Jekyll2021-06-13T08:15:05+00:00https://blog.lightningconductors.net//feed.xmlLightningConductorsConducting research of lightning network -- second layer solutiong for Bitcoin and other blockchain based payment systems.Bash Based Accounting2021-06-12T19:57:43+00:002021-06-12T19:57:43+00:00https://blog.lightningconductors.net//post/2021/06/12/bash-based-accounting<p>In this article I explain a simple account system in GNU operating system based on <code class="language-plaintext highlighter-rouge">awk</code> and <code class="language-plaintext highlighter-rouge">bash</code> utilities. Using this system you can manage the debt of you to your friends and family and viceversa.</p>
<h2 id="system-setup">System setup</h2>
<p>Let’s get practical and open your first account. For that you need to define one alias and two bash functions in an <code class="language-plaintext highlighter-rouge">~/.accounting</code> file and create <code class="language-plaintext highlighter-rouge">accounting</code> directory (<code class="language-plaintext highlighter-rouge">mkdir accounting</code>). Then place the following content there:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">alias </span><span class="nv">ds</span><span class="o">=</span><span class="s1">'date +%F@%H-%M'</span> <span class="c"># date stamp</span>
<span class="nv">ACCOUNT_SATS_PERSON</span><span class="o">=</span>~/accounting/person.txt
saldo<span class="o">()</span> <span class="o">{</span>
<span class="nb">echo</span> <span class="sb">`</span>ds<span class="sb">`</span> <span class="nv">$@</span> <span class="o">>></span> <span class="nv">$ACCOUNT_SATS_PERSON</span>
<span class="nb">echo </span>New transaction: <span class="nv">$@</span>
<span class="nb">echo </span>Saldo: <span class="sb">`</span><span class="nb">awk</span> <span class="s1">'{sum+=$2}END{print sum}'</span> <span class="nv">$ACCOUNT_SATS_PERSON</span><span class="sb">`</span>
<span class="o">}</span>
zustatek<span class="o">()</span> <span class="o">{</span>
<span class="nb">echo</span> <span class="s2">"saldo date amount description "</span>
<span class="nb">awk</span> <span class="s1">'{sum+=$2;print sum, $0;}'</span> <span class="nv">$ACCOUNT_SATS_PERSON</span>
<span class="o">}</span>
</code></pre></div></div>
<p>This can be sourced to bash using <code class="language-plaintext highlighter-rouge">source ~/.accounting</code> (also, if you are happy with that you can just add the sourcing at the end of <code class="language-plaintext highlighter-rouge">~/.bashrc</code>).</p>
<p>The usage is <code class="language-plaintext highlighter-rouge">saldo <amount> <description></code> where amount is a single number with a specific sign convention, e.g. minus when I borow money and plus when I lend to other person.</p>
<p>In case you handle accounts for more than one person, you can obviously create similar functions for each of them.</p>
<h2 id="example-spending">Example spending</h2>
<p>So now let’s assume that I have got a coffee for 3024 payed by the other person, then I payed membership fee for a car rental company that the person wish to contribute 33442 sats. We went for a trip and the other bought petrol to which I should contribute 54622 sats. I have added those expenses to the balance sheet with the correct sign using <code class="language-plaintext highlighter-rouge">saldo</code> function.</p>
<p>Finally, I add the price for the car rental to demonstrate how the output of the command <code class="language-plaintext highlighter-rouge">saldo</code> looks like. What is important to note is that the first argument after the command is the amount in satoshi.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="nv">$ </span> saldo 163232 car rental
New transaction: 163232 car rental
Saldo: 139028
</code></pre></div></div>
<p>This will add another entry to the <code class="language-plaintext highlighter-rouge">~/accounting/person.txt</code> file (notice the last line). This file is a mere table of the account with date, amount of change and a description and does not tell you the final saldo.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>2021-06-12@20-24 -3024 payment for coffee
2021-06-12@20-24 33442 membership fee
2021-06-12@20-25 -54622 contribution for petrol
2021-06-12@20-27 163232 car rental
</code></pre></div></div>
<p>Then you can run the balance command by the <code class="language-plaintext highlighter-rouge">zustatek</code> command</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="nv">$ </span> zustatek
saldo <span class="nb">date </span>amount description
<span class="nt">-3024</span> 2021-06-12@20-24 <span class="nt">-3024</span> payment <span class="k">for </span>coffee
30418 2021-06-12@20-24 33442 membership fee
<span class="nt">-24204</span> 2021-06-12@20-25 <span class="nt">-54622</span> payment <span class="k">for </span>petrol
139028 2021-06-12@20-27 163232 car rental
</code></pre></div></div>
<p>Where the first number always shows the current balance of the account and the rest is identical with the <code class="language-plaintext highlighter-rouge">$ACCOUNT_SATS_PERSON</code> file.</p>
<h2 id="graph-your-spending">Graph your spending</h2>
<p>The spending you do during a certain time can be shown in the graph using an old good <code class="language-plaintext highlighter-rouge">gnuplot</code>. Here I provide a simple script that can be saved as <code class="language-plaintext highlighter-rouge">~/accounting/zustatek.plt</code></p>
<pre><code class="language-gnuplot">now = "`date +%F@%H-%M`"
from="2021-06-01@00:00"
# from = "`date +%F@%H-%M -d 'now - 2 months'`"
filename = "~/accounting/person.txt"
set xdata time
set format x "%Y/%m"
set timefmt "%Y-%m-%d@%H-%M"
set xrange [from:now]
set grid
a=0
b=0
suma(x)=(a=a+x,a)
sumb(x)=(b=b+x,b)
high(x) = x > 0 ? b+x : b
low(x) = x < 0 ? b+x : b
plot filename using 1:2 w i t 'added' , '' u 1:(suma($2)) w l t 'saldo'
</code></pre>
<p>which can be visualised by running <code class="language-plaintext highlighter-rouge">gnuplot --perist ~/accounting/zustatek.plt</code> and shows both the intervals for changes and current balance (although improvements in the plotting would be welcome, e.g. adding finantial bars instead of lines).</p>
<p><img src="/assets/accounting/accounting.png" alt="GNUploot balance" /></p>
<h2 id="final-thoughts">Final thoughts</h2>
<p>Of course the accounting system works the same for any other currency besides bitcoin. You can even account in fiat, butter or anything else you decide with the friend that you keep the account with.</p>
<p>The limitation of the system is that it is kept on the computer of a single person, hence the updates have to be shared and agreed with the other peer by some other system, e.g. email, instant messaging.</p>
<p>The accounting system can be used as management of a single underlying bitcoin account within family and close friends, but then the liquidity of the account keeper remains to be established and tested on <a href="https://www.proofofkeys.com/">regular basis</a>.</p>
<p>In case that something happens (extreme example death of the debtor) the heirs can assess the legitimacy of the claims by the confirmation in the instant messaging program that provides signatures to the messages such as <a href="https://signal.org/">Signal</a>.</p>
<h2 id="ad">Ad</h2>
<p>Thanks for reading this article. If you liked it please share, <a href="https://blog.lightningconductors.net/feed.xml">subscribe to RSS feed</a> and to recognise its value consider a <a href="https://btcpay.lightningconductors.net/api/v1/invoices?storeId=FFPzRyoNZHuENk4uyNSehkscnDsRLWZpLedmCzipt9tU&checkoutDesc=Thanks+for+donating+to+lightningconductors.net&price=42&currency=sats">donation</a>. Also, feel free to <a href="mailto:info@lightningconductors.net">get in touch</a> if you have any advice for improvements or suggestions for further research.</p>In this article I explain a simple account system in GNU operating system based on awk and bash utilities. Using this system you can manage the debt of you to your friends and family and viceversa.Opening channels with PSBT in `lncli`2021-03-31T15:20:42+00:002021-03-31T15:20:42+00:00https://blog.lightningconductors.net//post/2021/03/31/opening-psbt-lncli<p>The channel opening on lightning network involves broadcasting an on-chain bitcoin transaction assigning a transaction fee per byte of transaction size to the miners. It’s possible to batch the transactions together to save space on the blockchain which also implies lower transaction fee. One of the ways to batch the channel opening is to use PSBT in which the inputs of transaction can be used for a large number of channels.</p>
<p>I have already written an <a href="/channels/2020/12/10/opening-psbt.html">article about PSBT channel opening from bitcoin-cli</a> which can be used when you have never used lightning network yet or wish to use the funds that you have within <code class="language-plaintext highlighter-rouge">bitcoin-cli</code>. Recently, that two of the channels I had on the lighting network got closed by a peer and I had two UTXO available in the <code class="language-plaintext highlighter-rouge">lncli</code>. This article is an extension of the <a href="/channels/2020/12/10/opening-psbt.html">PSBT channel opening from bitcoin-cli</a> to describe how <code class="language-plaintext highlighter-rouge">lncli</code> psbt can be made.</p>
<p>The workflow goes through the points of the following list:</p>
<ol>
<li>connect all relevant nodes</li>
<li>start funding using openchannel –psbt to all nodes (10 minutes counter starts), all but the last with <code class="language-plaintext highlighter-rouge">--no_publish</code> option</li>
<li>create the funding PSBT transaction from <code class="language-plaintext highlighter-rouge">lncli</code> (explanation below)
<ul>
<li>you can check it in the <code class="language-plaintext highlighter-rouge">bitcoin-cli decodepsbt <psbt></code> (but perhaps later, now the time counter is on)</li>
</ul>
</li>
<li>enter the PSBT transaction to each and every openchannel instance</li>
<li>finalize the transaction in <code class="language-plaintext highlighter-rouge">lncli</code> (explanation below)</li>
<li>enter the finalized transatction to each and every openchannel instance (make sure to enter it to the one without <code class="language-plaintext highlighter-rouge">--no_publish</code> option as the last one)</li>
<li>the channels are batched for the opening</li>
</ol>
<p>To remind you the point 2. is done using the command:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lncli openchannel --psbt <node_ID> --local_amt <amount> --no_publish
</code></pre></div></div>
<p>which gives you the address where the funds should be send within the <code class="language-plaintext highlighter-rouge">bitcoin-cli</code> example</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>...
Example with bitcoind:
bitcoin-cli walletcreatefundedpsbt [] '[{"bcrt1qqzgeg5ty6hz3v2gckwkgyg8s0596zrvrjulgvly8efaeqe3uu60snfrfd5":0.01000000}]'
...
Paste the funded PSBT here to continue the funding flow.
Base64 encoded PSBT:
</code></pre></div></div>
<p>The point 3. and 5. need further explanation as those are the ones, which I haven’t use in the <code class="language-plaintext highlighter-rouge">bitcoin-cli</code> setup. In my case I have used the command:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lncli wallet psbt fund --conf_target 420 --inputs='[<utxo_1>, ... , <utxo_N>]' --outputs='{<addr_1>:<amount_1>,...,<addr_M>:<amount_M>}'
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">--inputs</code> options are used to select the inputs numbers that we would like to spend. We can find out which UTXOs we have available using <code class="language-plaintext highlighter-rouge">lncli listunspend</code> command. The <code class="language-plaintext highlighter-rouge"><utxo_x></code> are exactly those which were specified in the <code class="language-plaintext highlighter-rouge">lncli openchannel</code> example and for you need to make sure, that you insert the amounts in satoshi rather than bitcoins.</p>
<p>As I wanted to use all the funds in the inputs to be transferred to the channels I selected the output amount plus desired fee (fairly low as I don’t care if the channels open in a few days) to be just a bit lower than the input amounts. Then I had a bit of trouble telling <code class="language-plaintext highlighter-rouge">lncli</code> that it should not create yet another output for the change, as I wanted all the funds to be used for the channel. I finally I overcame the issue by setting the confirmation target to a large value using <code class="language-plaintext highlighter-rouge">--conf_target 420</code> which means that I target for channel to be opened in 420 blocks.</p>
<p>Once the command is finalized you obtain the <code class="language-plaintext highlighter-rouge"><PSBT></code> string that can be entered to all the terminal windows with the prompt for the channel opening.</p>
<p>Finally, use the</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lncli wallet psbt finalize <PSBT>
</code></pre></div></div>
<p>That gives you a <code class="language-plaintext highlighter-rouge">final_tx</code> hexadecimal string that is again entered to the channel opening prompts. Just make sure, that the channel opening without <code class="language-plaintext highlighter-rouge">--no_publish</code> option goes as the last one.</p>
<p>If everything goes through smoothly, you are returned the TXID of the transaction opening your channels. However my experience was not that straight forward. As one of the peers I have tried to open the channel with had a large minimal channel amount that I was planing to submit, my transaction failed before the final transaction could be broadcast. The channels with the other peers stayed pending. I had to abandon the pending channels with <code class="language-plaintext highlighter-rouge">lncli abandonchannel</code> that is only available in dev build of <code class="language-plaintext highlighter-rouge">lncli</code> (so I had to recompile from the source using <code class="language-plaintext highlighter-rouge">make tags=dev && make install tags=dev</code>). Before I could re-initiate the channel opening as specified in the <a href="https://github.com/lightningnetwork/lnd/issues/5081">lnd git issue</a>.</p>
<h2 id="ad">Ad</h2>
<p>Thanks for reading this article. If you liked it please share, <a href="https://blog.lightningconductors.net/feed.xml">subscribe to RSS feed</a> and to recognise its value consider a <a href="https://btcpay.lightningconductors.net/api/v1/invoices?storeId=FFPzRyoNZHuENk4uyNSehkscnDsRLWZpLedmCzipt9tU&checkoutDesc=Thanks+for+donating+to+lightningconductors.net&price=42&currency=sats">donation</a>. Also, feel free to <a href="mailto:info@lightningconductors.net">get in touch</a> if you have any advice for improvements or suggestions for further research.</p>The channel opening on lightning network involves broadcasting an on-chain bitcoin transaction assigning a transaction fee per byte of transaction size to the miners. It’s possible to batch the transactions together to save space on the blockchain which also implies lower transaction fee. One of the ways to batch the channel opening is to use PSBT in which the inputs of transaction can be used for a large number of channels.LNbits Bounty Fundraising2021-03-29T16:20:30+00:002021-03-29T16:20:30+00:00https://blog.lightningconductors.net//post/2021/03/29/lnbits-fund-bounty<p>During the <a href="https://wiki.fulmo.org/wiki/Lightning_HackSprint_March_2021">fulmo lightning hacksprint</a> that happened this weekend I came across a project to the <a href="https://github.com/sputn1ck/github-bounty">Sputn1ck <code class="language-plaintext highlighter-rouge">github-bounty</code> project</a> which aims to fundraise the money to github issues through lightning. As for now the <code class="language-plaintext highlighter-rouge">github-bounty</code> uses the <code class="language-plaintext highlighter-rouge">lnd</code> backend API in order to generate the invoices and count the amount of contributions that are then displayed in the issue page.</p>
<p>Using a self hosted node is an ideal trustless setup that leaves you in control of your funds at any point. However, the relatively complicated setup and management of the lightning node is too intimidating for many potential users. The LNbits project is a self-hosted custodial service that allows to delegate the management of the node to a trusted third party. Although this idea is somehow against the mindset of many bitcoiners, because the provider might disappear with your funds at any moment. It is a risk that many users are willing to exchange for the convenience when dealing with smaller amount of money. Moreover, if you self-host the LNbits on your server you can benefit from the advanced features it offers without necessary loosing the control.</p>
<p>The LNbits system allows creating custom made extensions with their own API. At first I have thought that creating a new Bounty fundraising API would be a good idea and started to explore the possibility of such implementation. The LNbits is written in Python and uses Assynchronous Server Gateway Interface (ASGI) that serves the HTML with JavaScript code (in Vue) generated on the fly.</p>
<p>As I later realised, there is already a way of creating the fundraising system using a few existent LNbits extensions. Here I am going to describe how such system could work.</p>
<h2 id="wallet-setup">Wallet Setup</h2>
<p>The previous article I have written was about <a href="https://blog.lightningconductors.net/post/2021/03/22/deploying-lnbits.html">deploying the LNbits on your server</a>. Other possibility is to use one of the existent deployments such as <a href="https://lnbits.com">lnbits.com</a>.</p>
<p>When you hit the initial page of LNbits you get the option to create your own wallet by giving it a name and click confirm.</p>
<p><img src="/assets/fundbounty/wallet_setup.png" alt="LNbits wallet setup" /></p>
<p>This will take you to your wallet interface where you can see the funds that are are assigned to you, you can create invoices to receive funds from other lightning network users, or send funds to others.</p>
<p>Your wallet access credentials appear in the URL of the website, so you should make sure that you <strong>never send the link to anyone else</strong>, because they would be able to open the same webpage, and obtain the same rights as you have. Also, it is necessary that the address is only accessible through SSL encrypted secure HTTPS and not the legacy HTTP system, as it would make it vulnerable to the man in the middle attack.</p>
<p><img src="/assets/fundbounty/wallet_interface.png" alt="LNbits wallet interface" /></p>
<p>In the wallet interface you can create additional separate wallets that you can use for different purposes.</p>
<h2 id="choosing-the-extensions">Choosing the extensions</h2>
<p>To create the bounty fundraising we are going to use three extensions:</p>
<ul>
<li>Paywall – extension aimed to create payment walls to fundraise for a web links, we are going to use it to rise money for the bounty</li>
<li>Support Tickets – extension to create payed support tickets to prevent spam or earn for answering questions, we are going to provide the link for the users claiming the bounty</li>
<li>LNURLw – extension to send withdraw links to bounty winners</li>
</ul>
<p>In your wallet interface you can find an option to manage extension. When you click there, you enter to another page where you can enable those extensions for yourself. Then the extensions get activated and you can access to their interface through the link just under the list of your wallets:</p>
<p><img src="/assets/fundbounty/active_extensions.png" alt="Claim form initiation" /></p>
<h2 id="paywallbounty-fundraising-setup">Paywall/Bounty fundraising setup</h2>
<p>We are going to abuse the Paywall extension for the bounty fundraising. So having enabled it, you can enter the Paywall extension in the LNbits wallet interface. On the top of the page click on the “NEW PAYWALL” button. A form will appear for you to fill it up. Select the wallet to which the fundraising should go. It is a good idea to have a separate wallet for each fundrising for easy accounting of how much fund have been raised.</p>
<p>Then complete the a title and a description in the form. The redirect URL and minimal amount fields are obligatory, however not particularly useful for our purposes. We can just add a link that will be shown after the donor has made a successful payment so ideally we could create something like a thank you page, or just put a link to the github issue we are fundraising for.</p>
<p>We could also choose a minimal amount, but it makes sense to leave it on quite a low value, so that anyone can decide what amount they contribute with.</p>
<p><img src="/assets/fundbounty/paywall_initiation.png" alt="Paywall initiation" /></p>
<p>After confirming the form, the new paywall will appear in the list of the Paywall extension interface. In there you can find and copy the link to the paywall and publish it wherever prospective donors will find it.</p>
<p>With the link they will then be able to access the webpage as shown in the next figure.</p>
<p><img src="/assets/fundbounty/bounty_fundraising.png" alt="Fundraising interface" /></p>
<p>After they confirm the amount to contribute an invoice appears. The funds will be added to your LNbits wallet upon a successful payment.</p>
<h2 id="support-ticketsbounty-claim">Support Tickets/Bounty Claim</h2>
<p>Another extension that we are going to use is called Support Ticket. In the interface of this extension we can create a form to be filled by the user. The submission of the form is upon a payment of a submission fee, that is currently based on the number of words that the user fills in the claim.</p>
<p>In the Support Ticket we click on the “NEW FORM” button that opens a form to set the properties of the claim interface. Again we select the wallet, where the submission fees should be collected and fill in a form name and a description. As the spam protection we submit the Amount per word that the contributor for each form in the claim.</p>
<p><img src="/assets/fundbounty/bounty_form.png" alt="Claim form initiation" /></p>
<p>Finally we click on the “CREATE FORM” button and the form will appear in the extension interface of the Support tickets. We can now copy the link to the claim form and publish it on the github issue or any other place, where the developers contributing to our project find it. They can then open the interface as shown on the next figure and submit their claim on what they wish to have compensated and how. They also enter their name and contact details so you have a way to contact them.</p>
<p><img src="/assets/fundbounty/bounty_claim.png" alt="Bounty claim initiation" /></p>
<h2 id="lnurlw--bounty-assignment">LNURLw / Bounty assignment</h2>
<p>The last extension that we need is the LNURL withdraw extension that allows us to create vouchers for the genuine contributions to the project. There is a way to create quick or advanced vouchers. I believe that quick vouchers work just fine for our purposes – so click on the “QUICK VOUCHERS” button in the LNURLw extension to get to the voucher creation form.</p>
<p><img src="/assets/fundbounty/create_voucher.png" alt="Voucher creation" /></p>
<p>For larger amounts it might be reasonable to create a number of vouchers of smaller amounts. As the smaller amounts are more likely to be under the capacity constrains of the lightning channels, they are more likely to pass. As another way to overcome the small capacity problem, the bounty winner could also create his own account on the same LNbits portal as the withdrawal would be settled internally within the portal. Once we confirm the voucher creation form, we can copy the link to the LNURLw.</p>
<p>Now we should be careful about the way we share the link safely. For that reason <strong>always use only end-to-end encrypted communication channel to share the LNURLw links</strong> to prevent email providers or other intruders to copy the link and claim the bounty instead of the winner. Once the bounty winners have obtained the link, they can access it on a page similar to the following.</p>
<p><img src="/assets/fundbounty/lnurl-withdraw.png" alt="Voucher creation" /></p>
<p>Of course, another way to send the bounty to the contributors is to ask them for their invoice. However, the LNURL way is more practical, as there are no time limit within which the payment has to be settled as it is the case with lightning invoices.</p>
<h2 id="final-thoughts-and-further-work">Final thoughts and further work</h2>
<p>The controversy of such fundraising system is the custody of the funds. First the operator of the LNbits server could just disappear with the funds. Second, the user that start the fundraising needs to be trusted and potentially abuse the funds and never deliver actual results. Those risks can never be completely mitigated, so the contributors should verify how trust-worthy the involved parties are to protect themselves from scams.</p>
<p>The fundraising initiator should consider an ideal workflow for the fundraising to offer more clarity to the donors. It makes sense that the fundraising has a specific deadline when it should finish and the same can be applied for the actual work delivery to make sure it is completed within a reasonable time frame.</p>
<p>If the work is not completed by then, it would be fair to return the funds to the donors. Sending the funds through the LNURLw in this case might be too much of a hassle for the fundraising initiator, thus another way of returning the funds is needed. One way of doing it could be to allow the donor to provide an invoice key on their LNbits account, so that the system could reimburse them automatically in case the fundraising is cancelled. Other way would allow the donors above a certain amount to enter their reimbursement details. Finally, the fundraising could specify what happens with the funds in case that the work fails (e.g. charity donation, forwarding the money to fund other issues).</p>
<p>Further improvements of the Paywall fundraising might be beneficial, in particular an option to stop the fundraising is currently not available. It could be done in different ways, as for instance adding a fundraising target or select point in time when it would stop. The fundraising target would also be useful for the purposes of Paywall. In this case the Paywall could allow gratis access to all users after reaching the funding target.</p>
<p>The support ticket extension could have a fixed submission fee (perhaps even a word limit) to motivate the users to explain themselves clearly on their contributions.</p>
<p>The LNbits also has an API interface that can be used from other projects. One useful application would be the adaptation of the <a href="https://github.com/sputn1ck/github-bounty">sputn1ck fundraising</a> project to allow it to use the LNbits API in addition to <code class="language-plaintext highlighter-rouge">lnd</code> interface. Some further functionalities might need to be added to LNbits in order to use it in that way, but many are already implemented – like the invoice creation and quoting the amount with the Invoice/read key.</p>
<p>This article describes a practical way of doing a bounty fundraising, assignment and payouts for github issues. It can obviously be extended to any useful work even in the physical space that others can do for you or the community.</p>
<h2 id="acknowledgement">Acknowledgement</h2>
<p>Thanks to the organisers of <a href="https://wiki.fulmo.org/wiki/Lightning_HackSprint_March_2021">fulmo lightning hacksprint</a>, it was a great opportunity to connect with the community and learn more about the progress that is going on in this days. Also, I am grateful for advice of LNbits developers in particular <a href="https://github.com/arcbtc">Ben Arc</a> who provided useful hints to how to use LNbits for this purpose.</p>
<h2 id="ad">Ad</h2>
<p>Thanks for reading this article. If you liked it please share, <a href="https://blog.lightningconductors.net/feed.xml">subscribe to RSS feed</a> and to recognise its value consider a <a href="https://btcpay.lightningconductors.net/api/v1/invoices?storeId=FFPzRyoNZHuENk4uyNSehkscnDsRLWZpLedmCzipt9tU&checkoutDesc=Thanks+for+donating+to+lightningconductors.net&price=42&currency=sats">donation</a>. Also, feel free to <a href="mailto:info@lightningconductors.net">get in touch</a> if you have any advice for improvements or suggestions for further research.</p>During the fulmo lightning hacksprint that happened this weekend I came across a project to the Sputn1ck github-bounty project which aims to fundraise the money to github issues through lightning. As for now the github-bounty uses the lnd backend API in order to generate the invoices and count the amount of contributions that are then displayed in the issue page.Deploying LNbits2021-03-22T16:20:42+00:002021-03-22T16:20:42+00:00https://blog.lightningconductors.net//post/2021/03/22/deploying-lnbits<p>Last time I have wrote about <a href="/admin/lightning/lndhub/2021/03/10/deploying-lndhub.html">LNDHub</a> which is an application to manage user accounts on top of a single lightning node instance. <a href="https://github.com/lnbits/lnbits/blob/master/docs/guide/installation.md">LNbits</a> is yet another next layer solution for the lightning network which offers a number of extensions that can work on top of lightning. In this article I will describe the deployment of LNbits.</p>
<h2 id="basic-installation">Basic installation</h2>
<p>The installation is described on the <a href="https://github.com/lnbits/lnbits/blob/master/docs/guide/installation.md">github of lnbits</a>, however I had problems with installing the system on my machine directly, as there were some difficulties in creating virtual environment through <code class="language-plaintext highlighter-rouge">venv</code>. Eventually I have managed to install it using the <code class="language-plaintext highlighter-rouge">virtualenv</code> and activated it via <code class="language-plaintext highlighter-rouge">source venv/bin/activate</code>. In addition to the packages specified in the requirements I had to install <code class="language-plaintext highlighter-rouge">lndgrpc purerpc</code> libraries using <code class="language-plaintext highlighter-rouge">pip install lndgrpc purerpc</code> for the usage with <code class="language-plaintext highlighter-rouge">lnd</code>. Those packages require updated version of <code class="language-plaintext highlighter-rouge">python-setuptools</code> that can be installed via <code class="language-plaintext highlighter-rouge">pip</code> but it seems that the system wide installation took a preference. Removing the system wide installation with <code class="language-plaintext highlighter-rouge">apt remove python-setuptools</code> has solved the issue. My installation procedure then was</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://github.com/lnbits/lnbits.git
cd lnbits/
virtualenv -p python3 venv
source ./venv/bin/activate
pip install -r requirements.txt
cp .env.example .env
quart assets
quart migrate
hypercorn -k trio --bind 0.0.0.0:5000 'lnbits.app:create_app()'
</code></pre></div></div>
<h2 id="docker-installation">Docker installation</h2>
<p>As a way to avoid those issues and provide a reproducible build for other users I have also decided to use the <code class="language-plaintext highlighter-rouge">Dockerfile</code> in the lnbits repository. The first attempts have failed due to incorrect access rights of the lnbits folder which was solved by putting the SQLite database files in a separate directory owned by the user ID 1000 (as specified in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://github.com/lnbits/lnbits.git
cd lnbits/
docker build -t lnbits .
</code></pre></div></div>
<h2 id="configuring-lntxbot-backend">Configuring lntxbot backend</h2>
<p>Lntxbot is yet another custodial service within Telegram messanger. It provides a way to send tips for your Telegram contacts without them necesarily having a lighting wallet. It is also possible to connect to lntxbot from outside Telegram and the LNbits developers have deployed it as the LNbits backend.</p>
<p>The lntxbot configuration string is obtained by <code class="language-plaintext highlighter-rouge">/lightningatm</code> message to the lntxbot in Telegram. This gives something like:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NDc2ZjZmNjQyMDc5NmY3NTIwNjc2Zjc0MjA2ODY1NzI2NTJlMjA0Mjc1NzQyMDc0Njg2OTczMjA2OTczMjA2ZTZmNzQyMDZkNzkyMDcwNjE3MzczNzc2ZjcyNjQyMDNiMjkwYQ==@https://lntxbot.bigsun.xyz
</code></pre></div></div>
<p>where the part before <code class="language-plaintext highlighter-rouge">@</code> is the <code class="language-plaintext highlighter-rouge">LNTXBOT_KEY</code> and after <code class="language-plaintext highlighter-rouge">@</code> is <code class="language-plaintext highlighter-rouge">LNTXBOT_API_ENDPOINT</code> that needs to be copied to the <code class="language-plaintext highlighter-rouge">.env</code> file. The <code class="language-plaintext highlighter-rouge">.env</code> file was copied from <code class="language-plaintext highlighter-rouge">.env.example</code> and modified.</p>
<p>The docker container with lntxbot is then launched by:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker run --detach --publish 5000:5000 --name lnbits --volume ${PWD}/.env:/app/.env --volume ${PWD}/data/:/app/data lnbits
</code></pre></div></div>
<p>I have submitted <a href="https://github.com/lnbits/lnbits/pull/163">a PR with the changes in the docker configuration</a> to the LNbits developers and as for now they are pending for a review.</p>
<h2 id="configuring-lnd-grpc-connection">Configuring lnd-gRPC connection</h2>
<p>As the lntxbot itself is a custodial service I have decided to use my own node in order to have a complete control of the funds. I have used ssh to tunnel the lnd ports to the localhost as</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh -L 0.0.0.0:10009:localhost:10009 lndnode.onion
</code></pre></div></div>
<p>and made new directory for certificates <code class="language-plaintext highlighter-rouge">mkdir credentials</code> and copy the required credentials from the lndnode.onion there:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>scp lndnode.onion:<lnd_home>/data/chain/bitcoin/simnet/{admin.macaroon,tls.cert} ./credentials
</code></pre></div></div>
<p>finally setup the <code class="language-plaintext highlighter-rouge">.env</code> file to reflect <code class="language-plaintext highlighter-rouge">LNBITS_BACKEND_WALLET_CLASS=LndWallet</code> and certificate and macaroon path.</p>
<p>After launching the lnbits</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>hypercorn -k trio --bind 0.0.0.0:5000 'lnbits.app:create_app()'
</code></pre></div></div>
<p>I was able to access the same user accounts that were present with lntxbot, only that the backend node now is the lnd itself. When running the command in docker, we also need to mount a directory with the lnd credentials and modify the configuration in <code class="language-plaintext highlighter-rouge">.env</code> file to reflect the paths to the certificates within docker.</p>
<h2 id="configuring-lnd-grpc-in-docker">Configuring lnd-gRPC in Docker</h2>
<p>Every docker container has their own IP address on docker network. I was trying to connect to my machine’s external address to simulate this situation. At the first tries I couldn’t connect to the server and the wallet status code was <code class="language-plaintext highlighter-rouge">UNAVAILABLE</code> even though the IP addresses and port mapping was correct. Finally, I have found <a href="https://docs.zaphq.io/docs-desktop-lnd-configure">more information</a> about how this issue can be overcome. The problem was that the <code class="language-plaintext highlighter-rouge">tls.cert</code> for lnd is self-signed only for particular IP addresses and domains and my external IP adress was not on the list.</p>
<p>When configuring the container within docker we need to be careful about the domain name and IP addresses for which the TLS certificate is issued. This can be viewed using the <code class="language-plaintext highlighter-rouge">openssl</code> command.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 -text -noout -in credentials/tls.cert | grep DNS
</code></pre></div></div>
<p>which in my case gives the following list of DNS aliases:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>DNS:3851cbfdefe0, DNS:localhost, DNS:lnd_bitcoin, DNS:unix, DNS:unixpacket, DNS:bufconn, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:172.18.0.10
</code></pre></div></div>
<p>I have used self-signed lnd certificate that was generated for BTCPayServer docker instance in a container with a domain name <code class="language-plaintext highlighter-rouge">lnd_bitcoin</code>. So, I have changed the configuration in the <code class="language-plaintext highlighter-rouge">.env</code> file as</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>LND_GRPC_ENDPOINT=lnd_bitcoin
</code></pre></div></div>
<p>Finaly, I needed to interconnect with the BTCPayServer generated network by adding option <code class="language-plaintext highlighter-rouge">--network=generated_default</code> to <code class="language-plaintext highlighter-rouge">docker run</code> which results in</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker run --detach --network=generated_default --publish 5000:5000 --name lnbits --volume ${PWD}/.env:/app/.env --volume ${PWD}/data:/app/data --volume ${PWD}/credentials:/app/credentials lnbits
</code></pre></div></div>
<h2 id="further-work">Further work</h2>
<p>Now the lnbits is running on my domain under port 5000, however I is only under HTTP, which is not secure. One further task would be to enable secure HTTPS for it. This could also be added to BTCPayServer as an additional service similar to how BTCPay provides access to Ride the Lightning or Thunderhub.</p>
<p>Then it would also be great to be able to use the LndHub from the LNbits extension as a personal lightning node. This way the users of BTCPay could each connect to their own wallet which would allow for a greater flexibility and simpler user management of personal lightning nodes.</p>
<h2 id="final-thoughts">Final thoughts</h2>
<p>The lnbits is an useful custodial service that can simplify the usage of lightning network to the customers that choose the convenience before the security of their funds, as the server operator might disappear or the funds might get stolen. However, in case of small quantities this might be a reasonable risk to take.</p>
<p>If you are already operating a lightning node, this is a great way to provide lightning access to your friends and family. You should always remaind them of the risk that this option carries and in case of holding larger amount and advice for transfering the funds to a non-custodial service (such as <a href="https://phoenix.acinq.co/">Phoenix wallet</a>) or swap the funds onchain.</p>
<p>The lnbits offers a number of extensions that can be used for different purposes such as generating withdraw lnurls, offline stores, backend server for <a href="https://www.bleskomat.com/">bleskomat</a>, paywalls and many more.</p>
<p>The lnbits is a very promising project with a large range of possible applications. Nevertheless it is still in beta, hence not ready for a serious business deployment.</p>
<h2 id="ad">Ad</h2>
<p>Thanks for reading this article. If you liked it please <a href="https://blog.lightningconductors.net/feed.xml">subscribe to RSS feed</a> and/or <a href="https://btcpay.lightningconductors.net/api/v1/invoices?storeId=FFPzRyoNZHuENk4uyNSehkscnDsRLWZpLedmCzipt9tU&checkoutDesc=Thanks+for+donating+to+lightningconductors.net&price=42&currency=sats">donate</a>. Also, feel free to <a href="mailto:info@lightningconductors.net">get in touch</a> if you have any advice for improvements or suggestions for further research.</p>Last time I have wrote about LNDHub which is an application to manage user accounts on top of a single lightning node instance. LNbits is yet another next layer solution for the lightning network which offers a number of extensions that can work on top of lightning. In this article I will describe the deployment of LNbits.Deploying LndHub2021-03-10T16:20:42+00:002021-03-10T16:20:42+00:00https://blog.lightningconductors.net//admin/lightning/lndhub/2021/03/10/deploying-lndhub<p>This article describes the deployment and configuration of <a href="https://github.com/bluewallet/lndhub">LNDHub</a>. LNDHub is a project that allows to create accounting system on top of lightning. The LNDHub portal can be accessed from lightning enabled wallets such as <a href="https://bluewallet.io/">BlueWallet</a> and <a href="https://zeusln.app/">Zeus</a>. The underlying node is connected and provides liquidity for the transactions of the users of the system.</p>
<p>To setup the system you need to download the source code of the project from it’s github repository:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://github.com/BlueWallet/LndHub
</code></pre></div></div>
<p>and enter to it’s repository <code class="language-plaintext highlighter-rouge">cd LndHub</code> copy required configuration files such as tls certificate of the node and admin macaroon to the working directory and setup the config. You will also need a database server redis installed on your machine for the data persistence.</p>
<p>Also, you need to have a database service Redis installed on the server. In the Readme.md the manual installation is described but I have managed to install under Debian distribution using the standard <code class="language-plaintext highlighter-rouge">apt</code> tool, without any further configuration needed.</p>
<p>As the next step we need to copy the <code class="language-plaintext highlighter-rouge">tls.cert</code> and <code class="language-plaintext highlighter-rouge">admin.macaroon</code> to the LndHub data directory. After cloning the LndHub it can be launched with the <code class="language-plaintext highlighter-rouge">npm run</code> in the LndHub directory. Then the user can configure the server to connect from the port 3000.</p>
<h2 id="configuration-within-btcpayserver">Configuration within BTCPayServer</h2>
<p>In my case I use BTCPayServer docker implementation which has the files located in the following locations</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/var/lib/docker/volumes/generated_lnd_bitcoin_datadir/_data/tls.cert
/var/lib/docker/volumes/generated_lnd_bitcoin_datadir/_data/admin.macaroon
</code></pre></div></div>
<p>Besides that we need to expose the ports of the lnd and bitcoind for the purposes of the LndHub. This can be done by creating the file</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>btcpayserver-docker/docker-compose-generator/docker-fragments/opt-bitcoind-listen.yml
</code></pre></div></div>
<p>with the content</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>version: "3"
services:
bitcoind:
ports:
- "127.0.0.1:43782:43782"
environment:
BITCOIN_EXTRA_ARGS: deprecatedrpc=accounts
</code></pre></div></div>
<p>and a file</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>btcpayserver-docker/docker-compose-generator/docker-fragments/opt-lnd-listen.yml
</code></pre></div></div>
<p>with the content</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>services:
lnd_bitcoin:
ports:
- "127.0.0.1:10009:10009"
</code></pre></div></div>
<p>After creating this snippets we run the command:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>export BTCPAYGEN_ADDITIONAL_FRAGMENTS="$BTCPAYGEN_ADDITIONAL_FRAGMENTS;opt-bitcoind-listen.yml;opt-lnd-listen.yml"
</code></pre></div></div>
<p>stop and reconfigure the BTCPayServer as:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>. btcpay-setup.sh -i
</code></pre></div></div>
<p>The configuration of my <code class="language-plaintext highlighter-rouge">config.js</code> file is</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>let config = {
bitcoind: {
rpc: 'http://btcrpc:btcpayserver4ever@localhost:43782/wallet/wallet.dat',
},
redis: {
port: 6379,
host: '127.0.0.1',
family: 4,
db: 0,
},
lnd: {
url: '127.0.0.1:10009',
password: '',
},
};
if (process.env.CONFIG) {
console.log('using config from env');
config = JSON.parse(process.env.CONFIG);
}
</code></pre></div></div>
<p>which differs in the default ouptut in the port number of the bitcoind server.</p>
<h2 id="accessing-the-lndhub-data">Accessing the LndHub data</h2>
<p>I have tried to dig the data out of the database but haven’t found any easy way to do it. The only think I have accomplished was to purge all the database with <code class="language-plaintext highlighter-rouge">rdcli flushall</code> command. I would like to be able to view and edit the database entries, but as for now I haven’t found a way to do it.</p>
<h2 id="configuring-the-zeus-and-bluewallet-app">Configuring the Zeus and BlueWallet app</h2>
<p>To access the LndHub we can also configure the smartphone app. For that the we can use Zeus or Bluewallet.</p>
<p>The for the wallet creation in the Zeus looks like this:</p>
<p><img src="/assets/LndHub/app.zeusln.zeus_lndhub_setup.jpg" alt="Zeus: LndHub setup" />
<img src="/assets/LndHub/app.zeusln.zeus_account_creation.jpg" alt="Zeus: Account creation" />
<img src="/assets/LndHub/app.zeusln.zeus_save_config.jpg" alt="Zeus: Save config" />
<img src="/assets/LndHub/app.zeusln.zeus_account_interface.jpg" alt="Zeus: Wallet interface" /></p>
<p>and for the BlueWallet the setup is following:</p>
<p><img src="/assets/LndHub/bluewallet.bluewallet_account_setup.jpg" alt="BlueWallet: Account creation" />
<img src="/assets/LndHub/bluewallet.bluewallet_account_interface.jpg" alt="BlueWallet: Wallet interface" /></p>
<h2 id="further-work">Further work</h2>
<p>For now I have not setup the SSL certificates for the server, so it’s susceptible to MITM attack, which I don’t care about, as my deployment was for educational purposes only at the moment.</p>
<p>A cool feature would be to link the LndHub with the BTCPayServer accounts and internal LND. This way the users would be able to accept lightning payments without the need to deploy and manage their own instance of lightning node. The LndHub would in this case serve as a third layer of Bitcoin, although it would remain custodial service and trust to the security of the server is required. It’s then up to the each user preference how much funds they would leave on the server, and how much they would transfer to non-custodial solutions.</p>
<p>A similar custodial solution <a href="https://github.com/dennisreimann/btcpayserver-lnbank">LNBank</a> is now under development into the BTCPayServer.</p>
<h2 id="acknowledgement">Acknowledgement</h2>
<p>Thanks to <a href="https://twitter.com/_TaxMeIfYouCan_">Mario</a> for helpful discussion and developers of BlueWallet for assistance with the setup debugging.</p>This article describes the deployment and configuration of LNDHub. LNDHub is a project that allows to create accounting system on top of lightning. The LNDHub portal can be accessed from lightning enabled wallets such as BlueWallet and Zeus. The underlying node is connected and provides liquidity for the transactions of the users of the system.Shamir Secret Sharing Scheme wallet recovery2020-12-29T16:20:42+00:002020-12-29T16:20:42+00:00https://blog.lightningconductors.net//cryptocurrencies/python/shamir/2020/12/29/ssss<p>Private keys that enable spending of cryptocurrencies are usually generated from a cryptographic seed, i.e. large random number that can be encoded as an easy to record word mnemonic (seed mnemonic). As such the mnemonic has to be well protected because if found by an unauthorised person might lead to a loss of funds. Hence, many methods of seed splitting have been suggested, such as trivial mnemonic division into parts, native blockchain multisig, which requires signatures of a number of separately stored private keys, or protecting the seed with a passphrase saved in another place.</p>
<p><a href="https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing">Shamir secret sharing</a> scheme (SSSS) is a cryptographic method designed to split a secret into a number of parts (shares) safely. Yet, SSSS offers a strong cryptographic guarantees, such that finding of a single share by an attacker does not compromise the security of the original secret (unlike the seed division would). Moreover, it can be set up in a way that only a certain number of shares are required which allows for a wallet recovery even when some of the shares are destroyed.</p>
<p>Several teams have worked on creating an implementation the SSSS for cryptocurrencies. The new hardware wallet Trezor T by SatoshiLabs has released <a href="https://github.com/satoshilabs/slips/blob/master/slip-0039.md">Satoshi Labs improvement proposal SLIP-39</a> and implemented a Python library <code class="language-plaintext highlighter-rouge">shamir-mnemonic</code>. An alternative experimental implementation of <a href="https://iancoleman.io/slip39/">Ian Coleman in Javascript</a> is available online.</p>
<p>Unfortunately, not many hardware nor software wallets have implemented the method in their products so far, leaving the users completely reliant on a Trezor T to recover the wallets. Fortunately, the specification is public and the source code of the reference implementation is available. This article describes the process of wallet recovery on a computer with a freely licensed software.</p>
<h2 id="safety-note">Safety Note</h2>
<p>Special care is needed if you deal with private keys that currently hold funds or are going to hold them in the future. As the current computing system contain a lot of programs with many possible bugs it the dealing with valuable wallets should be done with care.</p>
<p>The process of wallet recovery then should be done on an computer that is never connected to the internet, so it’s not possible to get the secrets compromised. A good strategy to use a <a href="https://tails.boum.org/">Tails GNU/Linux operating system</a>. Tails does not leave any traces on the computer by default and allows to disable the internet connection at the startup.</p>
<h2 id="generating-shamir-master-secret">Generating Shamir Master Secret</h2>
<h3 id="in-a-hardware-wallet">In a Hardware Wallet</h3>
<p>The propose of the hardware wallet is to keep separation between the keys that control the wallet and any other information. The hardware wallet does not reveal the master secret nor any other private information outside of the hardware device. Instead it uses the private keys to sign messages and transactions that are provided from the connected software wallet on the computer via an USB cable.</p>
<p>Nevertheless, the information that Trezor does give away are the master public key and other information of the account. This information can still be sensitive as it gives anyone who has it the knowledge of all the addresses that this wallet can access not only now, but also in the past and future. It is up to the user to decide who does she trust with such information. For maximal security it is recommendable not to use any third party web portals, but instead use the software run at your own computer.</p>
<p>For the generation of shamir secret follow the guide on the screen when you are setting up the software wallet.</p>
<h2 id="in-a-software">In a Software</h2>
<p>If you don’t own the hardware device, but despite that would like to setup the SSSS you can do so in a python library <code class="language-plaintext highlighter-rouge">shamir-mnemonic</code> (which can be obtained via <code class="language-plaintext highlighter-rouge">pip install shamir-mnemonic</code>). Then a command line program <code class="language-plaintext highlighter-rouge">shamir</code> allowing both wallet creation and recovery becomes available.</p>
<p>The Shamir scheme allows to split the shares in two levels. First level is a group secret that can be further split to a second level shares. Only the shares of the same group can recover the group secret. The total number of shares <code class="language-plaintext highlighter-rouge">N>=1</code> are created within the group. The predefined number of shares that is necessary to recover the secret is called threshold (here share threshold number <code class="language-plaintext highlighter-rouge">T</code>). The scheme allows to create several groups out of which a group threshold (option <code class="language-plaintext highlighter-rouge">--threshold T</code>) have to be provided to get the master secret leading to the wallet.</p>
<p>The <code class="language-plaintext highlighter-rouge">shamir create --help</code> gives you a hint on how to use the program for both predefined schemes (<code class="language-plaintext highlighter-rouge">single</code>, <code class="language-plaintext highlighter-rouge">2of3</code>, <code class="language-plaintext highlighter-rouge">master</code>) or allows to create <code class="language-plaintext highlighter-rouge">custom</code> scheme.</p>
<p>When the <code class="language-plaintext highlighter-rouge">custom</code> scheme is chosen, the conditions for individual groups have to be provided (<code class="language-plaintext highlighter-rouge">--group t n</code> option where <code class="language-plaintext highlighter-rouge">t</code> is the share threshold – out of <code class="language-plaintext highlighter-rouge">n</code> needed to recover the group secret). Also, a threshold number (option <code class="language-plaintext highlighter-rouge">--threshold T</code>) is needed to specify how many groups out of required number are necessary.</p>
<p>For the sake of example we create new wallet with a scheme <code class="language-plaintext highlighter-rouge">2of3</code> which has a single group of 3 keys out of which 2 are required for a successful wallet recovery.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ shamir create 2of3
</code></pre></div></div>
<p>which gives the output</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Using master secret: 507f7c3b531e50b520335ab71d500277
Group 1 of 1 - 2 of 3 shares required:
step roster academic acid civil receiver promise mansion elephant swimming greatest makeup extra always biology quiet webcam width humidity domain
step roster academic agency custody genius crucial pupal elbow debris speak violence toxic advocate equation infant wolf true library expand
step roster academic always dynamic acne simple trial legs carpet garlic spirit relate cards satoshi drove very pitch modern deny
</code></pre></div></div>
<p>with three shares – one in a paragraph starting with <code class="language-plaintext highlighter-rouge">step roster academic</code>. When recovering the wallet, the first three words serve as the identifier of the group.</p>
<h2 id="secret-recovery">Secret Recovery</h2>
<p>One way we can use for the secret recovery is to initiate the process of wallet recovery within Trezor. The hardware wallet recognises if we are entering the Shamir shares or BIP-39 seed mnemonic and guide us through the process of the recovery. It also remembers our status of the recovery process when unplug and turned off, so it’s not necessary enter them in one go. This allows for wallet recovery in case that the shares are physically not in the same place (e.g. divided between a number of executives of a company).</p>
<p>The alternative way of recovery is not often considered in the manual. The contribution of this article is to describe exactly this process. As described in the previous section, it requires the <code class="language-plaintext highlighter-rouge">shamir-mnemonic</code> python package installed on the computer.</p>
<p>When recovering the wallet we start the scheme with <code class="language-plaintext highlighter-rouge">shamir recover</code> (and perhaps an optional argument <code class="language-plaintext highlighter-rouge">--passphrase</code> if you provided one at the wallet creation).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ shamir recover
</code></pre></div></div>
<p>Once we start entering the shares, the tool recognises the required number of groups and shares in each group. Once we enter those, the master secret is returned. Our output then might look somehow similar to this:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Enter a recovery share: step roster academic always dynamic acne simple trial legs carpet garlic spirit relate cards satoshi drove very pitch modern deny
⛬ 1 of 2 shares needed from group step roster academic
Enter a recovery share: step roster academic acid civil receiver promise mansion elephant swimming greatest makeup extra always biology quiet webcam width humidity domain
✓ 2 of 2 shares needed from group step roster academic
SUCCESS!
Your master secret is: 507f7c3b531e50b520335ab71d500277
</code></pre></div></div>
<p>So now we know what the secret was – but what can we do with that? You probably guess right – recover your wallet.</p>
<h2 id="wallet-recovery">Wallet Recovery</h2>
<p>In this example we have decided to recover the wallet in the Electrum SPV (simple payment verification) desktop wallet. The master secret is not possible to enter directly so we need to use a prepared script which allows us to convert the master secret to a so called master private key (xpriv key). This key allows us to have full control over the funds as it is possible to generate the same set of addresses and corresponding private keys as we have within the Trezor T.</p>
<p>The script for the conversion is created running the following code sniped in a terminal:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ cat > wallet_from_bip32seed.py << EOF
from electrum.bip32 import BIP32Node
def main():
import sys
if len(sys.argv) > 1:
seed = sys.argv[1]
else:
seed = sys.stdin.readline().split()
bip32_seed = bytes.fromhex(seed)
wallet_type = "p2wpkh"
standard_path = {
"p2wpkh": "m/84'/0'/0'",
"p2wpkh-p2sh": "m/49'/0'/0'"
}
rootnode = BIP32Node.from_rootseed(bip32_seed, xtype=wallet_type)
node = rootnode.subkey_at_private_derivation(standard_path[wallet_type])
print(wallet_type, standard_path[wallet_type])
print(node.to_xprv())
if __name__ == "__main__":
main()
EOF
</code></pre></div></div>
<p>This creates a python script <code class="language-plaintext highlighter-rouge">wallet_from_bip32seed.py</code> which relies on Electrum to be installed on your computer. If that is not the case follow the instruction on the <a href="https://electrum.org/#download">electrum website</a> as installation from python sources. In case you are just experimenting with a wallet without any coins you can do it on your computer.</p>
<p>In case you would like to do it in recommended Tails OS, fist install the libraries on a persistent disk, then restart your computer and start Tails OS again and without internet connection. Then you can follow the rest of the manual.</p>
<p>After saving the code above run:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ python3 wallet_from_bip32seed.py <master-secret>
</code></pre></div></div>
<p>where you replace <code class="language-plaintext highlighter-rouge"><master-secret></code> by your master secret obtained above, i.e. in our case <code class="language-plaintext highlighter-rouge">507f7c3b531e50b520335ab71d500277</code>. The output</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>p2wpkh m/84'/0'/0'
zprvAdubcVvpc6pwTfBjeRD9n26Mm4ecns54j9vp9wDEzxkSNHTpurreyERV5J9RFHT6UXVMAEefMoS22AMVtyfgTU6oSFP5s7Lz1jDVCvW2RZf
</code></pre></div></div>
<p>shows the wallet path and the master private key. This master private key can then be imported to electrum to recover a wallet.</p>
<ol>
<li>In Elecrum go to File</li>
<li>New/Restore</li>
<li>Choose the file and click Next</li>
<li>Standard Wallet</li>
<li>Create New Seed</li>
<li>Use Master Key</li>
<li>Insert the key generated in previous step</li>
<li>Choose password to encrypt the wallet</li>
<li>Electrum opens with the same set of addresses as in Trezor.</li>
</ol>
<h2 id="limitations">Limitations</h2>
<p>The use of the SSSS has often be pointed out for its <a href="https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/">shortcomings</a> and the complexity of the implementations. For this reason many people suggest avoiding use of SSSS completely and prefer using internal multisig which is native in almost all cryptocurrencies. The multisig avoids a single point of failure and audibility of the transaction as it is clear which keys have been compromised. For more details you can refer for the above mentioned article <a href="https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/">article</a>.</p>
<p>However, compared to other seed splitting methods (e.g. multisig) SSSS has the advantage that it allows splitting the seed of a wallet that already has the funds in without the need of moving those funds to another wallet. This often allows for considerable savings which would otherwise be required for the transaction fees. The process of this is out of the scope of this article.</p>
<p>Also, similarly to multisig SSSS allows the seed recovery using only a selected threshold number of parts from the generated total number of parts. This can allow the seed recovery even in the case when some of the shares are inaccessible or destroyed.</p>
<p>I see this limitations more as a problem of lack of adoption and known standards rather then fundamental flaws in the SSSS technology. It can be expected that we are going to see more SSSS in the future.</p>Private keys that enable spending of cryptocurrencies are usually generated from a cryptographic seed, i.e. large random number that can be encoded as an easy to record word mnemonic (seed mnemonic). As such the mnemonic has to be well protected because if found by an unauthorised person might lead to a loss of funds. Hence, many methods of seed splitting have been suggested, such as trivial mnemonic division into parts, native blockchain multisig, which requires signatures of a number of separately stored private keys, or protecting the seed with a passphrase saved in another place.Opening channels with PSBT2020-12-10T18:00:00+00:002020-12-10T18:00:00+00:00https://blog.lightningconductors.net//channels/2020/12/10/opening-psbt<h1 id="opening-lightning-channels-in-lnd">Opening Lightning Channels in LND</h1>
<p>This article describes how to open multiple channels with a single on-chain transaction using <code class="language-plaintext highlighter-rouge">lnd</code> and <code class="language-plaintext highlighter-rouge">bitcoin-cli</code>.</p>
<p>This article was inspired by a more detailed <a href="https://github.com/guggero/lnd/blob/84dfed3fe2d28ceda343944874ab47fb57b73515/docs/psbt.md">guggero article</a>.</p>
<h2 id="introduction">Introduction</h2>
<p>Lightning channels are backed by bitcoin locked in a special account called multisig. In general multisig account allows to spend the funds to a number (N) possible signees, but only if the condition that at least a threshold number (M) of them agree and sign the spending transaction. Such an account is called M-of-N multisig. In lightning channels we use 2-of-2 multisig accounts.</p>
<p>The initial channel negotiation and opening has to satisfy the following protocol. The peers agree on the 2-of-2 multisig account to deposit the funds to. Before the funds are deposited both peers sign the spending transaction with an agreed output balances (typically all the funds go to the party that opens the channel, although part of it can be pushed to the other side). Then the funds are send to the channel in an opening transaction. Sending a transaction on lightning network then means updating the balance transaction and invalidating the previous one (by revealing a punishment key).</p>
<p>The channel opening as currently handled by the lightning client has two mayor limitations. First, the user has to deposit funds to the lightning wallet before being able to open the channel. Second, it is only capable to open a single channel by each transaction. Fortunately, the developers have addressed those limitations by allowing Partially Signed Bitcoin Transactions (PSBT) as proposed by <a href="https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki">BIP174</a>.</p>
<h2 id="the-procedure">The Procedure</h2>
<h3 id="get-funds-to-bitcoind">Get Funds to Bitcoind</h3>
<p>Newer versions of lnd will allow PSBT in channel opening from the lnd wallet directly. Even then the user will still need to transfer the funds to the lnd. So in this tutorial we will use the bitcoin-cli of bitcoind. If you use a different wallet to manage your bitcoin such as SPV wallet (e.g. Electrum), you can transfer the private key of the coin you would like to spend using:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>bitcoin-cli importprivkey "privkey"
</code></pre></div></div>
<p>It takes a while for the wallet balance to be updated as the daemon needs to rescan the blockchain for the transactions belonging to the key. Once the rescan is completed can prepare the PSBT for the lightning wallet.</p>
<h3 id="initiating-channel-opening-with-psbt">Initiating Channel Opening with PSBT</h3>
<p>During the procedure you need to be quick, as the time-window for the channel opening is limited to 10 minutes by lnd and other lightning wallets.</p>
<p>First you need to connect to all the nodes you would like to open the channel with by running <code class="language-plaintext highlighter-rouge">lncli connect <node_ID>@<node_IP>:<port></code>.</p>
<p>To initiate the channel opening run:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lncli openchannel --psbt <node_ID> --local_amt 1000000 --no_publish
</code></pre></div></div>
<p>where the <code class="language-plaintext highlighter-rouge"><node_ID></code> is the node you would like to open the channel with. In another terminal run the command for all the nodes you are opening the channel with. For the last node remove the <code class="language-plaintext highlighter-rouge">--no_publish</code> option, but make sure you finalise it as the last one, otherwise you might loose your funds.</p>
<p>The channel initialisation will give you the following output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Starting PSBT funding flow with pending channel ID 10fd21de74f87b59940890f61c9d8541acb3426a610d06b36b53cfe7d3ec8dae.
PSBT funding initiated with peer 0224472d59751c64d0fce2822ce5fa9ce8a349b3e8081850b9cc1c2bc60bd7b496.
Please create a PSBT that sends 0.01 BTC (1000000 satoshi) to the funding address bcrt1qqzgeg5ty6hz3v2gckwkgyg8s0596zrvrjulgvly8efaeqe3uu60snfrfd5.
Note: The whole process should be completed within 10 minutes, otherwise there
is a risk of the remote node timing out and canceling the funding process.
Example with bitcoind:
bitcoin-cli walletcreatefundedpsbt [] '[{"bcrt1qqzgeg5ty6hz3v2gckwkgyg8s0596zrvrjulgvly8efaeqe3uu60snfrfd5":0.01000000}]'
If you are using a wallet that can fund a PSBT directly (currently not possible
with bitcoind), you can use this PSBT that contains the same address and amount:
cHNidP8BADUCAAAAAAFAQg8AAAAAACIAIACRlFFk1cUWKRizrIIg8H0LoQ2Dlz6GfIfKe5BmPOafAAAAAAAA
!!! WARNING !!!
DO NOT PUBLISH the finished transaction by yourself or with another tool.
lnd MUST publish it in the proper funding flow order OR THE FUNDS CAN BE LOST!
Paste the funded PSBT here to continue the funding flow.
Base64 encoded PSBT:
</code></pre></div></div>
<p>The lncli prompt will wait for your input. First you need to enter unsigned PSBT and then finalised and signed transaction.</p>
<h3 id="creating-psbt">Creating PSBT</h3>
<p>The most important part of the output from the psbt channel opening is the address for the channel opening, which is to be entered to the bitcoin-cli. In the second bracket enter all the addresses from the channels you would like to open, e.g.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> bitcoin-cli walletcreatefundedpsbt [] '[{"bcrt1qqzgeg5ty6hz3v2gckwkgyg8s0596zrvrjulgvly8efaeqe3uu60snfrfd5":0.01000000},
{"bcrt1qcghp2v8mqwne024kdf433khfp6cmxj4ckrvjzm84ju3wq2f5qz5qgw9wrc":0.01000000}
...
]'
</code></pre></div></div>
<p>You can also provide additional settings such as the txid (coin) you would like to spend, or the fee you would like to pay for the bitcoin transaction (choose lower fee if you don’t mind the channel will take longer to open). See <code class="language-plaintext highlighter-rouge">bitcoin-cli walletcreatefundedpsbt help</code> for the full list of options.</p>
<p>Once you compose the command, run it and you should get something like this:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{
"psbt": "cHNidP8BAH0CAAAAAa5BhzIb7Njai9cwTe37Hck4kuKnQJxsFdrQ8FsY11wjAAAAAAD+////AmdPJncAAAAAFgAULtjKcAjYUFS5LKnHqfQ2NMpxqmFAQg8AAAAAACIAIMIuFTD7A6eXqrZqaxja6Q6xs0q4sNkhbPWXIuApNACoAAAAAAABAHICAAAAAf2D5ppfnlgQzc6pDQlX4WKxLKzMZ/hdlEo2Z6XY4KGqAQAAAAD+////AkCSNXcAAAAAFgAUtcUA8Zya4/zSIdk8eHFF/KLy3U8Aypo7AAAAABepFFwYPL/mdT2Y6yhgZofwh2GEi8Ksh2UAAAABAR9AkjV3AAAAABYAFLXFAPGcmuP80iHZPHhxRfyi8t1PIgYDDsOKSmdsMV0pixM1tLvhbr+G5fjkaTUgn9VdpXnuilkQPAVsiQAAAIABAACAAgAAgAAiAgJF+RRsaFxKsByy10s8LimWEPy84i3wECW3Gcg0/Pp+0RA8BWyJAAAAgAEAAIAEAACAAAA=",
"fee": 0.00000153,
"changepos": 0
}
</code></pre></div></div>
<p>Copy the string in psbt paste it and press enter in all the lncli prompts for the channel opening. After that lncli will reply with the following output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>PSBT verified by lnd, please continue the funding flow by signing the PSBT by
all required parties/devices. Once the transaction is fully signed, paste it
again here either in base64 PSBT or hex encoded raw wire TX format.
Signed base64 encoded PSBT or hex encoded raw wire TX:
</code></pre></div></div>
<p>Again waiting for your interaction.</p>
<h3 id="signing-the-psbt">Signing the PSBT</h3>
<p>To sign the transaction run the following command</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>bitcoin-cli walletprocesspsbt cHN...CAAAA=
</code></pre></div></div>
<p>(where the psbt string from the <code class="language-plaintext highlighter-rouge">walletecreatefundedpsbt</code> is shortened), which gives</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{
"psbt": "cHNidP8BAH0CAAAAAa5BhzIb7Njai9cwTe37Hck4kuKnQJxsFdrQ8FsY11wjAAAAAAD+////AmdPJncAAAAAFgAUA212BZdE6Bc8pbXTaY5D7mDi1HhAQg8AAAAAACIAIJiIqp9BjRWtK5VWuDq0vC0S18juvccCJ/mH5yEPEnYgAAAAAAABAHICAAAAAf2D5ppfnlgQzc6pDQlX4WKxLKzMZ/hdlEo2Z6XY4KGqAQAAAAD+////AkCSNXcAAAAAFgAUtcUA8Zya4/zSIdk8eHFF/KLy3U8Aypo7AAAAABepFFwYPL/mdT2Y6yhgZofwh2GEi8Ksh2UAAAABAR9AkjV3AAAAABYAFLXFAPGcmuP80iHZPHhxRfyi8t1PAQhrAkcwRAIgDY2oqQWI6BCOleqUhNAnCuvs/VoNiQowtbJxKeSv4JgCICBfDcWcuqgyKW7Ov5dhH7AQn3hSvY2H//TjXNpxvounASEDDsOKSmdsMV0pixM1tLvhbr+G5fjkaTUgn9VdpXnuilkAIgIDxW9yaHPXaP3j0jHW4O9Gmu21hEfqqzJFo53VkOVCRzEQPAVsiQAAAIABAACABQAAgAAA",
"complete": true
}
</code></pre></div></div>
<p>Again, copy the psbt string and paste it into all the lncli prompts. <em>Important</em> make sure you paste it into the prompt you started without <code class="language-plaintext highlighter-rouge">--no_publish</code> option as the last one. After you paste it there, the transaction is broadcast and after it gets confirmed (which might take hours or days if you payed low transaction fee), you can use all your channels.</p>Opening Lightning Channels in LNDWelcome to LightningConductors!2020-12-04T10:29:45+00:002020-12-04T10:29:45+00:00https://blog.lightningconductors.net//lightning/2020/12/04/welcome-to-lightningconductors<p>Bitcoin and other cryptocurrencies have gained mainstream media attention a while ago. They batch the payments in so called blocks saved into a distributed ledger of transactions called blockchain.</p>
<p>To maintain their decentralised nature it is necessary to limit the size of the new blocks. However, this leads to another problem – a competition for the space in the blockchain. In the busy times the transaction fees grow expensive making the system impractical for small payments. Even then there is just not enough space for every transaction on the planet to be added to the blockchain.</p>
<p>Lightning network is a system that aims to address this issue and allow to scale Bitcoin. It works based on so called payment channels between interconnected nodes.</p>
<p>During the opening of a payment channel the participants deposit Bitcoin satoshi (basic accounting units of Bitcoin) that guarantee their intention to play according to the rules of the network. The payments allow the participants to update ownership of satoshi deposited within the channel.</p>
<p>The payments between participants that lack a direct channel is resolved by finding a multi-hop path. During the payment the nodes on the path reveal a secret in exchange for the transacted value.</p>
<p>This way the lightning network brings private, affordable systems for even more bitcoin users and enables a whole new space for experimentation and development of novel technologies.</p>
<h1 id="use-lightning-network">Use Lightning Network</h1>
<p>The simplest way to use lightning network is through one of smart-phone application. Some application offer full control of the keys in a trust-less setup, other keep custody of your funds, but offer a better user experience.</p>
<p>The non-custodial solutions with smooth user experience are Breez Wallet or Phoenix Wallet. Both those applications only rely on a third party to provide data about the bitcoin transactions and network status.</p>
<p>A solution for maintaining the full bitcoin/lightning node and your you can refer to one of many articles how to <a href="https://degreesofzero.com/article/lightning-network-node-setup-backup-and-recovery.html">safely run a full node</a>.</p>ZebraBitcoin and other cryptocurrencies have gained mainstream media attention a while ago. They batch the payments in so called blocks saved into a distributed ledger of transactions called blockchain.