Changed/Added: Bolt12 deterministic path key for offer paths' node IDs recovery#8853
Open
21M4TW wants to merge 2 commits intoElementsProject:masterfrom
Open
Changed/Added: Bolt12 deterministic path key for offer paths' node IDs recovery#885321M4TW wants to merge 2 commits intoElementsProject:masterfrom
21M4TW wants to merge 2 commits intoElementsProject:masterfrom
Conversation
offers: offers that include offer_paths now omit offer_issuer_id and sign with the blinded path alias' key by default. An optional force_issuer_id field is also added to the offer command so the offer_issuer_id is included even when not required to reach the issuer due to the existence of offer_paths.
…m the offer's `path_id`, `N_0` and the path's index so the offer's paths can be recovered when an invoice is fetched. Offer paths' node IDs and the used path index stored in struct invreq.
21M4TW
force-pushed
the
bolt12_deterministic_path_key
branch
from
2e09992 to
62435d8
Compare
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is an extension to #8238. In addition to signing invoices that don't have an
offer_issuer_idusing the key from the last usedblinded_pathnode, this new PR generates the private path key deterministically (seederive_first_path_privkeyfromcommon/blindedpath.c) in such situation and it is then used to recover the offer paths' node IDs (unblind_pathsfromcommon/blindedpath.c). It also derives thepath_pubkeythat is then used to tweak the private key to sign the invoice. In contrast, in #8238,path_pubkeywas derived using information from the onion message, but the offer paths' node IDs could not be recovered, as thepath_privkeyinformation was lost after the offer was generated.So in addition to generating offers without an
issuer_idand signing related invoices using the proper key, this PR recovers the offer paths' node IDs, which will enable the generation of invoices with matching paths (addressing #8041) in a future PR.In this PR, the first path private key for a given path is generated using
e_0 = HMAC256(\text{"first_path_privkey"}, SHA256(path_id || N_0 || path_index))where
path_idis the secret stored in the offer'sencrypted_data_tlvand that is only known by the payee, and whereN_0andpath_indexare thefirst_node_idand the 64-bit index of the path, respectively.Checklist
Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:
tools/lightning-downgrade