From mboxrd@z Thu Jan 1 00:00:00 1970
Delivery-date: Thu, 10 Oct 2024 17:29:10 -0700
Received: from mail-yb1-f186.google.com ([209.85.219.186])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBC3PT7FYWAMRBTHCUG4AMGQED344QUA@googlegroups.com>)
id 1sz3Wn-0007TA-3i
for bitcoindev@gnusha.org; Thu, 10 Oct 2024 17:29:09 -0700
Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-e28fea2adb6sf1844043276.3
for <bitcoindev@gnusha.org>; Thu, 10 Oct 2024 17:29:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1728606542; x=1729211342; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=;
b=saMGrgs8281GDNNHym3mAA9idhqH8Fzsv+xDhgfaNMBv16PVnS6dYwJV9MYq6f7D2N
+6mxunCw7Bt9/8FftuiLnsP3c+BLtSsw82AX4A9X7gXjmQQcP6vMDwyh1Ik3IpjrMJlI
hTx/cVvPV8tvJYddl3OaCT54HuKji5LCoT+uoN21YVTz61ksCpqjjiv3Eu/wSfYAC9tn
oe5l7eezjt7f5x3IozXVwuViMdX+TUXqZqnGaC4CQgNsDjzZRA9wCwC/dCySeWjdUF6N
QMUoaJF4PsKDU4Y8Z11ZIsX3pub7AXCAYXhL79He1+ON0wxJ9sc0tRAIEjNRbwCIl8rX
kyMA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1728606542; x=1729211342; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=;
b=WXAlSdYbhBgZQJrIs/H85fuG4n9nrZIfCng/e5XN2QgQ+kfOoA0wWqrKmggnT8UqY/
Efvjqhma5VACC4+B6kYp3+4axFHTqVkjiLbQUMli1POyvy8J+ReVtGRiemsgxOaMv8xY
2nRwOAyVGL02/8sy/+jYSVY/arYdS7GpwrZVe3AUgwejPIGAYUuNomnKx3okDCuRIkYv
+m1hWdcXC6o38Pw0XYiyqDl/wJyvEJ9dqWRCsfs/4XQzHlaplVufFeVj9j2bY/Gna1K2
c/JlY52ascBIGFLB/goNgH3D9N2WXD1SucJLGK2IftoNGWwqmELLrcUKoyUxVqdayXrG
+bjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1728606542; x=1729211342;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=lhVAacdZ6QFrK83CCFbMsgAWBAFabfQ2cCN/oSiCTVs=;
b=IfcNG8h3HSb3mHLkd8RypTHIU8GIEE0o5WVE7JtfQlf/LIxBXW7Paro9dH4U5CYjO1
a6GZeRHvFWswnPLSvzwIragIlYlchClFXA2M+W9wc08JAaDwoDuYncB5Yx7E2wPunlcf
wdvI0y4MHfqCh9Ml4NdsQBOemD7jPOXiCjosLpIJTV/MASsDhip6nPBge5PMaaZ0+7HB
DzX9eFqg6eXXajFLZpIv0PG0aou+4p+jepsvbmGPeow8ErsXfJYFByySxF0XNJjqSCyz
I6xKle8BLlChp9i4hJ+Qcc3yh0UAsusTDA1jeGrOeXFXGzsBtINDji/Bsi3zYvt7DhGG
TIwA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCXMfP39LTdQXSPtJolpfpj2hmCfSEs1eH012K8erIa4fjgNlx39qJeGD1JvOIrboPChmL1LbkNWARJS@gnusha.org
X-Gm-Message-State: AOJu0YzcwxU+aowpaUp8vXptzwYKw1DRcFgZxK5O2B11PTU9PAohKWk0
Z1jXZeF4itAtXM57N1XmDxPykPkyyMqPbuMwLAi9UBhsVWMtFyZ0
X-Google-Smtp-Source: AGHT+IETGbbTd/s4SVcM00lU2ET6B2FB/RuQp4l7uMCiR4+fvf/SJaBfcPois6tfS9+kV9pTx0Fh9A==
X-Received: by 2002:a05:6902:10cb:b0:e25:d51a:98ba with SMTP id 3f1490d57ef6-e2919d62707mr689925276.7.1728606542502;
Thu, 10 Oct 2024 17:29:02 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6902:18ca:b0:e1d:a3e8:5b29 with SMTP id
3f1490d57ef6-e290bb64da3ls585761276.1.-pod-prod-07-us; Thu, 10 Oct 2024
17:29:00 -0700 (PDT)
X-Received: by 2002:a05:690c:2843:b0:6dd:b920:6e61 with SMTP id 00721157ae682-6e347c840a2mr4870927b3.40.1728606539949;
Thu, 10 Oct 2024 17:28:59 -0700 (PDT)
Received: by 2002:a05:690c:3411:b0:6dd:c9c1:7a16 with SMTP id 00721157ae682-6e31ec9542fms7b3;
Thu, 10 Oct 2024 17:21:15 -0700 (PDT)
X-Received: by 2002:a05:690c:620a:b0:6e3:f6f:5b7f with SMTP id 00721157ae682-6e3479c7d82mr5732097b3.19.1728606074120;
Thu, 10 Oct 2024 17:21:14 -0700 (PDT)
Date: Thu, 10 Oct 2024 17:21:13 -0700 (PDT)
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <51ac4b01-f2d3-4932-9d00-1c9be0875f96n@googlegroups.com>
In-Reply-To: <CALZpt+EM1ysYErpGneuP_d+MjhQcaG7d2_EtRm2WYGFfLYuBsA@mail.gmail.com>
References: <a647a2e2-2742-4b0e-ae84-6f84b018136fn@googlegroups.com>
<ZtcIDJkfQp7uh+Kj@petertodd.org>
<CALZpt+EM1ysYErpGneuP_d+MjhQcaG7d2_EtRm2WYGFfLYuBsA@mail.gmail.com>
Subject: Re: [bitcoindev] Demonstrating Pinning Attacks under Real-World Conditions
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_161668_1857037695.1728606073719"
X-Original-Sender: antoine.riard@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.4 (/)
------=_Part_161668_1857037695.1728606073719
Content-Type: multipart/alternative;
boundary="----=_Part_161669_88562910.1728606073719"
------=_Part_161669_88562910.1728606073719
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi all,
> If you have an on-chain donation address on the OTS website (?), I'll=20
make a
> $100 donation now, it's a nice tool. And for the justice=20
transaction...well
> for some scenarios you can use the latest valid commitment state to pin=
=20
no risk
> of being slashed by a justice transaction.
Been late on demonstrating a real-world pinning attack against a production=
=20
lightning
node. But I swear it's real sport having to jungle with more than one=20
category of
exploit to soundly test.
OTS is a great project. I'll make a donation to it of 1 gram of gold or the=
=20
equivalent
in fiats or satoshis at settlement (as $100 sounds to be almost equal to 1=
=20
gram of gold,
i.e $84.66 those days) for each month late on doing a demonstrationg of=20
real-world pinning
attack, as a lateness penalty.
Beyond it's a great tool to make notarization of any kind of digital info,=
=20
inside the
chain where for every block there are probably two-digit terawatt hours=20
burnt, which
starts to be a f*cking lot of hydro power plants.
More generally, I called since late 2020 at least for making real-world=20
demonstration
of pinning attacks against lightning nodes, among others types of=20
cross-layers attacks,
At the exception of 2 ligthning protocol devs if my memory is correct, all=
=20
the others
ones since then have shunned away from participating in a real-world demo,=
=20
and Peter
Todd was the first one to consent and make available a lightning node=20
available for
real-world demos in a "black box" fashion (indeed, it's far easier to=20
execute exploits
on testing envs fully set by the researcher...).
In the future, I believe it can only be great if bitcoin security exploits=
=20
are gauged
more or less on the lines of artifacts available, evaluated and reproduced,=
=20
as done=20
usually by major infosec confs.
Best,
Antoine
ots hash: 9d227f7832154c4c8bce9fce260ac84537489c1bc8c4b8c2ba990ceb197c84fc
Le mardi 3 septembre 2024 =C3=A0 21:13:46 UTC+1, Antoine Riard a =C3=A9crit=
:
> > That also happens to be my Alice OpenTimestamps calendar, in production=
,=20
> so
> > please don't do anything you expect to be CPU or RAM intensive. But if=
=20
> you
> > accidentally take down the server, not the end of the world: OTS is a=
=20
> very
> > redundant protocol and one calendar going down for a few hours is=20
> unlikely to
> > do any harm.
> >=20
> > It has about $400 of outgoing capacity at the moment, and $2000 inbound=
.=20
> It
> > gets hardly any donations at the moment, so if you manage to knock LND=
=20
> offline
> > that's no big deal.
> >=20
> > That's not my money - it's donations to the OTS calendars that I have n=
o=20
> right
> > to spend - so I'll ask you to pay for any expenses incurred by it durin=
g
> > testing, and make a $100 net donation when you're done testing to make =
it
> > worthwhile for the OTS community. If you manage to lose more than that =
on
> > justice transactions, I'll consider that a donation. :)
>
> Many thanks Peter for that.
>
> No worries, I won't play with CPU or RAM, it's just all the=20
> transaction-relay
> and mempool logic that one can interfere with. I'll make you whole of the=
=20
> $2400
> if the LND node goes down too hard, though I'm just looking for a node=20
> running
> on mainnet, for a pinning the attacker has two open to channels and=20
> re-balance
> the liquidity at its advantage a bit. I'll provide the liquidity by mysel=
f.
>
> If you have an on-chain donation address on the OTS website (?), I'll mak=
e=20
> a
> $100 donation now, it's a nice tool. And for the justice transaction...we=
ll
> for some scenarios you can use the latest valid commitment state to pin n=
o=20
> risk
> of being slashed by a justice transaction.
>
> Best,
> Antoine
> ots hash: 19d9b61ed5238e2922205a0a0194e0830b260a691f45b4189b1d145f72c9e03=
1
>
> Le mar. 3 sept. 2024 =C3=A0 13:58, Peter Todd <pe...@petertodd.org> a =C3=
=A9crit :
>
>> On Tue, Aug 27, 2024 at 02:10:15PM -0700, Antoine Riard wrote:
>> > My utmost pleasure to demonstrate some pinning attacks on nodes under=
=20
>> > real-world conditions.
>>
>> Antoine Riard: until Oct 1st, you have permission to test your attacks=
=20
>> against
>> my Lightning node running at:
>>
>> 023345274dd80a01c0e80ec4892818878...@alice.opentimestamps.org:9735=
=20
>> <http://023345274dd80a01c0e80ec48928188783f9bc5281be8f5057c050492f10711a=
5b@alice.opentimestamps.org:9735>
>>
>> That also happens to be my Alice OpenTimestamps calendar, in production,=
=20
>> so
>> please don't do anything you expect to be CPU or RAM intensive. But if y=
ou
>> accidentally take down the server, not the end of the world: OTS is a ve=
ry
>> redundant protocol and one calendar going down for a few hours is=20
>> unlikely to
>> do any harm.
>>
>> It has about $400 of outgoing capacity at the moment, and $2000 inbound.=
=20
>> It
>> gets hardly any donations at the moment, so if you manage to knock LND=
=20
>> offline
>> that's no big deal.
>>
>> That's not my money - it's donations to the OTS calendars that I have no=
=20
>> right
>> to spend - so I'll ask you to pay for any expenses incurred by it during
>> testing, and make a $100 net donation when you're done testing to make i=
t
>> worthwhile for the OTS community. If you manage to lose more than that o=
n
>> justice transactions, I'll consider that a donation. :)
>>
>> --=20
>> https://petertodd.org 'peter'[:-1]@petertodd.org
>>
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.com.
------=_Part_161669_88562910.1728606073719
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi all,<br /><br />> If you have an on-chain donation address on the OTS=
website (?), I'll make a<br />> $100 donation now, it's a nice tool. An=
d for the justice transaction...well<br />> for some scenarios you can u=
se the latest valid commitment state to pin no risk<br />> of being slas=
hed by a justice transaction.<br /><br />Been late on demonstrating a real-=
world pinning attack against a production lightning<br />node. But I swear =
it's real sport having to jungle with more than one category of<br />exploi=
t to soundly test.<br /><br />OTS is a great project. I'll make a donation =
to it of 1 gram of gold or the equivalent<br />in fiats or satoshis at sett=
lement (as $100 sounds to be almost equal to 1 gram of gold,<br />i.e $84.6=
6 those days) for each month late on doing a demonstrationg of real-world p=
inning<br />attack, as a lateness penalty.<br /><br />Beyond it's a great t=
ool to make notarization of any kind of digital info, inside the<br />chain=
where for every block there are probably two-digit terawatt hours burnt, w=
hich<br />starts to be a f*cking lot of hydro power plants.<br /><br />More=
generally, I called since late 2020 at least for making real-world demonst=
ration<br />of pinning attacks against lightning nodes, among others types =
of cross-layers attacks,<br />At the exception of 2 ligthning protocol devs=
if my memory is correct, all the others<br />ones since then have shunned =
away from participating in a real-world demo, and Peter<br />Todd was the f=
irst one to consent and make available a lightning node available for<br />=
real-world demos in a "black box" fashion (indeed, it's far easier to execu=
te exploits<br />on testing envs fully set by the researcher...).<br /><br =
/>In the future, I believe it can only be great if bitcoin security exploit=
s are gauged<br />more or less on the lines of artifacts available, evaluat=
ed and reproduced, as done <br />usually by major infosec confs.<br /><br /=
>Best,<br />Antoine<br />ots hash: 9d227f7832154c4c8bce9fce260ac84537489c1b=
c8c4b8c2ba990ceb197c84fc<br /><div class=3D"gmail_quote"><div dir=3D"auto" =
class=3D"gmail_attr">Le mardi 3 septembre 2024 =C3=A0 21:13:46 UTC+1, Antoi=
ne Riard a =C3=A9crit=C2=A0:<br/></div><blockquote class=3D"gmail_quote" st=
yle=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padd=
ing-left: 1ex;"><div dir=3D"ltr">> That also happens to be my Alice Open=
Timestamps calendar, in production, so<br>> please don't do anything=
you expect to be CPU or RAM intensive. But if you<br>> accidentally tak=
e down the server, not the end of the world: OTS is a very<br>> redundan=
t protocol and one calendar going down for a few hours is unlikely to<br>&g=
t; do any harm.<br>> <br>> It has about $400 of outgoing capacity at =
the moment, and $2000 inbound. It<br>> gets hardly any donations at the =
moment, so if you manage to knock LND offline<br>> that's no big dea=
l.<br>> <br>> That's not my money - it's donations to the OTS=
calendars that I have no right<br>> to spend - so I'll ask you to p=
ay for any expenses incurred by it during<br>> testing, and make a $100 =
net donation when you're done testing to make it<br>> worthwhile for=
the OTS community. If you manage to lose more than that on<br>> justice=
transactions, I'll consider that a donation. :)<br><br></div><div dir=
=3D"ltr">Many thanks Peter for that.<br><br>No worries, I won't play wi=
th CPU or RAM, it's just all the transaction-relay<br>and mempool logic=
that one can interfere with. I'll make you whole of the $2400<br>if th=
e LND node goes down too hard, though I'm just looking for a node runni=
ng<br>on mainnet, for a pinning the attacker has two open to channels and r=
e-balance<br>the liquidity at its advantage a bit. I'll provide the liq=
uidity by myself.<br><br>If you have an on-chain donation address on the OT=
S website (?), I'll make a<br>$100 donation now, it's a nice tool. =
And for the justice transaction...well<br>for some scenarios you can use th=
e latest valid commitment state to pin no risk<br>of being slashed by a jus=
tice transaction.<br><br>Best,<br>Antoine<br>ots hash: 19d9b61ed5238e292220=
5a0a0194e0830b260a691f45b4189b1d145f72c9e031<br></div><br><div class=3D"gma=
il_quote"><div dir=3D"ltr" class=3D"gmail_attr">Le=C2=A0mar. 3 sept. 2024 =
=C3=A0=C2=A013:58, Peter Todd <<a href data-email-masked rel=3D"nofollow=
">pe...@petertodd.org</a>> a =C3=A9crit=C2=A0:<br></div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;b=
order-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"=
>On Tue, Aug 27, 2024 at 02:10:15PM -0700, Antoine Riard wrote:<br>
> My utmost pleasure to demonstrate some pinning attacks on nodes under =
<br>
> real-world conditions.<br>
<br>
Antoine Riard: until Oct 1st, you have permission to test your attacks agai=
nst<br>
my Lightning node running at:<br>
<br>
=C2=A0 =C2=A0 <a href=3D"http://023345274dd80a01c0e80ec48928188783f9bc5281b=
e8f5057c050492f10711a5b@alice.opentimestamps.org:9735" rel=3D"noreferrer no=
follow" target=3D"_blank" data-saferedirecturl=3D"https://www.google.com/ur=
l?hl=3Dfr&q=3Dhttp://023345274dd80a01c0e80ec48928188783f9bc5281be8f5057=
c050492f10711a5b@alice.opentimestamps.org:9735&source=3Dgmail&ust=
=3D1728692365098000&usg=3DAOvVaw1dEXGN2fprHuN6PyywScyc">023345274dd80a0=
1c0e80ec4892818878...@alice.opentimestamps.org:9735</a><br>
<br>
That also happens to be my Alice OpenTimestamps calendar, in production, so=
<br>
please don't do anything you expect to be CPU or RAM intensive. But if =
you<br>
accidentally take down the server, not the end of the world: OTS is a very<=
br>
redundant protocol and one calendar going down for a few hours is unlikely =
to<br>
do any harm.<br>
<br>
It has about $400 of outgoing capacity at the moment, and $2000 inbound. It=
<br>
gets hardly any donations at the moment, so if you manage to knock LND offl=
ine<br>
that's no big deal.<br>
<br>
That's not my money - it's donations to the OTS calendars that I ha=
ve no right<br>
to spend - so I'll ask you to pay for any expenses incurred by it durin=
g<br>
testing, and make a $100 net donation when you're done testing to make =
it<br>
worthwhile for the OTS community. If you manage to lose more than that on<b=
r>
justice transactions, I'll consider that a donation. :)<br>
<br>
-- <br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer nofollow" target=3D"_bl=
ank" data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&q=3Dhtt=
ps://petertodd.org&source=3Dgmail&ust=3D1728692365098000&usg=3D=
AOvVaw3fHTVrwo9bbcMnSkh8qbj1">https://petertodd.org</a> 'peter'[:-1=
]@<a href=3D"http://petertodd.org" rel=3D"noreferrer nofollow" target=3D"_b=
lank" data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&q=3Dht=
tp://petertodd.org&source=3Dgmail&ust=3D1728692365098000&usg=3D=
AOvVaw1fqhGhC_6AXNLvS7vbOhKe">petertodd.org</a><br>
</blockquote></div>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/51ac4b01-f2d3-4932-9d00-1c9be0875f96n%40googlegroups.com</a>.=
<br />
------=_Part_161669_88562910.1728606073719--
------=_Part_161668_1857037695.1728606073719--