From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 10 Oct 2024 17:29:10 -0700 Received: from mail-yb1-f186.google.com ([209.85.219.186]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sz3Wn-0007TA-3i for bitcoindev@gnusha.org; Thu, 10 Oct 2024 17:29:09 -0700 Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-e28fea2adb6sf1844043276.3 for ; Thu, 10 Oct 2024 17:29:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1728606542; x=1729211342; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=; b=saMGrgs8281GDNNHym3mAA9idhqH8Fzsv+xDhgfaNMBv16PVnS6dYwJV9MYq6f7D2N +6mxunCw7Bt9/8FftuiLnsP3c+BLtSsw82AX4A9X7gXjmQQcP6vMDwyh1Ik3IpjrMJlI hTx/cVvPV8tvJYddl3OaCT54HuKji5LCoT+uoN21YVTz61ksCpqjjiv3Eu/wSfYAC9tn oe5l7eezjt7f5x3IozXVwuViMdX+TUXqZqnGaC4CQgNsDjzZRA9wCwC/dCySeWjdUF6N QMUoaJF4PsKDU4Y8Z11ZIsX3pub7AXCAYXhL79He1+ON0wxJ9sc0tRAIEjNRbwCIl8rX kyMA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728606542; x=1729211342; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=; b=WXAlSdYbhBgZQJrIs/H85fuG4n9nrZIfCng/e5XN2QgQ+kfOoA0wWqrKmggnT8UqY/ Efvjqhma5VACC4+B6kYp3+4axFHTqVkjiLbQUMli1POyvy8J+ReVtGRiemsgxOaMv8xY 2nRwOAyVGL02/8sy/+jYSVY/arYdS7GpwrZVe3AUgwejPIGAYUuNomnKx3okDCuRIkYv +m1hWdcXC6o38Pw0XYiyqDl/wJyvEJ9dqWRCsfs/4XQzHlaplVufFeVj9j2bY/Gna1K2 c/JlY52ascBIGFLB/goNgH3D9N2WXD1SucJLGK2IftoNGWwqmELLrcUKoyUxVqdayXrG +bjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728606542; x=1729211342; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=; b=IfcNG8h3HSb3mHLkd8RypTHIU8GIEE0o5WVE7JtfQlf/LIxBXW7Paro9dH4U5CYjO1 a6GZeRHvFWswnPLSvzwIragIlYlchClFXA2M+W9wc08JAaDwoDuYncB5Yx7E2wPunlcf wdvI0y4MHfqCh9Ml4NdsQBOemD7jPOXiCjosLpIJTV/MASsDhip6nPBge5PMaaZ0+7HB DzX9eFqg6eXXajFLZpIv0PG0aou+4p+jepsvbmGPeow8ErsXfJYFByySxF0XNJjqSCyz I6xKle8BLlChp9i4hJ+Qcc3yh0UAsusTDA1jeGrOeXFXGzsBtINDji/Bsi3zYvt7DhGG TIwA== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCXMfP39LTdQXSPtJolpfpj2hmCfSEs1eH012K8erIa4fjgNlx39qJeGD1JvOIrboPChmL1LbkNWARJS@gnusha.org X-Gm-Message-State: AOJu0YzcwxU+aowpaUp8vXptzwYKw1DRcFgZxK5O2B11PTU9PAohKWk0 Z1jXZeF4itAtXM57N1XmDxPykPkyyMqPbuMwLAi9UBhsVWMtFyZ0 X-Google-Smtp-Source: AGHT+IETGbbTd/s4SVcM00lU2ET6B2FB/RuQp4l7uMCiR4+fvf/SJaBfcPois6tfS9+kV9pTx0Fh9A== X-Received: by 2002:a05:6902:10cb:b0:e25:d51a:98ba with SMTP id 3f1490d57ef6-e2919d62707mr689925276.7.1728606542502; Thu, 10 Oct 2024 17:29:02 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:18ca:b0:e1d:a3e8:5b29 with SMTP id 3f1490d57ef6-e290bb64da3ls585761276.1.-pod-prod-07-us; Thu, 10 Oct 2024 17:29:00 -0700 (PDT) X-Received: by 2002:a05:690c:2843:b0:6dd:b920:6e61 with SMTP id 00721157ae682-6e347c840a2mr4870927b3.40.1728606539949; Thu, 10 Oct 2024 17:28:59 -0700 (PDT) Received: by 2002:a05:690c:3411:b0:6dd:c9c1:7a16 with SMTP id 00721157ae682-6e31ec9542fms7b3; Thu, 10 Oct 2024 17:21:15 -0700 (PDT) X-Received: by 2002:a05:690c:620a:b0:6e3:f6f:5b7f with SMTP id 00721157ae682-6e3479c7d82mr5732097b3.19.1728606074120; Thu, 10 Oct 2024 17:21:14 -0700 (PDT) Date: Thu, 10 Oct 2024 17:21:13 -0700 (PDT) From: Antoine Riard To: Bitcoin Development Mailing List Message-Id: <51ac4b01-f2d3-4932-9d00-1c9be0875f96n@googlegroups.com> In-Reply-To: References: Subject: Re: [bitcoindev] Demonstrating Pinning Attacks under Real-World Conditions MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_161668_1857037695.1728606073719" X-Original-Sender: antoine.riard@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.4 (/) ------=_Part_161668_1857037695.1728606073719 Content-Type: multipart/alternative; boundary="----=_Part_161669_88562910.1728606073719" ------=_Part_161669_88562910.1728606073719 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, > If you have an on-chain donation address on the OTS website (?), I'll=20 make a > $100 donation now, it's a nice tool. And for the justice=20 transaction...well > for some scenarios you can use the latest valid commitment state to pin= =20 no risk > of being slashed by a justice transaction. Been late on demonstrating a real-world pinning attack against a production= =20 lightning node. But I swear it's real sport having to jungle with more than one=20 category of exploit to soundly test. OTS is a great project. I'll make a donation to it of 1 gram of gold or the= =20 equivalent in fiats or satoshis at settlement (as $100 sounds to be almost equal to 1= =20 gram of gold, i.e $84.66 those days) for each month late on doing a demonstrationg of=20 real-world pinning attack, as a lateness penalty. Beyond it's a great tool to make notarization of any kind of digital info,= =20 inside the chain where for every block there are probably two-digit terawatt hours=20 burnt, which starts to be a f*cking lot of hydro power plants. More generally, I called since late 2020 at least for making real-world=20 demonstration of pinning attacks against lightning nodes, among others types of=20 cross-layers attacks, At the exception of 2 ligthning protocol devs if my memory is correct, all= =20 the others ones since then have shunned away from participating in a real-world demo,= =20 and Peter Todd was the first one to consent and make available a lightning node=20 available for real-world demos in a "black box" fashion (indeed, it's far easier to=20 execute exploits on testing envs fully set by the researcher...). In the future, I believe it can only be great if bitcoin security exploits= =20 are gauged more or less on the lines of artifacts available, evaluated and reproduced,= =20 as done=20 usually by major infosec confs. Best, Antoine ots hash: 9d227f7832154c4c8bce9fce260ac84537489c1bc8c4b8c2ba990ceb197c84fc Le mardi 3 septembre 2024 =C3=A0 21:13:46 UTC+1, Antoine Riard a =C3=A9crit= : > > That also happens to be my Alice OpenTimestamps calendar, in production= ,=20 > so > > please don't do anything you expect to be CPU or RAM intensive. But if= =20 > you > > accidentally take down the server, not the end of the world: OTS is a= =20 > very > > redundant protocol and one calendar going down for a few hours is=20 > unlikely to > > do any harm. > >=20 > > It has about $400 of outgoing capacity at the moment, and $2000 inbound= .=20 > It > > gets hardly any donations at the moment, so if you manage to knock LND= =20 > offline > > that's no big deal. > >=20 > > That's not my money - it's donations to the OTS calendars that I have n= o=20 > right > > to spend - so I'll ask you to pay for any expenses incurred by it durin= g > > testing, and make a $100 net donation when you're done testing to make = it > > worthwhile for the OTS community. If you manage to lose more than that = on > > justice transactions, I'll consider that a donation. :) > > Many thanks Peter for that. > > No worries, I won't play with CPU or RAM, it's just all the=20 > transaction-relay > and mempool logic that one can interfere with. I'll make you whole of the= =20 > $2400 > if the LND node goes down too hard, though I'm just looking for a node=20 > running > on mainnet, for a pinning the attacker has two open to channels and=20 > re-balance > the liquidity at its advantage a bit. I'll provide the liquidity by mysel= f. > > If you have an on-chain donation address on the OTS website (?), I'll mak= e=20 > a > $100 donation now, it's a nice tool. And for the justice transaction...we= ll > for some scenarios you can use the latest valid commitment state to pin n= o=20 > risk > of being slashed by a justice transaction. > > Best, > Antoine > ots hash: 19d9b61ed5238e2922205a0a0194e0830b260a691f45b4189b1d145f72c9e03= 1 > > Le mar. 3 sept. 2024 =C3=A0 13:58, Peter Todd a =C3= =A9crit : > >> On Tue, Aug 27, 2024 at 02:10:15PM -0700, Antoine Riard wrote: >> > My utmost pleasure to demonstrate some pinning attacks on nodes under= =20 >> > real-world conditions. >> >> Antoine Riard: until Oct 1st, you have permission to test your attacks= =20 >> against >> my Lightning node running at: >> >> 023345274dd80a01c0e80ec4892818878...@alice.opentimestamps.org:9735= =20 >> >> >> That also happens to be my Alice OpenTimestamps calendar, in production,= =20 >> so >> please don't do anything you expect to be CPU or RAM intensive. But if y= ou >> accidentally take down the server, not the end of the world: OTS is a ve= ry >> redundant protocol and one calendar going down for a few hours is=20 >> unlikely to >> do any harm. >> >> It has about $400 of outgoing capacity at the moment, and $2000 inbound.= =20 >> It >> gets hardly any donations at the moment, so if you manage to knock LND= =20 >> offline >> that's no big deal. >> >> That's not my money - it's donations to the OTS calendars that I have no= =20 >> right >> to spend - so I'll ask you to pay for any expenses incurred by it during >> testing, and make a $100 net donation when you're done testing to make i= t >> worthwhile for the OTS community. If you manage to lose more than that o= n >> justice transactions, I'll consider that a donation. :) >> >> --=20 >> https://petertodd.org 'peter'[:-1]@petertodd.org >> > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.com. ------=_Part_161669_88562910.1728606073719 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all,

> If you have an on-chain donation address on the OTS= website (?), I'll make a
> $100 donation now, it's a nice tool. An= d for the justice transaction...well
> for some scenarios you can u= se the latest valid commitment state to pin no risk
> of being slas= hed by a justice transaction.

Been late on demonstrating a real-= world pinning attack against a production lightning
node. But I swear = it's real sport having to jungle with more than one category of
exploi= t to soundly test.

OTS is a great project. I'll make a donation = to it of 1 gram of gold or the equivalent
in fiats or satoshis at sett= lement (as $100 sounds to be almost equal to 1 gram of gold,
i.e $84.6= 6 those days) for each month late on doing a demonstrationg of real-world p= inning
attack, as a lateness penalty.

Beyond it's a great t= ool to make notarization of any kind of digital info, inside the
chain= where for every block there are probably two-digit terawatt hours burnt, w= hich
starts to be a f*cking lot of hydro power plants.

More= generally, I called since late 2020 at least for making real-world demonst= ration
of pinning attacks against lightning nodes, among others types = of cross-layers attacks,
At the exception of 2 ligthning protocol devs= if my memory is correct, all the others
ones since then have shunned = away from participating in a real-world demo, and Peter
Todd was the f= irst one to consent and make available a lightning node available for
= real-world demos in a "black box" fashion (indeed, it's far easier to execu= te exploits
on testing envs fully set by the researcher...).

In the future, I believe it can only be great if bitcoin security exploit= s are gauged
more or less on the lines of artifacts available, evaluat= ed and reproduced, as done
usually by major infosec confs.

Best,
Antoine
ots hash: 9d227f7832154c4c8bce9fce260ac84537489c1b= c8c4b8c2ba990ceb197c84fc
Le mardi 3 septembre 2024 =C3=A0 21:13:46 UTC+1, Antoi= ne Riard a =C3=A9crit=C2=A0:
> That also happens to be my Alice Open= Timestamps calendar, in production, so
> please don't do anything= you expect to be CPU or RAM intensive. But if you
> accidentally tak= e down the server, not the end of the world: OTS is a very
> redundan= t protocol and one calendar going down for a few hours is unlikely to
&g= t; do any harm.
>
> It has about $400 of outgoing capacity at = the moment, and $2000 inbound. It
> gets hardly any donations at the = moment, so if you manage to knock LND offline
> that's no big dea= l.
>
> That's not my money - it's donations to the OTS= calendars that I have no right
> to spend - so I'll ask you to p= ay for any expenses incurred by it during
> testing, and make a $100 = net donation when you're done testing to make it
> worthwhile for= the OTS community. If you manage to lose more than that on
> justice= transactions, I'll consider that a donation. :)

Many thanks Peter for that.

No worries, I won't play wi= th CPU or RAM, it's just all the transaction-relay
and mempool logic= that one can interfere with. I'll make you whole of the $2400
if th= e LND node goes down too hard, though I'm just looking for a node runni= ng
on mainnet, for a pinning the attacker has two open to channels and r= e-balance
the liquidity at its advantage a bit. I'll provide the liq= uidity by myself.

If you have an on-chain donation address on the OT= S website (?), I'll make a
$100 donation now, it's a nice tool. = And for the justice transaction...well
for some scenarios you can use th= e latest valid commitment state to pin no risk
of being slashed by a jus= tice transaction.

Best,
Antoine
ots hash: 19d9b61ed5238e292220= 5a0a0194e0830b260a691f45b4189b1d145f72c9e031

Le=C2=A0mar. 3 sept. 2024 = =C3=A0=C2=A013:58, Peter Todd <pe...@petertodd.org> a =C3=A9crit=C2=A0:
On Tue, Aug 27, 2024 at 02:10:15PM -0700, Antoine Riard wrote:
> My utmost pleasure to demonstrate some pinning attacks on nodes under =
> real-world conditions.

Antoine Riard: until Oct 1st, you have permission to test your attacks agai= nst
my Lightning node running at:

=C2=A0 =C2=A0 023345274dd80a0= 1c0e80ec4892818878...@alice.opentimestamps.org:9735

That also happens to be my Alice OpenTimestamps calendar, in production, so=
please don't do anything you expect to be CPU or RAM intensive. But if = you
accidentally take down the server, not the end of the world: OTS is a very<= br> redundant protocol and one calendar going down for a few hours is unlikely = to
do any harm.

It has about $400 of outgoing capacity at the moment, and $2000 inbound. It=
gets hardly any donations at the moment, so if you manage to knock LND offl= ine
that's no big deal.

That's not my money - it's donations to the OTS calendars that I ha= ve no right
to spend - so I'll ask you to pay for any expenses incurred by it durin= g
testing, and make a $100 net donation when you're done testing to make = it
worthwhile for the OTS community. If you manage to lose more than that on justice transactions, I'll consider that a donation. :)

--
https://petertodd.org 'peter'[:-1= ]@petertodd.org

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.com.=
------=_Part_161669_88562910.1728606073719-- ------=_Part_161668_1857037695.1728606073719--