ffac0336e6
In this commit, we add a new package implementing the aezeed cipher seed scheme. This is a new scheme developed that aims to overcome the two major short comings of BIP39: a lack of a version, and a lack of a wallet birthday. A lack a version means that wallets may not necessarily know *how* to re-derive addresses during the recovery process. A lack of a birthday means that wallets don’t know how far back to look in the chain to ensure that they derive *all* the proper user addresses. The aezeed scheme addresses these two drawbacks and adds a number of desirable features. First, we start with the following plaintext seed: {1 byte internal version || 2 byte timestamp || 16 bytes of entropy}. The version field is for wallets to be able to know *how* to re-derive the keys of the wallet. The 2 byte timestamp is expressed in Bitcoin Days Genesis, meaning that the number of days since the timestamp in Bitcoin’s genesis block. This allow us to save space, and also avoid using a wasteful level of granularity. With the currently, this can express time up until 2188. Finally, the entropy is raw entropy that should be used to derive wallet’s HD root. Next, we’ll take the plaintext seed described above and encipher it to procure a final cipher text. We’ll then take this cipher text (the CipherSeed) and encode that using a 24-word mnemonic. The enciphering process takes a user defined passphrase. If no passphrase is provided, then the string “aezeed” will be used. To encipher a plaintext seed (19 bytes) to arrive at an enciphered cipher seed (33 bytes), we apply the following operations: * First we take the external version an append it to our buffer. The external version describes *how* we encipher. For the first version (version 0), we’ll use scrypt(n=32768, r=8, p=1) and aezeed. * Next, we’ll use scrypt (with the version 9 params) to generate a strong key for encryption. We’ll generate a 32-byte key using 5 bytes as a salt. The usage of the salt is meant to make the creation of rainbow tables infeasible. * Next, the enciphering process. We use aezeed, modern AEAD with nonce-misuse resistance properties. The important trait we exploit is that it’s an *arbitrary input length block cipher*. Additionally, it has what’s essentially a configurable MAC size. In our scheme we’ll use a value of 4, which acts as a 32-bit checksum. We’ll encrypt with our generated seed, and use an AD of (version || salt). We'll them compute a checksum over all the data, using crc-32, appending the result to the end. * Finally, we’ll encode this 33-byte cipher text using the default world list of BIP 39 to produce 24 english words. The `aezeed` cipher seed scheme has a few cool properties, notably: * The mnemonic itself is a cipher text, meaning leaving it in plaintext is advisable if the user also set a passphrase. This is in contrast to BIP 39 where the mnemonic alone (without a passphrase) may be sufficient to steal funds. * A cipherseed can be modified to *change* the passphrase. This means that if the users wants a stronger passphrase, they can decipher (with the old passphrase), then encipher (with a new passphrase). Compared to BIP 39, where if the users used a passphrase, since the mapping is one way, they can’t change the passphrase of their existing HD key chain. * A cipher seed can be *upgraded*. Since we have an external version, offline tools can be provided to decipher using the old params, and encipher using the new params. In the future if we change ciphers, change scrypt, or just the parameters of scrypt, then users can easily upgrade their seed with an offline tool. * We're able to verify that a user has input the incorrect passphrase, and that the user has input the incorrect mnemonic independently. |
||
---|---|---|
aezeed | ||
autopilot | ||
brontide | ||
chainntnfs | ||
channeldb | ||
cmd/lncli | ||
contractcourt | ||
contrib | ||
discovery | ||
docker | ||
docs | ||
htlcswitch | ||
lnrpc | ||
lntest | ||
lnwallet | ||
lnwire | ||
macaroons | ||
multimutex | ||
routing | ||
shachain | ||
torsvc | ||
walletunlocker | ||
zpay32 | ||
.gitignore | ||
.travis.yml | ||
breacharbiter_test.go | ||
breacharbiter.go | ||
chainparams.go | ||
chainregistry.go | ||
chancloser.go | ||
config.go | ||
doc.go | ||
fundingmanager_test.go | ||
fundingmanager.go | ||
glide.lock | ||
glide.yaml | ||
gotest.sh | ||
invoiceregistry.go | ||
LICENSE | ||
lnd_test.go | ||
lnd.go | ||
log.go | ||
logo.png | ||
mock.go | ||
nodesigner.go | ||
nursery_store_test.go | ||
nursery_store.go | ||
peer_test.go | ||
peer.go | ||
pilot.go | ||
README.md | ||
release.sh | ||
rpcserver.go | ||
sample-lnd.conf | ||
server_test.go | ||
server.go | ||
signal.go | ||
test_utils.go | ||
utxonursery_test.go | ||
utxonursery.go | ||
version.go | ||
witness_beacon.go |
Lightning Network Daemon
The Lightning Network Daemon (lnd
) - is a complete implementation of a
Lightning Network node and currently deployed on
testnet3
- the Bitcoin Test Network. lnd
has several pluggable back-end
chain services including btcd
(a
full-node) and neutrino
(a new
experimental light client). The project's codebase uses the
btcsuite set of Bitcoin libraries, and also
exports a large set of isolated re-usable Lightning Network related libraries
within it. In the current state lnd
is capable of:
- Creating channels.
- Closing channels.
- Completely managing all channel states (including the exceptional ones!).
- Maintaining a fully authenticated+validated channel graph.
- Performing path finding within the network, passively forwarding incoming payments.
- Sending outgoing onion-encrypted payments through the network.
- Updating advertised fee schedules.
- Automatic channel management (
autopilot
).
Lightning Network Specification Compliance
lnd
fully conforms to the Lightning Network specification
(BOLTs). BOLT stands for:
Basic of Lightning Technologies. The specifications are currently being drafted
by several groups of implementers based around the world including the
developers of lnd
. The set of specification documents as well as our
implementation of the specification are still a work-in-progress. With that
said, the current status of lnd
's BOLT compliance is:
- BOLT 1: Base Protocol
- BOLT 2: Peer Protocol for Channel Management
- BOLT 3: Bitcoin Transaction and Script Formats
- BOLT 4: Onion Routing Protocol
- BOLT 5: Recommendations for On-chain Transaction Handling
- BOLT 7: P2P Node and Channel Discovery
- BOLT 8: Encrypted and Authenticated Transport
- BOLT 9: Assigned Feature Flags
- BOLT 10: DNS Bootstrap and Assisted Node Location
- BOLT 11: Invoice Protocol for Lightning Payments
Developer Resources
The daemon has been designed to be as developer friendly as possible in order
to facilitate application development on top of lnd
. Two primary RPC
interfaces are exported: an HTTP REST API, and a gRPC
service. The exported API's are not yet stable, so be warned: they may change
drastically in the near future.
An automatically generated set of documentation for the RPC APIs can be found at api.lightning.community. A set of developer resources including talks, articles, and example applications can be found at: dev.lightning.community.
Finally, we also have an active
Slack
where protocol developers, application developers, testers and users gather to
discuss various aspects of lnd
and also Lightning in general.
Installation
In order to build from source, please see the installation instructions.
IRC
- irc.freenode.net
- channel #lnd
- webchat