bitcoin-dev

Combined summary - Demonstrating Pinning Attacks under Real-World Conditions

Combined summary - Demonstrating Pinning Attacks under Real-World Conditions

The conversation starts with the recognition of a need for clear, step-by-step instructions for volunteers interested in setting up new nodes, focusing on the use of current and default installations of Core/btcd along with lnd/cln/ldk.

It delves into specifics such as the amount required in channels, the necessary number of channels, the relevance of channel types, volunteer interconnectivity, desired network topology, and the significance of network connectivity and Tor usage. This discussion illuminates the technical intricacies involved in setting up these nodes and underscores the importance of detailed guidance for volunteers with varying expertise levels.

The topic shifts to the exploration of real-world pinning attacks against production lightning nodes and the broader context of security vulnerabilities within the bitcoin network. The reluctance of developers to engage in real-world demonstrations of these exploits is highlighted, alongside the optimism for improved evaluations and reproductions of bitcoin security exploits. Drawing parallels with major information security conferences, there's an anticipation that increased scrutiny of security flaws will bolster the bitcoin ecosystem's resilience. This part of the discussion emphasizes the critical focus on security vulnerabilities and the proactive measures needed to safeguard blockchain technologies.

Antoine Riard discusses his personal commitment to testing without affecting CPU or RAM functionalities, focusing instead on transaction-relay and mempool logic. He proposes running a node on the mainnet to exploit channels for liquidity rebalancing, committing his own liquidity for this purpose. Additionally, Riard mentions a $100 donation to the OTS project, highlighting his support for its notarization services. His approach to handling transactions cautiously to avoid penalties reflects a nuanced understanding of the risks involved.

Furthermore, Riard has authorized attack tests on his Lightning node, part of the Alice OpenTimestamps calendar, until October 1st, emphasizing operational constraints due to the server's role in a production environment. Despite potential disruptions, the impact is considered minimal thanks to the redundancy of the OpenTimestamps protocol. This section outlines the conditions under which the testing should proceed, including reimbursement for any incurred expenses and encouragement for testers to make donations to the OTS community.

Lastly, the email touches on Dave Harding's suggestion to establish "free-to-pwn" lightning nodes on the mainnet for conducting sophisticated cross-layer attacks like pinning. This initiative aims to bridge the gap between private testing and public verifiability, highlighting the differences in conducting attacks in testnets versus the mainnet. Antoine addresses the potential criticisms regarding the complexity of full-node software and lightning implementations, advocating for transparency and public demonstrations to uncover vulnerabilities, thereby fostering a more secure and trustworthy bitcoin ecosystem.

Discussion History

0
Antoine RiardOriginal Post
August 27, 2024 21:10 UTC
1
September 3, 2024 12:58 UTC
2
September 3, 2024 20:12 UTC
3
October 11, 2024 00:21 UTC
4
October 11, 2024 15:01 UTC
5
October 12, 2024 04:46 UTC