Olaoluwa Osuntokun
1f4003cead
Merge pull request #793 from Roasbeef/sphinx-ephemeral-blinding
...
ch-10: add initial explanation of session key randomization
2021-09-16 19:01:46 -07:00
Olaoluwa Osuntokun
8182f370c0
ch-10: add initial explanation of session key randomization
...
In this commit, we include an initial explanation of the session key
re-randomization scheme that makes the Sphinx packet format so compact.
Alice is able to generate all the necessary session keys up front by
using an initial session key, and doing an EC multiplication of that key
and a blinding factor derived from information of the last hop.
I wanted to use sub-scripts for a lot of the notation here, by the
asciidoc renderer I use didn't seem to be able to render them....
I think I want to make another pass and blend in the initial explanation
in the high level style of the initial ECDH explanation.
2021-09-16 19:00:49 -07:00
Viktor Tigerström
9cee9e2b43
Typo and grammar fix in chapter 10 ( #836 )
...
Typo and grammatical fixes in paragraph 534, change "read to send" to "ready to be sent".
2021-09-15 18:39:38 +02:00
Owen Gunden
d433847425
typo ( #814 )
2021-09-10 20:58:07 +02:00
Owen Gunden
1d24337ba7
add missing 'to' ( #812 )
2021-09-10 20:56:55 +02:00
Owen Gunden
8c39d3bd9e
grammar fixes ( #810 )
2021-09-10 20:55:48 +02:00
Owen Gunden
e387ad75a9
fix typo ( #809 )
2021-09-10 20:55:22 +02:00
Owen Gunden
7b6221a581
fix typo ( #808 )
2021-09-10 20:55:05 +02:00
Owen Gunden
10f5995f5a
typo ( #807 )
2021-09-10 20:54:36 +02:00
Owen Gunden
a34f9df604
typo ( #806 )
2021-09-10 20:54:04 +02:00
Andreas M. Antonopoulos
5be6276ec2
Moved stuck/stuckless payments and PTLCs to onion chapter
2021-08-04 08:54:02 +02:00
Olaoluwa Osuntokun
fc85d6e83e
ch-10: chan extracts the inner HMAC instead of verifying again
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
34f08eef84
ch-10: expand high level explanation of how Bob constructs the next onion packet
...
Still need to expand on the blinded of the session key as noted in the TODO section below.
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
f9d600f97e
ch-10: bob only verifies the HMAC once, but he extracts the outer HAMC for chan
...
Continuing to propagate HMAC fix, Bob does't need to verify the HMAC again, instead he needs to extract the inner HMAC, as it'll become the outer HMAC for Chan.
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
6127633569
ch-10: propagate ordering fix to the other hops
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
bd082abae0
ch-10: add section on replay protection+detection
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
e2d2bede3d
ch-10: fix ordering of HMAC steps, HMAC is computed over encrypted payload
...
The outer HMAC for the final hop is computed over the encrypted payload. Instead, the inner HMAC is just blank for the final hop. In this commit, we switch the ordering to reflect this. The diagrams will need to be updated as well.
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
351d45b669
ch-10: explain the distinction between the outer and inner HMACs
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
536e4ad697
ch-10: add extra description of the 2 ways to recognize a terminal packet
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
d6a8ca6c36
ch-10: specify that mu key is used to generate the inner HMAC
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
80624d94c5
ch-10: mention that the inner HMAC for the final hop is all zeros
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
47e4018eb4
ch-10: mention session key re-blinding scheme at the core of sphinx
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
d725b9cba5
ch-10: elaborate more on the usage of the rho key in the scheme
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
5ca029ad93
ch-10: small typo fix
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
fe4a1870d2
ch-10: explcitily call out all zero for scid as final hop indicator
...
In practice, the HMAC for the _next_ hop is also zero, but most
implementations will check the `scid` value instead.
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
4c6f23835d
ch-10: typo fix for total_msat description
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
fdb2d8748f
ch-10: mention the role of the payment_secret in e2e security
...
Without this value, any intermediate node can construct a _new_ onion
packet with modified values for the CLTV and amount, to attempt to see
if the next hop is actually the final hop in the route.
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
9272814286
ch-10: minor grammar fix for Alice payload construction
2021-07-26 08:56:09 +02:00
Olaoluwa Osuntokun
1f9fdd4bda
ch-10: add errata about htlc min+max also being included in chan updates
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
c08db66263
Small edit
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
489a46cb0f
Error return and conclusion
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
a061568754
Unwrapping the onion diagrams
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
b50af33288
Unwrapping the onion
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
bafcc1c93d
misc edits and heading changes, README update
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
a6d7fcccda
Breakdown wrapping the onion into more steps
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
fe29c5d894
Wrapping the onion done
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
e2e8dc3e92
wrapping the onion
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
e3b3a42e70
onion payloads, key gen, ECDH
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
af152cbebc
onion routing path and payloads
2021-07-26 08:56:09 +02:00
Andreas M. Antonopoulos
7d775e12f8
rename and README update
2021-07-26 08:56:09 +02:00