Are lightweight LN wallets vulnerable to transaction withholding? The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Lightning node on a Bitcoin SPVLightweight client, bare necessitiesWhat is a block withholding attack?How vulnerable is bitcoin to quantum algorithms?Are Web Wallets Secure?Is Bitcoin vulnerable to a Birthday Attack against Private Keys?Is Lightning Network vulnerable to sybil attacks?Lightning network and lightweight clientsIs the statement that LN hot wallets will be less secure than non LN hot wallets correct?c-lightning & Lightweight nodes (no local bitcoind)Do lightweight wallets validate signatures? If not, why?
1960s short story making fun of James Bond-style spy fiction
What's the point in a preamp?
Loose spokes after only a few rides
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
How to read αἱμύλιος or when to aspirate
Did the new image of black hole confirm the general theory of relativity?
What force causes entropy to increase?
Deal with toxic manager when you can't quit
Can a flute soloist sit?
Didn't get enough time to take a Coding Test - what to do now?
What do I do when my TA workload is more than expected?
"is" operation returns false even though two objects have same id
Is there a writing software that you can sort scenes like slides in PowerPoint?
Could an empire control the whole planet with today's comunication methods?
Do I have Disadvantage attacking with an off-hand weapon?
Was credit for the black hole image misappropriated?
how can a perfect fourth interval be considered either consonant or dissonant?
My body leaves; my core can stay
How did passengers keep warm on sail ships?
How to determine omitted units in a publication
What happens to a Warlock's expended Spell Slots when they gain a Level?
Why did Peik Lin say, "I'm not an animal"?
Why not take a picture of a closer black hole?
Example of compact Riemannian manifold with only one geodesic.
Are lightweight LN wallets vulnerable to transaction withholding?
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Lightning node on a Bitcoin SPVLightweight client, bare necessitiesWhat is a block withholding attack?How vulnerable is bitcoin to quantum algorithms?Are Web Wallets Secure?Is Bitcoin vulnerable to a Birthday Attack against Private Keys?Is Lightning Network vulnerable to sybil attacks?Lightning network and lightweight clientsIs the statement that LN hot wallets will be less secure than non LN hot wallets correct?c-lightning & Lightweight nodes (no local bitcoind)Do lightweight wallets validate signatures? If not, why?
As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.
security lightning-network thin-clients
add a comment |
As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.
security lightning-network thin-clients
add a comment |
As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.
security lightning-network thin-clients
As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.
security lightning-network thin-clients
security lightning-network thin-clients
asked Mar 24 at 10:24
Chris ChenChris Chen
1488
1488
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
There is no substitute in terms of security and trust for running a full node.
There are different "lightweight client" concepts. Some of them are...
BIP37 (bloom filter):
- [minus] With current used false-positive rates, peers may learn all wallet addresses
- [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses
- [plus] client can validate if the transaction(s) were in a block (merkleblock)
- [plus] clients keep a blockchain with headers only can at least check PoW
- [plus] uses only little bandwidth
- [minus] Hiding back transactions are possible
- [plus]"Impossible" to fake a transaction
Neutrino (Compact Block Filters BIP158):
- [plus] fewer privacy implications then BIP37 since filtering happens locally
- [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)
- [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)
- [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)
- [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)
- [plus] "Impossible" to fake a transaction
Centralized Validation (Bitpay, Samourai, etc.)
- [minus] Full trust in the company/server (they know all your addresses)
- [minus] Can hide back transactions
- [minus] Can artificially create transactions
- [plus] Minimal bandwidth consumption
Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).
Conclusion
If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).
If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.
Recommended practical approach
- Buy a tiny computer (Raspberry, Odroid, Pine64)
- Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)
- NO,.. don't use your old HDD (your sync time will be 20 times slower).
- Install Bitcoin Core (there are pre-build ARM64 binaries)
- Run with a large
-dbcache
(if you have 2GB+ RAM) - Sync the chain
- zzzZZZ (takes maybe a week)
- enjoy being a real Bitcoiner (by avoiding all trusted third parties)
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "308"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85557%2fare-lightweight-ln-wallets-vulnerable-to-transaction-withholding%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
There is no substitute in terms of security and trust for running a full node.
There are different "lightweight client" concepts. Some of them are...
BIP37 (bloom filter):
- [minus] With current used false-positive rates, peers may learn all wallet addresses
- [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses
- [plus] client can validate if the transaction(s) were in a block (merkleblock)
- [plus] clients keep a blockchain with headers only can at least check PoW
- [plus] uses only little bandwidth
- [minus] Hiding back transactions are possible
- [plus]"Impossible" to fake a transaction
Neutrino (Compact Block Filters BIP158):
- [plus] fewer privacy implications then BIP37 since filtering happens locally
- [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)
- [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)
- [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)
- [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)
- [plus] "Impossible" to fake a transaction
Centralized Validation (Bitpay, Samourai, etc.)
- [minus] Full trust in the company/server (they know all your addresses)
- [minus] Can hide back transactions
- [minus] Can artificially create transactions
- [plus] Minimal bandwidth consumption
Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).
Conclusion
If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).
If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.
Recommended practical approach
- Buy a tiny computer (Raspberry, Odroid, Pine64)
- Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)
- NO,.. don't use your old HDD (your sync time will be 20 times slower).
- Install Bitcoin Core (there are pre-build ARM64 binaries)
- Run with a large
-dbcache
(if you have 2GB+ RAM) - Sync the chain
- zzzZZZ (takes maybe a week)
- enjoy being a real Bitcoiner (by avoiding all trusted third parties)
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
add a comment |
There is no substitute in terms of security and trust for running a full node.
There are different "lightweight client" concepts. Some of them are...
BIP37 (bloom filter):
- [minus] With current used false-positive rates, peers may learn all wallet addresses
- [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses
- [plus] client can validate if the transaction(s) were in a block (merkleblock)
- [plus] clients keep a blockchain with headers only can at least check PoW
- [plus] uses only little bandwidth
- [minus] Hiding back transactions are possible
- [plus]"Impossible" to fake a transaction
Neutrino (Compact Block Filters BIP158):
- [plus] fewer privacy implications then BIP37 since filtering happens locally
- [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)
- [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)
- [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)
- [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)
- [plus] "Impossible" to fake a transaction
Centralized Validation (Bitpay, Samourai, etc.)
- [minus] Full trust in the company/server (they know all your addresses)
- [minus] Can hide back transactions
- [minus] Can artificially create transactions
- [plus] Minimal bandwidth consumption
Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).
Conclusion
If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).
If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.
Recommended practical approach
- Buy a tiny computer (Raspberry, Odroid, Pine64)
- Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)
- NO,.. don't use your old HDD (your sync time will be 20 times slower).
- Install Bitcoin Core (there are pre-build ARM64 binaries)
- Run with a large
-dbcache
(if you have 2GB+ RAM) - Sync the chain
- zzzZZZ (takes maybe a week)
- enjoy being a real Bitcoiner (by avoiding all trusted third parties)
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
add a comment |
There is no substitute in terms of security and trust for running a full node.
There are different "lightweight client" concepts. Some of them are...
BIP37 (bloom filter):
- [minus] With current used false-positive rates, peers may learn all wallet addresses
- [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses
- [plus] client can validate if the transaction(s) were in a block (merkleblock)
- [plus] clients keep a blockchain with headers only can at least check PoW
- [plus] uses only little bandwidth
- [minus] Hiding back transactions are possible
- [plus]"Impossible" to fake a transaction
Neutrino (Compact Block Filters BIP158):
- [plus] fewer privacy implications then BIP37 since filtering happens locally
- [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)
- [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)
- [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)
- [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)
- [plus] "Impossible" to fake a transaction
Centralized Validation (Bitpay, Samourai, etc.)
- [minus] Full trust in the company/server (they know all your addresses)
- [minus] Can hide back transactions
- [minus] Can artificially create transactions
- [plus] Minimal bandwidth consumption
Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).
Conclusion
If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).
If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.
Recommended practical approach
- Buy a tiny computer (Raspberry, Odroid, Pine64)
- Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)
- NO,.. don't use your old HDD (your sync time will be 20 times slower).
- Install Bitcoin Core (there are pre-build ARM64 binaries)
- Run with a large
-dbcache
(if you have 2GB+ RAM) - Sync the chain
- zzzZZZ (takes maybe a week)
- enjoy being a real Bitcoiner (by avoiding all trusted third parties)
There is no substitute in terms of security and trust for running a full node.
There are different "lightweight client" concepts. Some of them are...
BIP37 (bloom filter):
- [minus] With current used false-positive rates, peers may learn all wallet addresses
- [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses
- [plus] client can validate if the transaction(s) were in a block (merkleblock)
- [plus] clients keep a blockchain with headers only can at least check PoW
- [plus] uses only little bandwidth
- [minus] Hiding back transactions are possible
- [plus]"Impossible" to fake a transaction
Neutrino (Compact Block Filters BIP158):
- [plus] fewer privacy implications then BIP37 since filtering happens locally
- [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)
- [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)
- [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)
- [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)
- [plus] "Impossible" to fake a transaction
Centralized Validation (Bitpay, Samourai, etc.)
- [minus] Full trust in the company/server (they know all your addresses)
- [minus] Can hide back transactions
- [minus] Can artificially create transactions
- [plus] Minimal bandwidth consumption
Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).
Conclusion
If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).
If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.
Recommended practical approach
- Buy a tiny computer (Raspberry, Odroid, Pine64)
- Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)
- NO,.. don't use your old HDD (your sync time will be 20 times slower).
- Install Bitcoin Core (there are pre-build ARM64 binaries)
- Run with a large
-dbcache
(if you have 2GB+ RAM) - Sync the chain
- zzzZZZ (takes maybe a week)
- enjoy being a real Bitcoiner (by avoiding all trusted third parties)
edited Mar 24 at 14:11
Community♦
1
1
answered Mar 24 at 11:30
Jonas SchnelliJonas Schnelli
5,3501228
5,3501228
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
add a comment |
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.
– Anonymous
Mar 24 at 11:35
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.
– Jonas Schnelli
Mar 24 at 11:41
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.
– Anonymous
Mar 24 at 12:22
add a comment |
Thanks for contributing an answer to Bitcoin Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85557%2fare-lightweight-ln-wallets-vulnerable-to-transaction-withholding%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown