 		switch inp.WitnessType() {
 		case toLocalWitnessType:
-			justiceKit.CommitToLocalSig = signature
+			justiceKit.AddToLocalSig(signature)
 		case toRemoteWitnessType:
-			justiceKit.CommitToRemoteSig = signature
+			justiceKit.AddToRemoteSig(signature)
 		default:
 			return hint, nil, fmt.Errorf("invalid witness type: %v",
 				inp.WitnessType())
@ -365,18 +350,10 @@ func (t *backupTask) craftSessionPayload(
 	// Then, we'll encrypt the computed justice kit using the full breach
 	// transaction id, which will allow the tower to recover the contents
 	// after the transaction is seen in the chain or mempool.
-	encBlob, err := justiceKit.Encrypt(key)
+	encBlob, err := blob.Encrypt(justiceKit, key)
 	if err != nil {
 		return hint, nil, err
 	}
 	return hint, encBlob, nil
 }
 // toBlobPubKey serializes the given pubkey into a blob.PubKey that can be set
 // as a field on a blob.JusticeKit.
 func toBlobPubKey(pubKey *btcec.PublicKey) blob.PubKey {
 	var blobPubKey blob.PubKey
 	copy(blobPubKey[:], pubKey.SerializeCompressed())
 	return blobPubKey
 }
--- a/watchtower/wtclient/backup_task_internal_test.go
+++ b/watchtower/wtclient/backup_task_internal_test.go
@ -1,7 +1,7 @@
 package wtclient
 import (
-	"bytes"
+	"encoding/binary"
 	"testing"
 	"github.com/btcsuite/btcd/btcec/v2"
@ -25,8 +25,7 @@ import (
 const csvDelay uint32 = 144
 var (
-	zeroPK  [33]byte
+	zeroSig = makeSig(0)
 	zeroSig [64]byte
 	revPrivBytes = []byte{
 		0x8f, 0x4b, 0x51, 0x83, 0xa9, 0x34, 0xbd, 0x5f,
@ -65,6 +64,7 @@ type backupTaskTest struct {
 	expSweepScript   []byte
 	signer           input.Signer
 	chanType         channeldb.ChannelType
 	commitType       blob.CommitmentType
 }
 // genTaskTest creates a instance of a backupTaskTest using the passed
@ -210,6 +210,7 @@ func genTaskTest(
 		expSweepScript: sweepAddr,
 		signer:         signer,
 		chanType:       chanType,
 		commitType:     commitType,
 	}
 }
@ -567,60 +568,35 @@ func testBackupTask(t *testing.T, test backupTaskTest) {
 	require.NoError(t, err, "unable to decrypt blob")
 	keyRing := test.breachInfo.KeyRing
-	expToLocalPK := keyRing.ToLocalKey.SerializeCompressed()
+	expToLocalPK := keyRing.ToLocalKey
-	expRevPK := keyRing.RevocationKey.SerializeCompressed()
+	expRevPK := keyRing.RevocationKey
-	expToRemotePK := keyRing.ToRemoteKey.SerializeCompressed()
+	expToRemotePK := keyRing.ToRemoteKey
-	// Assert that the blob contained the serialized revocation and to-local
+	breachInfo := &lnwallet.BreachRetribution{
-	// pubkeys.
+		RemoteDelay: csvDelay,
-	require.Equal(t, expRevPK, jKit.RevocationPubKey[:])
+		KeyRing: &lnwallet.CommitmentKeyRing{
-	require.Equal(t, expToLocalPK, jKit.LocalDelayPubKey[:])
+			ToLocalKey:    expToLocalPK,
-
+			RevocationKey: expRevPK,
-	// Determine if the breach transaction has a to-remote output and/or
+			ToRemoteKey:   expToRemotePK,
-	// to-local output to spend from. Note the seemingly-reversed
+		},
 	// nomenclature.
 	hasToRemote := test.breachInfo.LocalOutputSignDesc != nil
 	hasToLocal := test.breachInfo.RemoteOutputSignDesc != nil
 	// If the to-remote output is present, assert that the to-remote public
 	// key was included in the blob. Otherwise assert that a blank public
 	// key was inserted.
 	if hasToRemote {
 		require.Equal(t, expToRemotePK, jKit.CommitToRemotePubKey[:])
 	} else {
 		require.Equal(t, zeroPK[:], jKit.CommitToRemotePubKey[:])
 	}
-	// Assert that the CSV is encoded in the blob.
+	expectedKit, err := test.commitType.NewJusticeKit(
-	require.Equal(t, test.breachInfo.RemoteDelay, jKit.CSVDelay)
+		test.expSweepScript, breachInfo, test.expToRemoteInput != nil,
 	// Assert that the sweep pkscript is included.
 	require.Equal(t, test.expSweepScript, jKit.SweepAddress)
 	// Finally, verify that the signatures are encoded in the justice kit.
 	// We don't validate the actual signatures produced here, since at the
 	// moment, it is tested indirectly by other packages and integration
 	// tests.
 	// TODO(conner): include signature validation checks
 	emptyToLocalSig := bytes.Equal(
 		jKit.CommitToLocalSig.RawBytes(), zeroSig[:],
 	)
-	if hasToLocal {
+	require.NoError(t, err)
 		require.False(t, emptyToLocalSig, "to-local signature should "+
 			"not be empty")
 	} else {
 		require.True(t, emptyToLocalSig, "to-local signature should "+
 			"be empty")
 	}
-	emptyToRemoteSig := bytes.Equal(
+	jKit.AddToLocalSig(zeroSig)
-		jKit.CommitToRemoteSig.RawBytes(), zeroSig[:],
+	jKit.AddToRemoteSig(zeroSig)
-	)
+
-	if hasToRemote {
+	require.Equal(t, expectedKit, jKit)
-		require.False(t, emptyToRemoteSig, "to-remote signature "+
+}
-			"should not be empty")
+
-	} else {
+func makeSig(i int) lnwire.Sig {
-		require.True(t, emptyToRemoteSig, "to-remote signature "+
+	var sigBytes [64]byte
-			"should be empty")
+	binary.BigEndian.PutUint64(sigBytes[:8], uint64(i))
-	}
+
 	sig, _ := lnwire.NewSigFromWireECDSA(sigBytes[:])
 	return sig
 }
--- a/watchtower/wtdb/client_db_test.go
+++ b/watchtower/wtdb/client_db_test.go
@ -1201,7 +1201,10 @@ func randCommittedUpdateForChannel(t *testing.T, chanID lnwire.ChannelID,
 	_, err := io.ReadFull(crand.Reader, hint[:])
 	require.NoError(t, err)
-	encBlob := make([]byte, blob.Size(blob.FlagCommitOutputs.Type()))
+	kit, err := blob.AnchorCommitment.EmptyJusticeKit()
 	require.NoError(t, err)
 	encBlob := make([]byte, blob.Size(kit))
 	_, err = io.ReadFull(crand.Reader, encBlob)
 	require.NoError(t, err)
@ -1229,7 +1232,10 @@ func randCommittedUpdateForChanWithHeight(t *testing.T, chanID lnwire.ChannelID,
 	_, err := io.ReadFull(crand.Reader, hint[:])
 	require.NoError(t, err)
-	encBlob := make([]byte, blob.Size(blob.FlagCommitOutputs.Type()))
+	kit, err := blob.AnchorCommitment.EmptyJusticeKit()
 	require.NoError(t, err)
 	encBlob := make([]byte, blob.Size(kit))
 	_, err = io.ReadFull(crand.Reader, encBlob)
 	require.NoError(t, err)
--- a/watchtower/wtdb/tower_db.go
+++ b/watchtower/wtdb/tower_db.go
@ -240,9 +240,19 @@ func (t *TowerDB) InsertStateUpdate(update *SessionStateUpdate) (uint16, error)
 			return err
 		}
 		commitType, err := session.Policy.BlobType.CommitmentType(nil)
 		if err != nil {
 			return err
 		}
 		kit, err := commitType.EmptyJusticeKit()
 		if err != nil {
 			return err
 		}
 		// Assert that the blob is the correct size for the session's
 		// blob type.
-		expBlobSize := blob.Size(session.Policy.BlobType)
+		expBlobSize := blob.Size(kit)
 		if len(update.EncryptedBlob) != expBlobSize {
 			return ErrInvalidBlobSize
 		}
--- a/watchtower/wtdb/tower_db_test.go
+++ b/watchtower/wtdb/tower_db_test.go
@ -17,7 +17,10 @@ import (
 )
 var (
-	testBlob = make([]byte, blob.Size(blob.TypeAltruistCommit))
+	testBlob = make(
 		[]byte, blob.NonceSize+blob.V0PlaintextSize+
 			blob.CiphertextExpansion,
 	)
 )
 // dbInit is a closure used to initialize a watchtower.DB instance.
@ -737,7 +740,8 @@ func updateFromInt(id *wtdb.SessionID, i int,
 	copy(hint[:4], id[:4])
 	binary.BigEndian.PutUint16(hint[4:6], uint16(i))
-	blobSize := blob.Size(blob.TypeAltruistCommit)
+	kit, _ := blob.AnchorCommitment.EmptyJusticeKit()
 	blobSize := blob.Size(kit)
 	return &wtdb.SessionStateUpdate{
 		ID:            *id,
--- a/watchtower/wtmock/tower_db.go
+++ b/watchtower/wtmock/tower_db.go
@ -37,12 +37,22 @@ func (db *TowerDB) InsertStateUpdate(update *wtdb.SessionStateUpdate) (uint16, e
 		return 0, wtdb.ErrSessionNotFound
 	}
 	commitType, err := info.Policy.BlobType.CommitmentType(nil)
 	if err != nil {
 		return 0, err
 	}
 	kit, err := commitType.EmptyJusticeKit()
 	if err != nil {
 		return 0, err
 	}
 	// Assert that the blob is the correct size for the session's blob type.
-	if len(update.EncryptedBlob) != blob.Size(info.Policy.BlobType) {
+	if len(update.EncryptedBlob) != blob.Size(kit) {
 		return 0, wtdb.ErrInvalidBlobSize
 	}
-	err := info.AcceptUpdateSequence(update.SeqNum, update.LastApplied)
+	err = info.AcceptUpdateSequence(update.SeqNum, update.LastApplied)
 	if err != nil {
 		return info.LastApplied, err
 	}
--- a/watchtower/wtserver/server_test.go
+++ b/watchtower/wtserver/server_test.go
@ -30,7 +30,10 @@ var (
 	testnetChainHash = *chaincfg.TestNet3Params.GenesisHash
-	testBlob = make([]byte, blob.Size(blob.TypeAltruistCommit))
+	testBlob = make(
 		[]byte, blob.NonceSize+blob.V0PlaintextSize+
 			blob.CiphertextExpansion,
 	)
 )
 // randPubKey generates a new secp keypair, and returns the public key.