Latest Lightning Network Release Pushes Security for Funds
The Lightning Network (LN) has announced the release of its lnd v0.8.0-beta to include more safety features, improved routing, and more complete support for lnd-based apps and wallets targeted at mobile devices.
Coming ahead of the Lightning Conference in Berlin later this weekend, it did not come as a surprise that the addition of security features is the major improvement to the protocol in this newest version. Rather, it shows that the release would form a part of the talking points at the annual gathering especially as the issue of safety with using the layer 2 protocol has been topical in the crypto space of late.
Last month, just as a pair of researchers released the results of a formal verification of LN, a vulnerability affecting many major implementations was fully disclosed after a partial disclosure on August 30th (CVE-2019-12998, CVE-2019-12999, and CVE-2019-13000).
I just published Announcing Olympus: Lightning-enabled fiat ramps by Zap
What if you could go from fiat in your bank account to non-custodial Lightning payments in seconds? What does onboarding the masses look like?
— Jack Mallers (@JackMallers) September 19, 2019
This goes with the view that as it grows over 35,000 channels and more payment systems being built on it – including Zap, the second-layer payments-focused protocol for Bitcoin is still generally considered new and bugs that could lead to loss of user funds are still being discovered. Hence some of the security features that are added by the latest version. Top among them is the introduction of the “SAFU Commitment” feature which will make successful recovery with a Static Channel Backup (SCB) no longer dependent on a channel counterparty being online and willing to provide the latest commitPoint necessary to claim funds.
“Thus, funds recovery with SAFU Commitments should be simpler and more reliable, as the only requirement is for the channel counterparty to force close the channel (eventually or upon request),” Lightning Labs says in a release. It adds that SAFU commitments are only used for new channels created between parties supporting it.
LND 0.8 will have a new feature which allows you to interactively reject incoming channel requests. You can make up whatever criteria you want
For example instead of having a min channel size, you could require new channels either pass a min channel size or a minimum push amount
— Alex Bosworth ☇ (@alexbosworth) September 29, 2019
lnd v0.8.0-beta also has the Per-HTLC Invoice Tracking to allow payment recipients to see additional detail and see correct balances when multiple HTLCs are paid to a single invoice. This is unlike before when multiple payments to an invoice could cause incorrect values to be displayed in LookupInvoice and ListInvoices, and duplicate payments not tracked. As a result, payments being accepted even after expiration would be fixed as well as payments accepted above or below the quoted price.
Other safety improvements introduced include “reproducible builds” which make it possible to verify the source of an lnd binary and determine whether it has been tampered with in a way that might introduce malicious code; additional automated testing for the bitcoind back-end to bring it to the same level of coverage as already existed for btcd and neutrino; a minor privacy leak addressed; and Bitcoin transaction and channel close transaction broadcasting were also made more robust.
Lightning Labs’ Joost Jager describes LN’s development as “the exploration of uncharted territory against a backdrop of changing the world for the better.” This view holds true as the platform that allows micro-payment grows raising curiosity and doubts. While that happens, concerns persist on the trustlessness of LN’s watchtower using a 3rd party as attributed to a Bitcoin Reddit thread moderator, /u/mrrGnome, who has since claimed the commentators are ignorant.