[kobeya]

Bitcoin script allows you to specify more complex conditions for settlement than a digital signature by a single key.

For example let’s say we first lock coins into a condition that both your key and mine are required to spend. Then I “send” you money by signing my half of a transaction sending the payment to you and returning the change to me. If I later want to pay you again, I send you a new partially signed transaction with the sum of all the payments so far. Either one of us can broadcast the most recent to when we need the funds for other purposes. Since one tx is needed to set this up, and one tx is needed to close out/settle then this makes sense as long as there is payment, or even for single payments if the close out is used to setup a new payment channel at the same time (my change address sets up a similar 2-of-2 with someone else).

This protocol as written is not safe, but only because it’d be too tedious to write out a full protocol in a HN comment. With tools that are available besides signing, such as relative lock times and malleability-free transactions it is possible to construct safe versions that don’t fall down in the face of DoS or rebroadcast of old state etc.

If everyone uses such transactions, which they will eventually once the tools are more mature, then you only need proper block chain access for the rebalancing transactions.

Off chain transactions are not censorable because they are between offline parties in direct communication with each other. And settlement aka rebalancing transactions are not distinguishable from regular payments if MAST is available and cooperative closure is achieved.