From f7277cea437add0e62fa579d7c88fd92a3d0f29c Mon Sep 17 00:00:00 2001 From: sstone Date: Wed, 17 May 2017 17:57:35 +0200 Subject: [PATCH] BOLT 4: rationale for the last node's payload Specify the payload for the last node in the route and how it is used to return errors. The idea is to prevent the next to last node to guess if the next node is the final one. --- 04-onion-routing.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/04-onion-routing.md b/04-onion-routing.md index dfb38c5..f24180e 100644 --- a/04-onion-routing.md +++ b/04-onion-routing.md @@ -166,6 +166,19 @@ Nodes forwarding HTLCs MUST construct the outgoing HTLC as specified within `per_hop`. Otherwise, deviation from the specified HTLC parameters may lead to extraneous routing failure. +### Payload for the last node + +The last node in the route could just discard its payload since it will not forward payments. However, when building the route, the original +sender must use a payload for the last node with the following values: +* `outgoing_cltv_value` is set to the final expiry specified by the recipient +* `amt_to_forward` is set to the final amount specified by the recipient + +This way, the final node can check these values and return errors if needed, which will defeat probing attacks by the next to last node which could +try to find out if the next node is the last one (by re-sending HTLCs with different amounts/expiries): + +The last node will extract its onion payload from the HTLC it has received and compare its values to the HTLC values. +See the [Returning Errors](#returning-errors) section below for more details. + ## Packet Construction Assuming a _sender node_ `n_0` wants to route a packet to a _final recipient_ `n_r`. @@ -584,7 +597,7 @@ HTLC at the final hop: 2. data: * [`4`:`cltv_expiry`] -If the `amt_to_forward` does not match the `incoming_htlc_amt` of +If the `amt_to_forward` is higher than `incoming_htlc_amt` of the HTLC at the final hop: 1. type: 19 (`final_incorrect_htlc_amount`)