|
| 1 | +--- |
| 2 | +layout: pr |
| 3 | +date: 2023-07-21 |
| 4 | +title: "Support constructing blinded path onion keys" |
| 5 | +pr: 2411 |
| 6 | +authors: [valentinewallace] |
| 7 | +components: ["blinded paths", "onion", "crypto"] |
| 8 | +host: dunxen |
| 9 | +status: upcoming |
| 10 | +commit: |
| 11 | +--- |
| 12 | + |
| 13 | +## Notes |
| 14 | + |
| 15 | +* In general for each hop in a route a sender wishes to construct, they need to create a shared secret, including the final node receiving the payment. |
| 16 | + The sender already knows the the public keys of all the hops (it's their node IDs), and generates a random `sessionkey` (`session_priv` in LDK) |
| 17 | + which is used as the ephemeral private key, `ek_1`, for the first hop in the route. Multiplying by the `secp256k1` generator point, the ephemeral public |
| 18 | + key, `epk_1` is derived. ECDH is then used to compute a shared secret, `ss_1`, and iteratively continues generating ephemeral keys and shared secrets |
| 19 | + using a blinding factor as described in [BOLT 4](https://github.com/lightning/bolts/blob/7f53a3e46ed59f19463447d5fa63b3e484c708a5/04-onion-routing.md?plain=1#L715). |
| 20 | +* Now, if the recipient of a payment provides us with a blinded path, they're essentially only giving us one unblinded introduction point/node ID (which we can find a route to) |
| 21 | + and a remainder of blinded node IDs. We only need to route to the introduction node of this path (it's the only node we can see) and hops within the blinded path handle the remainder. |
| 22 | + However, we still need to construct a shared secret for each of those blinded hops which we do with their blinded node IDs. This is what [PR 2411](https://github.com/lightningdevkit/rust-lightning/blob/a97f084812f04b45944193d2751c9ac6a364ab3b/lightning/src/ln/onion_utils.rs#L119) does. |
| 23 | + |
| 24 | +## Questions |
| 25 | +1. Did you review the PR? [Concept ACK, approach ACK, tested ACK, or NACK](https://github.com/lightningdevkit/rust-lightning/blob/master/CONTRIBUTING.md#peer-review)? |
| 26 | +2. The type for the `path` parameter of [`construct_onion_keys_callback()`](https://github.com/lightningdevkit/rust-lightning/blob/a97f084812f04b45944193d2751c9ac6a364ab3b/lightning/src/ln/onion_utils.rs#L107) is changed from `&Vec<RouteHop>` to `&Path`. |
| 27 | + what is the reason for this change? |
| 28 | +3. When iterating over hops in our path, why do we skip the first hop in the `blinded_tail` of the path? |
| 29 | +4. This PR also adds support for parsing onion error codes originating from a blinded hop. |
| 30 | + Why couldn't we parse onion error codes for hops in a blinded path before this PR? |
| 31 | +5. In what way and why was `next_hop_packet_pubkey` generalized to `next_hop_pubkey` in this PR? |
0 commit comments