Are lightweight LN wallets vulnerable to transaction withholding?Lightweight client, bare necessitiesWhat is a block withholding attack?How vulnerable is bitcoin to quantum algorithms?Are Web Wallets Secure?Is Bitcoin vulnerable to a Birthday Attack against Private Keys?Is Lightning Network vulnerable to sybil attacks?Lightning network and lightweight clientsIs the statement that LN hot wallets will be less secure than non LN hot wallets correct?c-lightning & Lightweight nodes (no local bitcoind)Do lightweight wallets validate signatures? If not, why?

Meta programming: Declare a new struct on the fly

Are taller landing gear bad for aircraft, particulary large airliners?

How will losing mobility of one hand affect my career as a programmer?

Can a Bard use an arcane focus?

What to do when my ideas aren't chosen, when I strongly disagree with the chosen solution?

Freedom of speech and where it applies

I'm in charge of equipment buying but no one's ever happy with what I choose. How to fix this?

Female=gender counterpart?

Adding empty element to declared container without declaring type of element

Greatest common substring

How do I repair my stair bannister?

Reply ‘no position’ while the job posting is still there (‘HiWi’ position in Germany)

Golf game boilerplate

Is the next prime number always the next number divisible by the current prime number, except for any numbers previously divisible by primes?

Is there a problem with hiding "forgot password" until it's needed?

Why is delta-v is the most useful quantity for planning space travel?

Indicating multiple different modes of speech (fantasy language or telepathy)

Perfect riffle shuffles

Superhero words!

Is there an Impartial Brexit Deal comparison site?

Installing PowerShell on 32-bit Kali OS fails

Resetting two CD4017 counters simultaneously, only one resets

Why are on-board computers allowed to change controls without notifying the pilots?

Have I saved too much for retirement so far?



Are lightweight LN wallets vulnerable to transaction withholding?


Lightweight client, bare necessitiesWhat is a block withholding attack?How vulnerable is bitcoin to quantum algorithms?Are Web Wallets Secure?Is Bitcoin vulnerable to a Birthday Attack against Private Keys?Is Lightning Network vulnerable to sybil attacks?Lightning network and lightweight clientsIs the statement that LN hot wallets will be less secure than non LN hot wallets correct?c-lightning & Lightweight nodes (no local bitcoind)Do lightweight wallets validate signatures? If not, why?













2















As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.










share|improve this question


























    2















    As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.










    share|improve this question
























      2












      2








      2


      1






      As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.










      share|improve this question














      As far as I know, LN requires the user to watch the blockchain in order to perform penalty in time. However, running full node is probably a heavy burden to some users, especially to mobile phones. I once heard that improved protocol for lightweight wallet (like Neutrino) can solve this problem, but I also heard that such lightweight wallet protocol still implies trusting the full node or server which provides service. Especially, a malicious full node can hide transactions from its clients, which seems to be a potential threat to lightweight LN wallets.







      security lightning-network thin-clients






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      Chris ChenChris Chen

      1267




      1267




















          1 Answer
          1






          active

          oldest

          votes


















          11














          There is no substitute in terms of security and trust for running a full node.



          There are different "lightweight client" concepts. Some of them are...



          BIP37 (bloom filter):



          • [minus] With current used false-positive rates, peers may learn all wallet addresses

          • [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses

          • [plus] client can validate if the transaction(s) were in a block (merkleblock)

          • [plus] clients keep a blockchain with headers only can at least check PoW

          • [plus] uses only little bandwidth

          • [minus] Hiding back transactions are possible

          • [plus]"Impossible" to fake a transaction

          Neutrino (Compact Block Filters BIP158):



          • [plus] fewer privacy implications then BIP37 since filtering happens locally

          • [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)

          • [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)

          • [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)

          • [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)

          • [plus] "Impossible" to fake a transaction

          Centralized Validation (Bitpay, Samourai, etc.)



          • [minus] Full trust in the company/server (they know all your addresses)

          • [minus] Can hide back transactions

          • [minus] Can artificially create transactions

          • [plus] Minimal bandwidth consumption


          Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).



          Conclusion



          If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).



          If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.



          Recommended practical approach



          • Buy a tiny computer (Raspberry, Odroid, Pine64)

          • Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)

            • NO,.. don't use your old HDD (your sync time will be 20 times slower).


          • Install Bitcoin Core (there are pre-build ARM64 binaries)

          • Run with a large -dbcache (if you have 2GB+ RAM)

          • Sync the chain

          • zzzZZZ (takes maybe a week)

          • enjoy being a real Bitcoiner (by avoiding all trusted third parties)





          share|improve this answer

























          • I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

            – Anonymous
            yesterday











          • Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

            – Jonas Schnelli
            yesterday












          • The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

            – Anonymous
            yesterday










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "308"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85557%2fare-lightweight-ln-wallets-vulnerable-to-transaction-withholding%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          11














          There is no substitute in terms of security and trust for running a full node.



          There are different "lightweight client" concepts. Some of them are...



          BIP37 (bloom filter):



          • [minus] With current used false-positive rates, peers may learn all wallet addresses

          • [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses

          • [plus] client can validate if the transaction(s) were in a block (merkleblock)

          • [plus] clients keep a blockchain with headers only can at least check PoW

          • [plus] uses only little bandwidth

          • [minus] Hiding back transactions are possible

          • [plus]"Impossible" to fake a transaction

          Neutrino (Compact Block Filters BIP158):



          • [plus] fewer privacy implications then BIP37 since filtering happens locally

          • [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)

          • [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)

          • [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)

          • [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)

          • [plus] "Impossible" to fake a transaction

          Centralized Validation (Bitpay, Samourai, etc.)



          • [minus] Full trust in the company/server (they know all your addresses)

          • [minus] Can hide back transactions

          • [minus] Can artificially create transactions

          • [plus] Minimal bandwidth consumption


          Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).



          Conclusion



          If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).



          If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.



          Recommended practical approach



          • Buy a tiny computer (Raspberry, Odroid, Pine64)

          • Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)

            • NO,.. don't use your old HDD (your sync time will be 20 times slower).


          • Install Bitcoin Core (there are pre-build ARM64 binaries)

          • Run with a large -dbcache (if you have 2GB+ RAM)

          • Sync the chain

          • zzzZZZ (takes maybe a week)

          • enjoy being a real Bitcoiner (by avoiding all trusted third parties)





          share|improve this answer

























          • I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

            – Anonymous
            yesterday











          • Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

            – Jonas Schnelli
            yesterday












          • The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

            – Anonymous
            yesterday















          11














          There is no substitute in terms of security and trust for running a full node.



          There are different "lightweight client" concepts. Some of them are...



          BIP37 (bloom filter):



          • [minus] With current used false-positive rates, peers may learn all wallet addresses

          • [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses

          • [plus] client can validate if the transaction(s) were in a block (merkleblock)

          • [plus] clients keep a blockchain with headers only can at least check PoW

          • [plus] uses only little bandwidth

          • [minus] Hiding back transactions are possible

          • [plus]"Impossible" to fake a transaction

          Neutrino (Compact Block Filters BIP158):



          • [plus] fewer privacy implications then BIP37 since filtering happens locally

          • [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)

          • [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)

          • [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)

          • [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)

          • [plus] "Impossible" to fake a transaction

          Centralized Validation (Bitpay, Samourai, etc.)



          • [minus] Full trust in the company/server (they know all your addresses)

          • [minus] Can hide back transactions

          • [minus] Can artificially create transactions

          • [plus] Minimal bandwidth consumption


          Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).



          Conclusion



          If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).



          If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.



          Recommended practical approach



          • Buy a tiny computer (Raspberry, Odroid, Pine64)

          • Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)

            • NO,.. don't use your old HDD (your sync time will be 20 times slower).


          • Install Bitcoin Core (there are pre-build ARM64 binaries)

          • Run with a large -dbcache (if you have 2GB+ RAM)

          • Sync the chain

          • zzzZZZ (takes maybe a week)

          • enjoy being a real Bitcoiner (by avoiding all trusted third parties)





          share|improve this answer

























          • I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

            – Anonymous
            yesterday











          • Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

            – Jonas Schnelli
            yesterday












          • The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

            – Anonymous
            yesterday













          11












          11








          11







          There is no substitute in terms of security and trust for running a full node.



          There are different "lightweight client" concepts. Some of them are...



          BIP37 (bloom filter):



          • [minus] With current used false-positive rates, peers may learn all wallet addresses

          • [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses

          • [plus] client can validate if the transaction(s) were in a block (merkleblock)

          • [plus] clients keep a blockchain with headers only can at least check PoW

          • [plus] uses only little bandwidth

          • [minus] Hiding back transactions are possible

          • [plus]"Impossible" to fake a transaction

          Neutrino (Compact Block Filters BIP158):



          • [plus] fewer privacy implications then BIP37 since filtering happens locally

          • [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)

          • [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)

          • [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)

          • [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)

          • [plus] "Impossible" to fake a transaction

          Centralized Validation (Bitpay, Samourai, etc.)



          • [minus] Full trust in the company/server (they know all your addresses)

          • [minus] Can hide back transactions

          • [minus] Can artificially create transactions

          • [plus] Minimal bandwidth consumption


          Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).



          Conclusion



          If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).



          If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.



          Recommended practical approach



          • Buy a tiny computer (Raspberry, Odroid, Pine64)

          • Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)

            • NO,.. don't use your old HDD (your sync time will be 20 times slower).


          • Install Bitcoin Core (there are pre-build ARM64 binaries)

          • Run with a large -dbcache (if you have 2GB+ RAM)

          • Sync the chain

          • zzzZZZ (takes maybe a week)

          • enjoy being a real Bitcoiner (by avoiding all trusted third parties)





          share|improve this answer















          There is no substitute in terms of security and trust for running a full node.



          There are different "lightweight client" concepts. Some of them are...



          BIP37 (bloom filter):



          • [minus] With current used false-positive rates, peers may learn all wallet addresses

          • [minus] Usually done over an unencrypted channel (p2p 8333), ISPs, etc. learn also all your addresses

          • [plus] client can validate if the transaction(s) were in a block (merkleblock)

          • [plus] clients keep a blockchain with headers only can at least check PoW

          • [plus] uses only little bandwidth

          • [minus] Hiding back transactions are possible

          • [plus]"Impossible" to fake a transaction

          Neutrino (Compact Block Filters BIP158):



          • [plus] fewer privacy implications then BIP37 since filtering happens locally

          • [minus] needs more resources (basic filters from the genesis block up to block 560000 require ~3.5GB space/bandwidth)

          • [minus] more bandwidth consumption because full blocks must be downloaded (rather then Merkle-"blocks" in BIP37)

          • [minus] Hiding back transactions are still possible (though more complicated) because the block filters are not committed to the blocks (would require a soft-fork). Not committed means, peers can fake filters and make you miss relevant transactions (can be [partially] mitigated by comparing filters from different peers)

          • [minus] No solution for mempool filtering (can't show "incoming transactions" reliable)

          • [plus] "Impossible" to fake a transaction

          Centralized Validation (Bitpay, Samourai, etc.)



          • [minus] Full trust in the company/server (they know all your addresses)

          • [minus] Can hide back transactions

          • [minus] Can artificially create transactions

          • [plus] Minimal bandwidth consumption


          Some application mix different approaches (like Electrum does Merkle-tree checks and keeps a headers-only-chain to mitigate the "can artificially create transactions" problem).



          Conclusion



          If you want to watch the blockchain without trusted third parties, you must run a full node (could be pruned though <10GB space requirement, but lightning implementations are not fully compatible yet).



          If (and only if) BIP158 block filters get committed (though a soft fork, hash in blocks coinbase of similar), hiding transactions through peers, providing filters, would no longer be possible.



          Recommended practical approach



          • Buy a tiny computer (Raspberry, Odroid, Pine64)

          • Buy a >500GB SSD (USB3 SSD, ~100USD in 2019)

            • NO,.. don't use your old HDD (your sync time will be 20 times slower).


          • Install Bitcoin Core (there are pre-build ARM64 binaries)

          • Run with a large -dbcache (if you have 2GB+ RAM)

          • Sync the chain

          • zzzZZZ (takes maybe a week)

          • enjoy being a real Bitcoiner (by avoiding all trusted third parties)






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited yesterday









          Community

          1




          1










          answered yesterday









          Jonas SchnelliJonas Schnelli

          5,3201128




          5,3201128












          • I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

            – Anonymous
            yesterday











          • Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

            – Jonas Schnelli
            yesterday












          • The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

            – Anonymous
            yesterday

















          • I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

            – Anonymous
            yesterday











          • Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

            – Jonas Schnelli
            yesterday












          • The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

            – Anonymous
            yesterday
















          I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

          – Anonymous
          yesterday





          I wouldn't say it's impossible to withhold transactions in neutrino, at least in its current implementation.

          – Anonymous
          yesterday













          Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

          – Jonas Schnelli
          yesterday






          Depending on where you get your filters from, if from the p2p network, someone could intercept traffic (MITM) and hand you out "void" filters... but its not easy since maybe BIP157 is in use and clients keep a filters-chain.

          – Jonas Schnelli
          yesterday














          The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

          – Anonymous
          yesterday





          The current implementations are very dumb. It has the ability to do better in the future, but for the moment it's about on par with bip37 in that respect.

          – Anonymous
          yesterday

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Bitcoin Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85557%2fare-lightweight-ln-wallets-vulnerable-to-transaction-withholding%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Sum ergo cogito? 1 nng

          三茅街道4182Guuntc Dn precexpngmageondP