Conversation
This comment was marked as abuse.
This comment was marked as abuse.
That's an interesting idea, it would force payers to have some skin in the game (multiple channels). It's worth exploring! |
cdecker
left a comment
There was a problem hiding this comment.
Very nice proposal, just found some minor things that could be clarified and some markup :-)
ariard
left a comment
There was a problem hiding this comment.
Achieved a new round, I think we should have a better model around recipient anonymity and attacker capabilities before to move forward.
I'm still skeptical about delegating relay parameters (cltv, fees) to an untrusted sender. We should assume such a a pair is a unique fingerprint across the network due to node relay policy heterogeneity. And sender sounds to be able to freely probe this "identifier" as you can screw up an onion path after this probed point.
|
Needs (trivial?) rebase BTW, due to conflict. |
Route blinding allows a recipient to provide a blinded route to potential payers. Each node_id in the route is tweaked, and dummy hops may be included. This is an alternative to rendezvous to preserve recipient anonymity. It has a different set of trade-offs: onions are re-usable, but the privacy guarantees are a bit weaker and require more work (e.g. when handling payment fees and errors).
Add specification requirements for creating and using blinded routes. This commit contains the low-level details of the route blinding scheme, decoupled from how it can be used by high-level components such as onion messages or payments.
|
Rebased. |
091dbb5 to
6e3b97c
Compare
|
We have successfully completed interop tests between eclair and cln, so this PR is getting ready to be merged! I have rebased it and squashed the last commits, please have a (hopefully) last look at it @rustyrussell and we'll be able to integrate it. It's been a while since we last integrated such a big change to the specification, I'm excited 😄 |
rustyrussell
left a comment
There was a problem hiding this comment.
Three final wording suggestions. Otherwise looks good!
Add specification requirements for using route blinding to make payments while preserving recipient anonymity. Implementers must ensure they understand all those requirements, there are subtle attacks that could let malicious senders deanonymize the route if incompletely implemented.
|
Merging this pull request as discussed during yesterday's spec meeting. |
This is as of commit aed5518a80aade56218da87f92e0a39963b660cf Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is as of commit aed5518a80aade56218da87f92e0a39963b660cf Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Route blinding allows a recipient to provide a blinded route to potential payers. Each
node_idin the route is tweaked, and dummy hops may be included.This is an alternative to rendezvous to preserve recipient anonymity.
It has a different set of trade-offs: onions are re-usable, but the privacy guarantees are a bit weaker and require more work (e.g. when handling errors).
The main areas I'd like reviewers to focus on at first are:
update_add_htlcthat have a different length than otherupdate_add_htlc(which kind of gives away the blinded path if you're watching the network traffic)The attack scenarios that reviewers should focus on include (but are not limited to):