miketwenty1
commented
1 month ago @ariard
We are collecting an additional attribute for the workshops. Please update your issue and include a line item on the difficulty level of the workshop with either "Beginner", "Intermediate", or "Advanced".
- Beginner: would be no prior knowledge needed, very few technical skills required for workshop
- Intermediate: At least some knowledge needed to not be lost, technical skills, Comp Sci, IT related experience is greatly beneficial
- Advanced: Potentially a strong working knowledge of certain technologies, libraries, fundamentals, Comp Sci, and related protocols.
Error on the side of more advanced than less advanced as we want to set strong expectations. Depending on what you pick please gauge your workshop accordingly.
ariard
This talk is about teaching attendees how to do real-world pinning attacks on lightning nodes.
The workshop
During this talk, we'll explore the well-known economic based pinning (rule 3 bip125) on real-world conditions (testnet, signet, mainet) i.e a modified core lightning node with a custom C2C on top of a bitcoin full node. We'll test some pinning attacks scenarios (second-stage HTLC transactions and commitment transactions) which are widely known before TRUC policy and after TRUC policy (bip 431).
The modified patch constituting the pinning toolkit will be provided by me, the speaker, and they will be made available at the time of the conference, as it can be a bit sensitive of ethical infosec software material.
In function of the time slot (1h / 2h), we'll see how we do the demonstration, though the idea is to have a "hands-on" workshop where attendees exercise pinning attacks on demo lightning nodes. Format will be seen to match the traditional "black hat / defcon" briefing.
We won't explore the more advanced transaction-relay jamming attacks and stick to the basics.
Attendees Pre-Requesite
Please note the burner laptop requirement ! That way this avoids some attendee making the claim they have lost bitcoins while they clearly didn't follow basic security practices and this avoids wasting everyone time after the fact with interrogation by the FBI, the U.S secret service or other 3-letters agencies.