Security guarantees on Ledger Live Mobile and the "Evil Dad" conundrum

[onyb]

Background

It is not hard to envision a future where households run full nodes that are shared by the entire family. With Ledger Live Desktop (LLD), the family members always have the option of running their own node and SatStack instance to claim their financial sovereignty. Unfortunately, this is not so simple for Ledger Live Mobile (LLM) users, specifically the ones who rely on a third-party to run a full node.

Part of the reason is that an LLM user has no choice but to connect to a remote Bitcoin node and SatStack instance. We can imagine a situation where an evil dad runs a modified version of Bitcoin Core / SatStack and lies to his family (mobile users) about their transaction history. A transaction may show up on the LLM app, but may not exist on the blockchain.

LLM users on third-party nodes should be able to independently verify that a transaction is part of a block and that there was enough proof-of-work behind it.

Solution

One solution is to ask the full node for a Merkle proof using the gettxoutproof RPC, that would allow LLM to validate the proof and verify that the transactions are genuine. This will essentially turn LLM into a lightweight SPV client.

The Evil Dad problem is not a blocker for supporting full node on LLM. I imagine most LLM users will run a node on their home PC, and connect to it from LLM. The proposed solution only improves security guarantees for those LLM users who want to use cloud-hosted Bitcoin nodes. Perhaps some LLD users would be interested in this too.

Tradeoffs

The evil dad can still lie by omission.