An implementation and deployment plan for AltNet
is proposed, a new subsystem aiming towards
providing a generic framework for integrating alternative transport communication channels inside
Bitcoin Core, hardening the p2p network.
- Increase network security by increasing link layer/peers diversity
- Increase transactions anonymity by providing identityless broadcast
- Increase application security by allowing corrective behavior due to anomalies detection
The phase 1 aims to achieve headers-sync between Bitcoin nodes over the Lightning p2p network. Each Bitcoin node is locally connected to a Lightning node, and the headers should flow over the Noise communication channel.
There are few building blocks required :
- a
rust-multiprocess
library to communicate with Bitcoin Core in a multiprocess setup - a
Validation
interface to access the validation engine - a
altnet-orchester
daemon to serve as a C2C for the alternative transport driver - a
altnet-lightning
daemon to connect to a Lightning node - few hacks in LDK/LDK-sample
- Github issue: bitcoin/bitcoin#18989
- Poc PR "Lightning sync": bitcoin/bitcoin#18988
- Poc PR "Watchdog": bitcoin/bitcoin#18987
The current networking approach suffers from a wide range of issues with regards to transaction origin inference, counter-measures against key infrastructure attackers, and harder security assumptions of higher-level protocols. Being heavily optimized and at same time trying to solve diverse goals like reasonable network security , tx-relay privacy, hindering block-topology, peer diversity, ... a functional networking stack is likely unable to address aforementioned issues without compromising its robustness.
Ideally you want to address scenarios with higher security requirements like an exchange receiving headers-over-DNS to detect tip pinning. A conscientious user always relying on tx-over-radio for each of its coins sends. You can also think about a LN hub willingly to use a HTTPS connection to a block explorer for emergency tx broadcast or an SPV wallet receiving filters-headers-over-obfs4 to defeat local Internet censorship. Of course, you can still rely on external modules or project, but better integrating them with Core to ease deployment and combine them for increased benefits.