Hi ZmnSCPxj Well your deeclipser is already WIP ;) See my AltNet+Watchdog proposals in Core: https://github.com/bitcoin/bitcoin/pull/18987/https://github.com/bitcoin/bitcoin/pull/18988 It's almost covering what you mention, a driver framework to plug alternative transports protocols : radio, DNS, even LN Noise, Tor's Snowflake... Proposal is a PoC with a multi-threaded process but yes I want production-design to be a multi-process for the reasons you mentioned. Drivers should be developed out-of-tree but with an interface to plug them smoothly (tm). Proposal is more generic than pure LN, like some privacy-concerned users may want to broadcast by default their transactions over radio. But for LN support it should a) detect network/block issuance anomalies b) dynamically react by closing channels or c) fetch headers/blocks through redundant communication channels and d) provide emergency transactions broadcast if your time-sensitive transactions are censored. It's long-term work so be patient but getting opt-in support in Core would make it far easier for any LN routing/vaulting node to deploy it. In the meanwhile you can have multiple nodes on different infrastructures to serve as a backend for your LN node. Bonus: if LN nodes are incentivized to deploy such strong anti-eclipsing measures to mitigate time-dilation it would benefit base layer p2p security network-wise. In case of network partition, your node with link layer redundancy will keep it in-sync its connected peers on the same side of the partition, even if they don't deploy anything. I'm sure you have improvements to suggest ! Best, Antoine Le mer. 10 juin 2020 à 19:35, ZmnSCPxj a écrit : > Good morning Antoine and Gleb, > > One thing I have been idly thinking about would be to have a *separate* > software daemon that performs de-eclipsing for your Bitcoin fullnode. > > For example, you could run this deeclipser on the same hardware as your > Bitcoin fullnode, and have the deeclipser bind to port 8334. > Then you set your Bitcoin fullnode with `addnode=localhost:8334` in your > `bitcoind.conf`. > > Your Bitcoin fullnode would then connect to the deeclipser using normal > P2P protocol. > > The deeclipser would periodically, every five minutes or so, check the > latest headers known by your fullnode, via the P2P protocol connection your > fullnode makes. > Then it would attempt to discover any blocks with greater blockheight. > > The reason why we have a separate deeclipser process is so that the > deeclipser can use a plugin system, and isolate the plugins from the main > fullnode software. > For example, the deeclipser could query a number of plugins: > > * One plugin could just try connecting to some random node, in the hopes > of getting a new connection that is not eclipsed. > * Another plugin could try polling known blockchain explorers and using > their APIs over HTTPS, possibly over Tor as well. > * Another plugin could try connecting to known Electrum servers. > * New plugins can be developed for new mitigations, such as sending > headers over DNS or blocks over mesh or etc. > > Then if any plugin discovers a block later than that known by your > fullnode, the deeclipser can send an unsolicited `block` or `header` > message to your fullnode to update it. > > The advantage of using a plugin system is that it becomes easier to > prototype, deploy, and maybe even test new de-eclipsing mitigations. > > At the same time, by running a separate daemon from the fullnode, we > provide some amount of process isolation in case some problem with the > plugin system exists. > The deeclipser could be run by a completely different user, for example, > and you might even run multiple deeclipser daemons in the same hardware, > with different non-overlapping plugins, so that an exploit of one plugin > will only bring down one deeclipser, with other deeclipser daemons > remaining functional and still protecting your fullnode. > > Finally, by using the P2P protocol, the fullnode you run could be a > non-Bitcoin-Core fullnode, such as btcd or rust-bitcoin or whatever other > fullnode implementations exist, assuming you actually want to use them for > some reason. > > What do you think? > > Regards, > ZmnSCPxj > >