From: Antoine Riard <antoine.riard@gmail•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Demonstrating Pinning Attacks under Real-World Conditions
Date: Thu, 10 Oct 2024 17:21:13 -0700 (PDT) [thread overview]
Message-ID: <51ac4b01-f2d3-4932-9d00-1c9be0875f96n@googlegroups.com> (raw)
In-Reply-To: <CALZpt+EM1ysYErpGneuP_d+MjhQcaG7d2_EtRm2WYGFfLYuBsA@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 5801 bytes --]
Hi all,
> If you have an on-chain donation address on the OTS website (?), I'll
make a
> $100 donation now, it's a nice tool. And for the justice
transaction...well
> for some scenarios you can use the latest valid commitment state to pin
no risk
> of being slashed by a justice transaction.
Been late on demonstrating a real-world pinning attack against a production
lightning
node. But I swear it's real sport having to jungle with more than one
category of
exploit to soundly test.
OTS is a great project. I'll make a donation to it of 1 gram of gold or the
equivalent
in fiats or satoshis at settlement (as $100 sounds to be almost equal to 1
gram of gold,
i.e $84.66 those days) for each month late on doing a demonstrationg of
real-world pinning
attack, as a lateness penalty.
Beyond it's a great tool to make notarization of any kind of digital info,
inside the
chain where for every block there are probably two-digit terawatt hours
burnt, which
starts to be a f*cking lot of hydro power plants.
More generally, I called since late 2020 at least for making real-world
demonstration
of pinning attacks against lightning nodes, among others types of
cross-layers attacks,
At the exception of 2 ligthning protocol devs if my memory is correct, all
the others
ones since then have shunned away from participating in a real-world demo,
and Peter
Todd was the first one to consent and make available a lightning node
available for
real-world demos in a "black box" fashion (indeed, it's far easier to
execute exploits
on testing envs fully set by the researcher...).
In the future, I believe it can only be great if bitcoin security exploits
are gauged
more or less on the lines of artifacts available, evaluated and reproduced,
as done
usually by major infosec confs.
Best,
Antoine
ots hash: 9d227f7832154c4c8bce9fce260ac84537489c1bc8c4b8c2ba990ceb197c84fc
Le mardi 3 septembre 2024 à 21:13:46 UTC+1, Antoine Riard a écrit :
> > That also happens to be my Alice OpenTimestamps calendar, in production,
> so
> > please don't do anything you expect to be CPU or RAM intensive. But if
> you
> > accidentally take down the server, not the end of the world: OTS is a
> very
> > redundant protocol and one calendar going down for a few hours is
> unlikely to
> > do any harm.
> >
> > It has about $400 of outgoing capacity at the moment, and $2000 inbound.
> It
> > gets hardly any donations at the moment, so if you manage to knock LND
> offline
> > that's no big deal.
> >
> > That's not my money - it's donations to the OTS calendars that I have no
> right
> > to spend - so I'll ask you to pay for any expenses incurred by it during
> > testing, and make a $100 net donation when you're done testing to make it
> > worthwhile for the OTS community. If you manage to lose more than that on
> > justice transactions, I'll consider that a donation. :)
>
> Many thanks Peter for that.
>
> No worries, I won't play with CPU or RAM, it's just all the
> transaction-relay
> and mempool logic that one can interfere with. I'll make you whole of the
> $2400
> if the LND node goes down too hard, though I'm just looking for a node
> running
> on mainnet, for a pinning the attacker has two open to channels and
> re-balance
> the liquidity at its advantage a bit. I'll provide the liquidity by myself.
>
> If you have an on-chain donation address on the OTS website (?), I'll make
> a
> $100 donation now, it's a nice tool. And for the justice transaction...well
> for some scenarios you can use the latest valid commitment state to pin no
> risk
> of being slashed by a justice transaction.
>
> Best,
> Antoine
> ots hash: 19d9b61ed5238e2922205a0a0194e0830b260a691f45b4189b1d145f72c9e031
>
> Le mar. 3 sept. 2024 à 13:58, Peter Todd <pe...@petertodd•org> a écrit :
>
>> On Tue, Aug 27, 2024 at 02:10:15PM -0700, Antoine Riard wrote:
>> > My utmost pleasure to demonstrate some pinning attacks on nodes under
>> > real-world conditions.
>>
>> Antoine Riard: until Oct 1st, you have permission to test your attacks
>> against
>> my Lightning node running at:
>>
>> 023345274dd80a01c0e80ec4892818878...@alice•opentimestamps.org:9735
>> <http://023345274dd80a01c0e80ec48928188783f9bc5281be8f5057c050492f10711a5b@alice.opentimestamps.org:9735>
>>
>> That also happens to be my Alice OpenTimestamps calendar, in production,
>> so
>> please don't do anything you expect to be CPU or RAM intensive. But if you
>> accidentally take down the server, not the end of the world: OTS is a very
>> redundant protocol and one calendar going down for a few hours is
>> unlikely to
>> do any harm.
>>
>> It has about $400 of outgoing capacity at the moment, and $2000 inbound.
>> It
>> gets hardly any donations at the moment, so if you manage to knock LND
>> offline
>> that's no big deal.
>>
>> That's not my money - it's donations to the OTS calendars that I have no
>> right
>> to spend - so I'll ask you to pay for any expenses incurred by it during
>> testing, and make a $100 net donation when you're done testing to make it
>> worthwhile for the OTS community. If you manage to lose more than that on
>> justice transactions, I'll consider that a donation. :)
>>
>> --
>> https://petertodd.org 'peter'[:-1]@petertodd.org
>>
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 7596 bytes --]
next prev parent reply other threads:[~2024-10-11 0:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-27 21:10 Antoine Riard
2024-09-03 12:58 ` Peter Todd
2024-09-03 20:12 ` Antoine Riard
2024-10-11 0:21 ` Antoine Riard [this message]
2024-10-11 15:01 ` waxwing/ AdamISZ
2024-10-12 4:46 ` Antoine Riard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51ac4b01-f2d3-4932-9d00-1c9be0875f96n@googlegroups.com \
--to=antoine.riard@gmail$(echo .)com \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox