Continuing the discussion about noinput / anyprevout

Bitcoin's SIGHASH_NOINPUT presents an issue of address reuse, which is common practice among bitcoin businesses. If an exchange were to create a digital signature from its cold storage address with a SIGHASH_NOINPUT signature, the signature could be replayed until the wallet is drained. However, this downside is outweighed by the fact that SIGHASH_NOINPUT is useful for off-chain protocols like Lightning, allowing for specific off-chain states to end up on-chain and enforcing them. This means that large economic entities in bitcoin, such as exchanges, will need a second unique signing path that uses SIGHASH_NOINPUT, separate from their first signing path that controls on-chain funds. Separating the two domains simply involves using a separate (hardened) derivation path from a seed key and never mixing them afterwards. BIP118 mandates that separate private keys be used for off-chain contracts and that the off-chain contract never be mixed with the remainder of your funds.It is necessary to encourage on-chain hot wallet signing procedures to be kept separate from off-chain hot wallet signing procedures, which introduces more complexity for key management. However, maintaining key hygiene as detailed in BIP118, i.e., keeping off-chain keys separate from on-chain keys, and ensuring that each off-chain contract instance uses a separate set of keys can contain fund loss to the balance of the channel.