Introduce Dummy Hop support in Blinded Path Constructor

Adds a new constructor for blinded paths that allows specifying
the number of dummy hops.
This enables users to insert arbitrary hops before the real destination,
enhancing privacy by making it harder to infer the sender–receiver
distance or identify the final destination.

Lays the groundwork for future use of dummy hops in blinded path construction.

Author: shaavan

lightning/src/blinded_path/message.rs

@@ -31,9 +31,9 @@ use crate::types::payment::PaymentHash;
 use crate::util::scid_utils;
 use crate::util::ser::{FixedLengthReader, LengthReadableArgs, Readable, Writeable, Writer};
 
-use core::mem;
 use core::ops::Deref;
 use core::time::Duration;
+use core::{cmp, mem};
 
 /// A blinded path to be used for sending or receiving a message, hiding the identity of the
 /// recipient.
@@ -74,6 +74,29 @@ impl BlindedMessagePath {
 		local_node_receive_key: ReceiveAuthKey, context: MessageContext, entropy_source: ES,
 		secp_ctx: &Secp256k1<T>,
 	) -> Result<Self, ()>
+	where
+		ES::Target: EntropySource,
+	{
+		BlindedMessagePath::new_with_dummy_hops(
+			intermediate_nodes,
+			recipient_node_id,
+			0,
+			local_node_receive_key,
+			context,
+			entropy_source,
+			secp_ctx,
+		)
+	}
+
+	/// Same as [`BlindedMessagePath::new`], but allows specifying a number of dummy hops.
+	///
+	/// Note:
+	/// At most [`MAX_DUMMY_HOPS_COUNT`] dummy hops can be added to the blinded path.
+	pub fn new_with_dummy_hops<ES: Deref, T: secp256k1::Signing + secp256k1::Verification>(
+		intermediate_nodes: &[MessageForwardNode], recipient_node_id: PublicKey,
+		dummy_hop_count: usize, local_node_receive_key: ReceiveAuthKey, context: MessageContext,
+		entropy_source: ES, secp_ctx: &Secp256k1<T>,
+	) -> Result<Self, ()>
 	where
 		ES::Target: EntropySource,
 	{
@@ -91,6 +114,7 @@ impl BlindedMessagePath {
 				secp_ctx,
 				intermediate_nodes,
 				recipient_node_id,
+				dummy_hop_count,
 				context,
 				&blinding_secret,
 				local_node_receive_key,
@@ -635,15 +659,24 @@ impl_writeable_tlv_based!(DNSResolverContext, {
 /// to pad message blinded path's [`BlindedHop`]
 pub(crate) const MESSAGE_PADDING_ROUND_OFF: usize = 100;
 
+/// The maximum number of dummy hops that can be added to a blinded path.
+/// This is to prevent paths from becoming too long and potentially causing
+/// issues with message processing or routing.
+pub const MAX_DUMMY_HOPS_COUNT: usize = 10;
+
 /// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`.
 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 	secp_ctx: &Secp256k1<T>, intermediate_nodes: &[MessageForwardNode],
-	recipient_node_id: PublicKey, context: MessageContext, session_priv: &SecretKey,
-	local_node_receive_key: ReceiveAuthKey,
+	recipient_node_id: PublicKey, dummy_hop_count: usize, context: MessageContext,
+	session_priv: &SecretKey, local_node_receive_key: ReceiveAuthKey,
 ) -> Result<Vec<BlindedHop>, secp256k1::Error> {
+	let dummy_count = cmp::min(dummy_hop_count, MAX_DUMMY_HOPS_COUNT);
 	let pks = intermediate_nodes
 		.iter()
 		.map(|node| (node.node_id, None))
+		.chain(
+			core::iter::repeat((recipient_node_id, Some(local_node_receive_key))).take(dummy_count),
+		)
 		.chain(core::iter::once((recipient_node_id, Some(local_node_receive_key))));
 	let is_compact = intermediate_nodes.iter().any(|node| node.short_channel_id.is_some());
 
@@ -658,6 +691,7 @@ pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
 		.map(|next_hop| {
 			ControlTlvs::Forward(ForwardTlvs { next_hop, next_blinding_override: None })
 		})
+		.chain((0..dummy_count).map(|_| ControlTlvs::Dummy))
 		.chain(core::iter::once(ControlTlvs::Receive(ReceiveTlvs { context: Some(context) })));
 
 	if is_compact {