Published on: 2021-01-10T23:48:31+00:00
In an email exchange, Omer Shlomovits discussed the importance of quorum key management for Lightning nodes and its role in securing them. The discussed attacker model assumes that the attacker is not part of the network but only targets a machine running a Lightning node. However, it is noted that the attacker may also have control over one or more peers, which is a significant assumption. To strengthen the security posture, it is suggested that defenses should be implemented against arbitrary compromise as well.The compromise of node software can lead to the loss of funds in Lightning, making it crucial to enhance the security of key management. Implementing a comprehensive set of controls in the key management layer can help safeguard against various risks. An example of a complex policy control mentioned is the "HTLC receive channel validity," which requires the funding UTXO of the receive channel to be active on-chain with sufficient depth. Despite the progress made, there is still room for improvement in enhancing the security of Lightning nodes.Omer also shared his project on a traditional cybersecurity approach and its implementation in writing. The project focuses on an intuitive attacker model where the attacker targets a machine running a Lightning node, assuming the channels' security is sound. It is assumed that the attacker does not gain full control over the node but rather elevated access. The project analyzes different attack scenarios and their potential impact. It emphasizes that due to the unique structure and usage of keys in Lightning, it is not easy for an attacker to profit from this situation compared to Bitcoin, where any access to key material equals profit.The second part of Omer's project proposes a quorum-based design that utilizes threshold cryptography to mitigate attacks. This design offers one viable solution, but there are tradeoffs that need to be considered and discussed. One advantage of this approach is the ability to reuse existing watchtowers. The project also touches upon a simple bribing attack on the current watchtower design and suggests that a quorum structure like the proposed one may provide a solution based on game theory. The provided link leads to a writeup for further reading.It is important to note that Omer's project is written at a high level, focusing on introducing new ideas. It acknowledges that there is still work to be done, as no formal security arguments are provided, and real-world considerations such as fee structure and parameters are avoided. Feedback on the project is welcomed by Omer as he continues to refine his work.
Updated on: 2023-07-31T23:20:14.026916+00:00