HSM for the Bitcoin Lightning Network with LND Go implementation ?

[Pantamis]

Hi !

I recently discover usb armory and Tamago and I love the idea, I don't know if this is the good place to ask my question so apologies if it is not.

Something I would like to do with usb armory is a HSM capable of running a Bitcoin Lightning client. The Lightning Network is a protocol on top of Bitcoin to make instant and low fee payments without writing them on the blockchain using a network of liquidity providers connected by payemnts channels (funds protected by a smart multiparty signature). Running a Lightning node requires having access to the private key protecting funds when the node is up, so the Lightning nodes are not very safe for storage but allocating more funds in the node allows to earn more in payment routing fees, this creates an unfortunate tradeoff between security and yield because no hardware wallet support Lightning.

In the other hand, one of the major Lightning Network implementation (LND) is written in Go: https://github.com/lightningnetwork/lnd

So my question is: Would it be possible to compile LND with TamaGo to create a kind of Lightning hardware wallet equivalent ? Ideally, the private key of the node would be protected in the secure element of the usb armory and only readable by LND, the other data produced by LND would be in usb armory storage (SD card or HDD using USB connector), the device would run only what necessary for LND to operate, you connect it to a RPi which runs a Bitcoin node to serve blockchain data needed by LND. Having a supplementary script to control and limit how much bitcoins can be send with LND on a given time period would be just .... absolutly crazy. I think there would be a strong demand for this in the coming years, that would be a big paradigm shift in Bitcoin storage !

If it is not possible to do it with TamaGo, is it still safer to run LND with an OS booted on the ARMory than on a RPi ?

I hope I am clear enough for you to understand the use cases (another one of the same kind would be JoinMarket maker but it is implemented in python so I guess Tamago is irrelevant), but there is something big possible here.

Thank you in advance for your time and any information :)

[abarisani]

As long as these limitations are respected, any Go library can be compiled and networking can be achieved as shown in our tamago-example.

The RPi lacks a USB driver, which makes it not much suitable for this.

However an USB armory would work fine and it would allow you to take advantage of its secure booting and secure storage capabilities (like GoKey does for instance).

So this requires some glue code to put things together but it's definitely possible.

[Pantamis]

Very interesting :) I wonder how much glue code would be needed to do that correctly, I don't think I can do it myself but there is definitly something doable for some experimented devs in Go here.

Too bad the RPi can't support it, maybe there are other OS it can run to support the USB driver ? (like ubuntu server). At least I know the hardware to do it exists it's something !

Nothing to resolve in this issue so I close it, thank you !

[abarisani]

Please note that talking about some "other OS" or "ubuntu server" does not make sense in this context, as TamaGo replaces the OS.

[Pantamis]

Maybe I misunderstood what you meant about RPi drivers then, I thought that if I prepare a usb armory with TamaGo then the Raspberry would not be able to interact with it because of missing drivers. But maybe you meant that you can't create a TamaGo unikernel for RPi !

That was not my use case, I was thinking about pluging the usb armory with an image compiled from LND with TamaGo to a RPi which is always online to serve the usb armory data to do its job. The goal is to limit the amount of stolen funds if the RPi is hacked while still being able to route payments. LND already implemented an authentication system (using macaroon files) to disable sending funds if needed so if LND run in a safe environment with TamaGo (or not) this is already very nice :) (using the secure element to protect the private key would be even more amazing to provide physical security but require glue code as you said)

Seems totally doable without TamaGo or glue code at first so it is more a matter for me of getting a usb armory and taking the time to try :)

[abarisani]

We can create TamaGo unikernels for the Pi, however TamaGo lacks a USB driver to allow the unikernel to interact with TCP/IP networking over USB and/or WiFi. Serial console or GPIOs are the only way of I/O at the moment.

If you plan to use TamaGo on the USB armory then you have all the drivers you need.

[Pantamis]

Got it, thank you !

[SemanticBeeng]

"I think there would be a strong demand for this in the coming years, that would be a big paradigm shift in Bitcoin storage !"

Agreed!

"However an USB armory would work fine and it would allow you to take advantage of its secure booting and secure storage capabilities (like GoKey does for instance)."

So USB Armory could be use as a combination of HSM and bitcoin hardware wallet in multisig scenarios.

@Pantamis did you pursue this? @abarisani what would it take to get your hands-on guidance to realize this?

Related

• https://github.com/usbarmory/tamago-example/blob/master/cmd/btcd.go#L20-L36
  • in Electrum and Nunchuk https://youtu.be/nvE3c7DlNHg?t=1334