2023-06-09T12:21:33Z https://yabu.me Devrandom [ARCHIVE] https://yabu.me/npub1j0js72tmnxzmrtd6j0j5wcvfuhsqwgqxdwkpmw28rmmuy22y3wzsdw9k8n https://yabu.me/nevent1qqsf5dkqgq4f3q4mnr9vx3q4lcysxjgsfm6yhwdksg6xtqdfufp9d0szyzf72ref0wvctvddh2f723mp38j7qpeqqe46c8degu000s3fgj9c2se30s6 In reply to <a href='/nevent1qqsxah9c0v9spuj4uh2386jcp7mukc3qerrup2wxjvwhltjkgdwmfacxzhzum'>nevent1q…hzum</a><br/>_________________________<br/><br/>📅 Original date posted:2021-01-17<br/>📝 Original message:Dear ZmnSCPxj,<br/><br/>On Thu, Jan 14, 2021 at 4:28 PM ZmnSCPxj via bitcoin-dev &lt;<br/>bitcoin-dev at lists.linuxfoundation.org&gt; wrote:<br/><br/>&gt; The primary issue here is that we have a base assumption that the hardware<br/>&gt; wallet cannot be sophisticated enough to have Internet access; &#34;do not<br/>&gt; enter seed words on an online device&#34;, as the typical advice goes.<br/>&gt; Most clawback transactions are time-based, and *must* be broadcast at a<br/>&gt; particular blockheight.<br/>&gt; Yet if the hardware wallet cannot be an online device, then it cannot know<br/>&gt; the current blockheight is now at a time when the clawback transaction<br/>&gt; *must* be broadcast.<br/>&gt;<br/>&gt; Thus, the hardware must always tr\*st the software to actually perform the<br/>&gt; clawback in that case.<br/>&gt;<br/><br/>I believe it is possible to achieve much of the desired &#34;liveness&#34;<br/>requirements without compromising too much on the air-gap. The solution<br/>requires the following:<br/><br/>- a set of UTXO oracles which attest to the UTXO set<br/>- optionally, a set of clock oracles which attest to the current time (e.g.<br/>using the roughtime protocol)<br/>- an air-gap connection between the node software and the signer, e.g.<br/>using a narrow optical or serial protocol<br/>- a set of operators that can react to lack of liveness<br/><br/>The Signer performs the following steps periodically:<br/><br/>- if the funding UTXO has not been spent (per oracle attestation), proceed<br/>normally with any channel commitment signing<br/>- if the funding UTXO has been spent, ensure that the node provided the<br/>spending tx, and check if there is any reaction needed (e.g. a justice tx<br/>is needed)<br/>- if a reaction is needed, ensure that there is a further spend within a<br/>certain deadline (shorter than the CSV/CLTV deadline)<br/>- if there is no deadline violation, sign a heartbeat message with the<br/>current time (either from a local clock or from oracle clock)<br/><br/>The node software then relays the signed heartbeat message to the<br/>operators, e.g. through Tor. If a heartbeat is not seen by the operators,<br/>they manually intervene (e.g. by standing up a clean node).<br/><br/>Of course, we will never have Lightning paper wallets, by definition, since<br/>you can&#39;t participate in the network without being online. But the above<br/>setup seems to be at least as secure as USB hardware wallets attached to<br/>online machines. You could even have intermittently connected signers for<br/>slow-moving channels, or signers behind Tor, etc. .<br/><br/>--<br/>devrandom<br/>-------------- next part --------------<br/>An HTML attachment was scrubbed...<br/>URL: &lt;<a href="http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210116/25ea76d6/attachment-0001.html&gt">http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210116/25ea76d6/attachment-0001.html&gt</a>; 2023-06-07T18:28:13Z