From pete at petertodd.org Tue Oct 20 15:38:52 2015 From: pete at petertodd.org (Peter Todd) Date: Tue, 20 Oct 2015 11:38:52 -0400 Subject: [Lightning-dev] Preventing MITM - Providing new nodes with real pubkeys In-Reply-To: <871tcqgipr.fsf@rustcorp.com.au> References: <20151016230141.GA22262@navy> <20151019014100.GA19146@navy> <871tcqgipr.fsf@rustcorp.com.au> Message-ID: <20151020153851.GB29014@savin.petertodd.org> On Tue, Oct 20, 2015 at 04:55:04PM +1030, Rusty Russell wrote: > Mats Jerratsch writes: > > Think about an attacker who is able to MITM your internet connection, > > like the hotspot you connect to at a Cafe (or your ISP if hijacked). > > They can build locally a gigantic network, all pointing to the same > > node. You can't tell, and they don't have to necessarily just block > > your payments. (see above) > > > > I am mainly concerned over those. Especially since there is not really > > anything we can do about dishonest nodes joining our network, but it's > > encouraging to see your math. Since everything security-wise so far > > stands only with knowing pubkeys of nodes actually connected to the > > network, this should be the first thing to tackle. (that is, making it > > expensive to attack it this way) > > Well, bitcoin protects from this using checkpoints, which are > centralized. Because AFAICT there's no really good way of doing it. Actually, I'd point out that checkpoints aren't as centralized as you'd think! Checkpoints are set sufficiently far back in the past that if they come into play for any reason other than initial bootstrapping, an active attacker exists that has sufficient hashing power to destroy Bitcoin anyway. Thus, checkpoints do *not* need consensus between different implementations; my Bitcoin implementation can set a different checkpoint than yours and both will work fine, except in the case of massive attacks that Bitcoin can't survive anyway. I probably should release a Bitcoin implementation with different checkpoints than Bitcoin Core to make this point more clearly... -- 'peter'[:-1]@petertodd.org 0000000000000000024918099cc7ec614db68e95d5f8b2b54fb5d06d33c764d9 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 650 bytes Desc: Digital signature URL: