security hardening

This commit is contained in:
Dorian
2026-03-18 09:56:40 +00:00
parent 0c3df827f8
commit 428d11c8e2
4 changed files with 1691 additions and 88 deletions

View File

@@ -11,6 +11,8 @@
| **BUG-3** | **IndeedHub WebSocket spam in console** | **P2** | PLANNED | - |
| **FEATURE-4** | **Onboarding loading screen with progress** | **P1** | IN PROGRESS | - |
| **INQUIRY-5** | **Offline balance check via mesh relay** | **P2** | PLANNED | - |
| **FEATURE-6** | **Watch-only wallet architecture** | **P1** | PLANNED | - |
| **TASK-7** | **Mesh Bitcoin security hardening** | **P1** | PLANNED | FEATURE-6 |
## Active Work
@@ -121,6 +123,64 @@ Design how to query wallet balance (LND/Bitcoin Core) from an off-grid node by r
- [ ] Consider trust model — relay peer could lie about balance
- [ ] Explore UTXO set proof (SPV-style) for trustless verification
### FEATURE-6: Watch-only wallet architecture (PLANNED)
**Priority**: P1 — High
**Status**: PLANNED (2026-03-18)
Archipelago should never hold private keys or seeds. Users create wallets on companion devices (Coldcard, SeedSigner, phone) and import xpubs to the node for watch-only tracking. The node creates unsigned PSBTs, the companion signs, and the node broadcasts.
**Security rationale**: If the node is compromised (physical theft, remote exploit), no funds can be stolen — only xpubs are present, which reveal balances but cannot sign transactions. This is the standard for Bitcoin node OS security (see: Specter Desktop, Sparrow Wallet).
**Design considerations**:
- xpub import: QR scan, USB file, manual paste
- PSBT workflow: create unsigned on node → transfer to companion → sign → return → broadcast
- Hardware wallet compatibility: Coldcard (USB/SD), SeedSigner (QR), Passport (QR/USB)
- Bitcoin Knots `importdescriptors` for watch-only wallet setup
- Derive receive addresses from xpub (BIP84 native segwit, BIP86 taproot)
- UTXO/balance tracking via watch-only wallet RPC
- UI: receive address display, UTXO list, PSBT generation, transaction history
**Key files**:
- `core/archipelago/src/api/rpc/package.rs` — Bitcoin Knots container config
- `neode-ui/src/views/Web5.vue` — Bitcoin/wallet UI
- Bitcoin Knots RPC: `createwallet`, `importdescriptors`, `listunspent`, `walletcreatefundedpsbt`
**Tasks**:
- [ ] Research Bitcoin Knots watch-only wallet RPC workflow (createwallet, importdescriptors)
- [ ] Design xpub import UI flow (QR scan, paste, file upload)
- [ ] Implement watch-only wallet creation via RPC on first xpub import
- [ ] Implement PSBT creation flow (select UTXOs → build unsigned PSBT → export)
- [ ] Design PSBT transfer UX (QR animated export, file download, USB)
- [ ] Implement signed PSBT import and broadcast
- [ ] Build receive address derivation and display (BIP84/BIP86)
- [ ] Add balance/UTXO tracking dashboard
- [ ] Ensure no private key material ever touches the node (audit all wallet RPC calls)
- [ ] Hardware wallet compatibility testing (Coldcard, SeedSigner)
- [ ] Document the companion device setup guide
### TASK-7: Mesh Bitcoin security hardening (PLANNED)
**Priority**: P1 — High
**Status**: PLANNED (2026-03-18)
Implement the security gaps identified in the off-grid Bitcoin security analysis (`docs/mesh-bitcoin.md`, Section 12). These harden the existing mesh Bitcoin relay infrastructure against the most impactful attack vectors.
**Reference**: `docs/mesh-bitcoin.md` — full analysis with severity ratings and effort estimates.
**Tasks (ordered by severity × effort)**:
- [ ] **G1**: Validate block header chain continuity — reject headers where `prev_hash` doesn't match stored header at height-1 (`BlockHeaderCache::store_header`)
- [ ] **G5**: RBF detection — check nSequence on `TxRelayPayload`, warn/reject if RBF-signaled in off-grid context
- [ ] **G9**: Timestamp sanity checking — reject headers with timestamps >2 hours in future or suspiciously old
- [ ] **G3**: Sign `TxRelayResponse` with relay's Ed25519 key (`TypedEnvelope::new_signed`)
- [ ] **G6**: BOLT11 invoice expiry validation — reject relay payment if invoice expires in <10 minutes
- [ ] **G11**: Random broadcast delay jitter — relay adds 0-30s random delay before `sendrawtransaction` to resist timing analysis
- [ ] **G2**: Validate proof-of-work on received block headers (check hash meets difficulty target)
- [ ] **G4**: Encrypt dead man alerts to emergency contacts individually (not cleartext broadcast)
- [ ] **G7**: Multi-relay header comparison — track headers by source, flag divergence between relays
- [ ] **G8**: Merkle proof relay — new message type for SPV transaction inclusion verification
- [ ] **G10**: Payment intent message type — signed envelope (destination, amount, timestamp) for non-repudiable records
- [ ] **G12**: Evaluate Cashu/ecash integration for low-value off-grid payments (spike/prototype)
- [ ] **G13**: Watch-only wallet integration with mesh relay (balance queries use local watch-only, not relay trust)
## Completed
<!-- Done tasks are moved here -->