Building on BitBox at LightningHackaday #3
Following the success of the Lisbon Chainhack Hackathon — where the team won 1st prize for the Lightning Hardware Wallet — we will be attending the Berlin LightningHackday Hackathon on 31 August to continue our journey.
This time, we will be showing off the BitBox v2 device: the new one with the screen! While hacking on Arduino is fun, we would like to build on enterprise grade hardware which cannot easily be tampered with. The BitBox has a secure microchip for storing sensitive information. The chip has hardware support for AES encryption and hashing as well as a random number generator. The BitBox is basically a hardware security module in your pocket. We will be in Berlin to help you code with the device and build a lightning hardware wallet.
We will provide a docker image for coding environment and publish instructions on how to use the screen, the touch buttons and sliders, the cryptographic functions and memory persistence.
We would like you to get the community one step further towards having a secure way of signing Lightning transactions. As explained in the Chainhack blog post, c-lightning is already designed in a modular way and laid-out for using hardware security modules. The signing of the Lightning transaction takes place in the hsmd sub-process daemon. Currently, the hsmd module generates a random secret and stores it in a file called hsm_secret. The 32 byte secret entropy is used to derive on-chain transaction-signing keys, node keys for communication and signing invoices, and peer seeds to generate channel secrets (see https://github.com/hkjn/lnhw/tree/master/doc/hsmd).
At Chainhack, we decided to move away from storing the secret in a file on a potentially compromised computer, and instead store and retrieve it from an external device: an Arduino Adafruit M0. The focus was, of course, to provide a proof-of-concept for separating the key storage away from c-lightning and interacting with a hardware wallet. However, we limited ourselves to storing a hard-coded secret on the Arduino’s memory, and asking a user for confirmation. Signing was still done in c-lightning, which means that the secret was passed to the potentially compromised environment. Let’s see if we can improve that in Berlin.
If this sounds interesting get in touch with us on Twitter or approach us at the event. We can help you set up the environment, provide you with hardware that can be flashed with your own firmware, and with code snippets for the HID/JSON communication to access the API of the BitBox v2. You’ll surely learn a lot about lightning and close-to-hardware engineering!