W3C home > Mailing lists > Public > public-credentials@w3.org > February 2020

Re: Lightning Service Authentication Tokens (LSATs)

From: Buck O Perley <buck.perley@protonmail.com>
Date: Fri, 21 Feb 2020 01:22:01 +0000
To: Anthony Ronning <anthonyronning@gmail.com>
Cc: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <nyKNVhOVFpT4A37_BGIp-ao_SURbFkfuugrN-QV8hcW6eb4x8hVXeYZ4oHSxDbdT9JH11fXQdWSFPTWWWPFuNCDgdoOD-x4PxxgTwURCJ-8=@protonmail.com>
Thanks Anthony!

That's right, the idea of 3rd party caveats is interesting in the context of the VC conversation from this week. 

I came up with a proposal that technically does work today with the latest release of lnd that uses an integrated encryption scheme to share an "ephemeral key" that is encrypted using the authorizing party's lightning node's public key and added in the 3rd party caveat. The 3rd party then decrypts the key and uses this to sign the discharge macaroon. Lightning is particularly useful for this type of construction since participants each have a known, queryable public key that is backed by funded lightning channels (so you can't just spin off unlimited key pairs and your public key has some "reputation" attached to it in the form of confirmed channel liquidity). Here's a description of the proposal, including a diagram and how to test it out yourself: https://github.com/lightningnetwork/lnd/issues/288#issuecomment-559896636. I've also deployed a version of this that only uses first party caveats, with a challenge and a response token, both in caveats, where the response is verified against the node's public key. 

So, short summary and a little in the weeds with lightning, but happy to discuss more if people are interested on Tuesday!

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, February 20, 2020 5:44 PM, Anthony Ronning <anthonyronning@gmail.com> wrote:

> Hey Buck,
> 

> +1 on this, really excited to see you share it here. The sort of “pay-per-permission” model this enables is really interesting to me. For another example of LSAT in the wild, my implementation here: https://www.satreon.net
> 

> Would love to see and help contribute to any w3c standardization efforts / documentations related to it. As 402 hasn’t been implemented much to date, there’s a real opportunity for it here.
> 

> Further, I am curious how those in the Verifiable Credentials scene think of macaroons and how LSAT fits into it. I can see how a mapping over to VC’s could work and be verified by more than just the macaroon signer - that’s one of the shortcomings I see with macaroons, without diving into 3rd party caveats which is something I do need to look into more. I have seen a lightning based DID method at a hackathon before which could help here but even then, any DID / signing method could work as long as they are signing the preimage hash.
> 

> Looking forward to next Tuesday!
> 

> Anthony Ronning
> 

> On 20 Feb 2020, at 14:28, Buck O Perley wrote:
> 

> > Hello CCG Mailing List,
> > 

> > As a quick introduction, I was introduced to the list via Christopher Allen who I've been chatting with recently regarding work around authentication with Lightning (Bitcoin's Layer 2 payment network) payments, macaroons, and the 402 HTTP status code. Specifically, with the support of Tierion, I've been implementing a JS version of the Lightning Service Authentication Token (LSAT) proposal shared by Lightning Labs last Fall. Christopher thought this would be of interest to the work you all are doing and invited me to share some of this work in a call next week. 
> > 

> > To provide some context before then, here are some relevant links:
> > 

> > Blog Post: https://medium.com/tierion/lsats-pseudonymous-authentication-using-bitcoin-lightning-payments-459e209b4b36
> > 

> > Slides: These will be updated before next week's call, including with some more information on some of the mechanics of how Lightning payments work for those that aren't familiar, but it should be enough to help get started! https://docs.google.com/presentation/d/1YE5UJk05Q9I2k7hhlM6oSVARGIajPF5u50r1LNCe-x4/edit?usp=sharing
> > 

> > Boltwall: (Nodejs server middleware for using LSAT auth) https://github.com/Tierion/boltwall
> > 

> > LSAT-JS: JavaScript implementation of the LSAT proposal from lightning labs. Includes helper functions and utilities for interacting with LSATs https://github.com/Tierion/lsat-js
> > 

> > LSAT Playground: UI Playground for interacting with, testing, parsing, and creating LSATs: https://lsat-playground.bucko.now.sh/
> > 

> > - Buck
> > 

> > Sent with ProtonMail Secure Email.
> 

> >
Received on Friday, 21 February 2020 01:22:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 21 February 2020 01:22:23 UTC