Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store blinding pubkey for introduction node #2024

Merged
merged 3 commits into from
Oct 22, 2021
Merged

Store blinding pubkey for introduction node #2024

merged 3 commits into from
Oct 22, 2021

Conversation

t-bast
Copy link
Member

@t-bast t-bast commented Oct 22, 2021
edited
Loading

The blinding public key of the introduction node is necessary for onion messages.
The blinding ephemeral public keys aren't necessary for now: we only need the first one that will be sent to the introduction node.
The other nodes will derive the next blinding ephemeral keys hop by hop.

@t-bast
Store blinding pubkey for introduction node
cc4f934 
It doesn't make sense to throw away this information, it may be useful in
some scenarios such as onion messages.
@thomash-acinq
Copy link
Member

Counterproposal: #2025

@t-bast
Separate ephemeral keys from blinded route
25fed9b 
The ephemeral keys aren't part of the route, they're usually derived hop
by hop instead.
@thomash-acinq
Copy link
Member

I don't think we should throw the ephemeral keys away though, other schemes than onion messages may need it and it's useful to test them against reference test vectors (and I don't like throwing information away).

It's possible to test it:

eclair/eclair-core/src/test/scala/fr/acinq/eclair/crypto/SphinxSpec.scala

Line 397 in 8328a09

assert(ephKey2 === PublicKey(hex"02e105bc01a7af07074a1b0b1d9a112a1d89c6cd87cc4e2b6ba3a824731d9508bd"))

The first ephemeral key should stay in the blinded route. A blinded route is not usable without the first ephemeral key.
Can you give me example for when you would use the other ephemeral keys? No liking throwing information away is not a good reason.

@t-bast
Copy link
Member Author

t-bast commented Oct 22, 2021

A blinded route is not usable without the first ephemeral key. Can you give me example for when you would use the other ephemeral keys? No liking throwing information away is not a good reason.

It's rather the other way around: can you be sure that you won't need it for a scheme that depends on route blinding?
I'm almost sure I need them for receiving payments over a blinded route with dummy hops added at the end of the route, to protect against probing without having to recompute them all on-the-fly.

@t-bast
Copy link
Member Author

t-bast commented Oct 22, 2021

I kept only the ephemeral key for the introduction node in 40dc324, we can add the others later when we need them.

We do need to single out the introduction node for payment scenarios, and the nodeIds field is useful because it's what you will use when building a payment route.

@t-bast t-bast merged commit 28d04ba into master Oct 22, 2021
@t-bast t-bast deleted the route-blinding-fixup branch October 22, 2021 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomash-acinq thomash-acinq thomash-acinq approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@t-bast @thomash-acinq