4 upvotes, 1 direct replies (showing 1)
View submission: Lightning Network Megathread
While these may be suitable for some use cases, the intentionally limited capabilities of hardware wallets prevent them from providing advanced anti-fraud capability. For instance, detecting anomalous routing would require an up-to-date view of the network. This either needs to come from a trusted source (which itself needs to be secured) or the wallet needs to be able to acquire it for itself. Start adding complex features to the waller, such as a network stack and LN client, and you add additional security footprint. These are less concrete capabilities, which will require more complex updates. Even the suggestion of external storage comes with security complications - from where is the data sourced, how is that data encrypted and authenticated, how are the data encryption keys protected?
Yes, moving keys to HSM is an excellent idea, but when performing autonomous signing you need strong controls around submission. HSMs alone are not sufficient nor suitable for this purpose.
Comment by Pretagonist at 03/01/2018 at 18:07 UTC
1 upvotes, 1 direct replies
The wallet doesn't need to know anything about routing. It just need to know that the inputs and outputs balance at every time. When you want to make asymetrical transactions you will need to input a hardware pin.