Why Nostr? What is Njump?
2023-06-07 18:28:13
in reply to

Devrandom [ARCHIVE] on Nostr: 📅 Original date posted:2021-01-17 📝 Original message:Dear ZmnSCPxj, On Thu, Jan ...

📅 Original date posted:2021-01-17
📝 Original message:Dear ZmnSCPxj,

On Thu, Jan 14, 2021 at 4:28 PM ZmnSCPxj via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> The primary issue here is that we have a base assumption that the hardware
> wallet cannot be sophisticated enough to have Internet access; "do not
> enter seed words on an online device", as the typical advice goes.
> Most clawback transactions are time-based, and *must* be broadcast at a
> particular blockheight.
> Yet if the hardware wallet cannot be an online device, then it cannot know
> the current blockheight is now at a time when the clawback transaction
> *must* be broadcast.
>
> Thus, the hardware must always tr\*st the software to actually perform the
> clawback in that case.
>

I believe it is possible to achieve much of the desired "liveness"
requirements without compromising too much on the air-gap. The solution
requires the following:

- a set of UTXO oracles which attest to the UTXO set
- optionally, a set of clock oracles which attest to the current time (e.g.
using the roughtime protocol)
- an air-gap connection between the node software and the signer, e.g.
using a narrow optical or serial protocol
- a set of operators that can react to lack of liveness

The Signer performs the following steps periodically:

- if the funding UTXO has not been spent (per oracle attestation), proceed
normally with any channel commitment signing
- if the funding UTXO has been spent, ensure that the node provided the
spending tx, and check if there is any reaction needed (e.g. a justice tx
is needed)
- if a reaction is needed, ensure that there is a further spend within a
certain deadline (shorter than the CSV/CLTV deadline)
- if there is no deadline violation, sign a heartbeat message with the
current time (either from a local clock or from oracle clock)

The node software then relays the signed heartbeat message to the
operators, e.g. through Tor. If a heartbeat is not seen by the operators,
they manually intervene (e.g. by standing up a clean node).

Of course, we will never have Lightning paper wallets, by definition, since
you can't participate in the network without being online. But the above
setup seems to be at least as secure as USB hardware wallets attached to
online machines. You could even have intermittently connected signers for
slow-moving channels, or signers behind Tor, etc. .

--
devrandom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210116/25ea76d6/attachment-0001.html>;
Author Public Key
npub1j0js72tmnxzmrtd6j0j5wcvfuhsqwgqxdwkpmw28rmmuy22y3wzsdw9k8n