18 upvotes, 2 direct replies (showing 2)
View submission: Lightning Network Megathread
What plans do you have for securing your Lightning Node, considering its need for autonomous signing capability?
Comment by [deleted] at 03/01/2018 at 07:46 UTC
11 upvotes, 0 direct replies
This is a very important topic and deserves its own post (my post about it drowned)
Comment by Pretagonist at 03/01/2018 at 17:22 UTC
2 upvotes, 1 direct replies
I haven't seen any actual work on this but in theory one of the more capable hardware wallets should be able to handle this. Keep a hw wallet/node dongle connected to your node at all times. Make it aware of the amounts going in and out and set some logic to only sign transactions that equal out. That way your node can handle transactions and channel balancing and it can't be emptied if the node is compromised.
If you want to use your node to pay you need to input a code into the device and so on. If the hardware lacks storage it can use the host to store encrypted data or even use the cloud.
Some issues I can forsee is if an attacker can force a compromised node to publish an old channel state or similar so it needs to handle most such things in an encrypted fashion. But layering encryption like that shouldn't be a problem.