Lightning Node Connect (LNC)
Secure, private access to a Lightning node over an untrusted web server.
LNC leverages Password Authenticated Key Exchange
(PAKE) and
macaroon-scoped gRPC connections to enable developers/users a trust-minimized
application experience. LNC removes various network obstructions (NAT etc.) to
provide disintermediated access to user-run Lightning Network infrastructure and
app UX.
Lightning Node Connect improves on prior trust/access efforts at solving this
problem (like LND Connect) by using a
PAKE instead of manually managing TLS certificates and macaroons. Lightning Node
Connect's PAKE is combined with the Noise Protocol
Framework to create a pairing flow where a
user only needs to enter a short human-readable passphrase (scan or click a
link) to establish a secure end-to-end encrypted/mutually-authenticated
connection with an application. LNC uses macaroons to allow users to set a
granular set of capabilities a remote website/application is able to access.
LNC leverages Go’s excellent WASM toolchain in order to allow browsers to
securely connect to a remote Lightning Node. This WASM integration will allow
for richer web-based Lightning applications, which are a necessary component to
realize the Lightning Native Web.
Read the full LNC launch blog post
here.
Components
LNC is a secure connection protocol for bridging the gap between any Lightning
node and the web. It is designed to work with any Lightning Network
implementation but this reference project is built to work with Lightning
Terminal /
lnd
specifically.
The following Open Source (MIT licensed) components are required to build a
secure LNC connection:
- Lightning Terminal (LiT)
provides a UI for creating and managing LNC sessions. A session is a
time-limited, permission-scoped connection authorization that is identified by
a 10 word mnemonic pairing phrase.
Once a session is created in LiT, an outbound connection to the mailbox proxy
is established from LiT, waiting for a handshake with a browser. This allows
a connection to be made to a LiT node that is behind a firewall/NAT or even
Tor-only internet connection.
- A mailbox proxy (built into
aperture): A simple public
mailbox server that acts as a
TURN relay.
The mailbox proxy/relay simply offers a buffered (hence the term "mailbox")
one-way connection stream. A stream is identified by a 512-bit ID which is
derived from the LNC pairing phrase. This makes it virtually impossible for
anyone to occupy a stream they weren't authorized to. And the added PAKE/Noise
encryption layer prevents anyone (including the mailbox proxy) from listening
in on the content.
- A WASM client embedded in a website: The WASM reference client provided in
this repo is the component that allows JavaScript
embedded in a website (such as Lightning
Terminal) to communicate with a
mailbox proxy over WebSockets using the PAKE/Noise encryption protocol. An
example HTML page shows how the WASM binary can be used
by JavaScript to initiate a connection and issue gRPC requests.