Author: Devrandom 2021-01-10 23:48:31
Published on: 2021-01-10T23:48:31+00:00
In an email exchange, Omer Shlomovits raised the topic of quorum key management for Lightning and its importance to secure Lightning nodes. The attacker model discussed in the email assumes that the attacker is not part of the network but only attacks a machine that happens to run a Lightning node. However, the attacker may also control one or more peers, making it a significant assumption. It would be a much stronger security posture if we defended against arbitrary compromise as well. In many cases, funds can be lost in Lightning once the node software is fully compromised. Therefore, implementing a large set of controls in the key management layer can help defend against all these risks. For example, one of the more complex policy controls is "HTLC receive channel validity - the funding UTXO of the receive channel must be active on-chain with enough depth." Overall, there is still work to be done in this area to improve the security of Lightning nodes.
Updated on: 2023-06-03T03:29:12.875847+00:00