From: Devrandom <c1.bitcoin@niftybox•net>
To: ZmnSCPxj <ZmnSCPxj@protonmail•com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
Date: Sat, 16 Jan 2021 18:40:44 -0800 [thread overview]
Message-ID: <CAB0O3SWvARDpdPt562SY-p+FE63rhEYg_DGEVJsBnmG-pdkw5Q@mail.gmail.com> (raw)
In-Reply-To: <IUjfIb-kgkDrL-Lq2aezCk5sjSoICBCUEZbchHqLDFStputPn0Y8xmPHdIwg6tEwZIMI-075CMO1jwy4FgIhhTgDclpdJXwRYlrESFDqfSc=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 2374 bytes --]
Dear ZmnSCPxj,
On Thu, Jan 14, 2021 at 4:28 PM ZmnSCPxj via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> The primary issue here is that we have a base assumption that the hardware
> wallet cannot be sophisticated enough to have Internet access; "do not
> enter seed words on an online device", as the typical advice goes.
> Most clawback transactions are time-based, and *must* be broadcast at a
> particular blockheight.
> Yet if the hardware wallet cannot be an online device, then it cannot know
> the current blockheight is now at a time when the clawback transaction
> *must* be broadcast.
>
> Thus, the hardware must always tr\*st the software to actually perform the
> clawback in that case.
>
I believe it is possible to achieve much of the desired "liveness"
requirements without compromising too much on the air-gap. The solution
requires the following:
- a set of UTXO oracles which attest to the UTXO set
- optionally, a set of clock oracles which attest to the current time (e.g.
using the roughtime protocol)
- an air-gap connection between the node software and the signer, e.g.
using a narrow optical or serial protocol
- a set of operators that can react to lack of liveness
The Signer performs the following steps periodically:
- if the funding UTXO has not been spent (per oracle attestation), proceed
normally with any channel commitment signing
- if the funding UTXO has been spent, ensure that the node provided the
spending tx, and check if there is any reaction needed (e.g. a justice tx
is needed)
- if a reaction is needed, ensure that there is a further spend within a
certain deadline (shorter than the CSV/CLTV deadline)
- if there is no deadline violation, sign a heartbeat message with the
current time (either from a local clock or from oracle clock)
The node software then relays the signed heartbeat message to the
operators, e.g. through Tor. If a heartbeat is not seen by the operators,
they manually intervene (e.g. by standing up a clean node).
Of course, we will never have Lightning paper wallets, by definition, since
you can't participate in the network without being online. But the above
setup seems to be at least as secure as USB hardware wallets attached to
online machines. You could even have intermittently connected signers for
slow-moving channels, or signers behind Tor, etc. .
--
devrandom
[-- Attachment #2: Type: text/html, Size: 2978 bytes --]
next prev parent reply other threads:[~2021-01-17 2:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 18:17 Kevin Loaec
2021-01-15 0:28 ` ZmnSCPxj
2021-01-17 2:40 ` Devrandom [this message]
2021-01-17 1:31 ` Antoine Riard
2021-01-17 10:02 ` darosior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAB0O3SWvARDpdPt562SY-p+FE63rhEYg_DGEVJsBnmG-pdkw5Q@mail.gmail.com \
--to=c1.bitcoin@niftybox$(echo .)net \
--cc=ZmnSCPxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox