1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

1056 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
22b9c87453
Merge pull request #1182 from rustyrussell/clarify-onions-part-2
Clarify onions part 2: a bit deeper rework
2024-08-13 16:11:20 -07:00
Alex Bosworth
9b7895b209
Make blinded link work (#1190)
Fix link reference to point at sub section with minimal link reference
2024-08-12 17:00:39 +02:00
Rusty Russell
0aae209c1a BOLT 4: fix nomenclature in bolt04/route-blinding-test.json
Bastien points out we didn't update this when we changed terms.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-30 06:57:20 +09:30
Rusty Russell
3c0fd9ad90 BOLT 4: More clarifying changes.
1. Always use the term `encrypted_recipient_data` for the encrypted field:
   it's confusing enough without multiple names!
2. Don't give an option for joining blinded payments, since everyone will
   use an unblinded payment to the introduction node (at least, for now).
3. Avoid the term "payer" and at least note that encrypted_recipient_data
   can be made by the sender themselves, pointing out that the forwarding
   node cannot tell.

Thanks t-bast and gijswijs for this feedback!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-30 06:56:48 +09:30
Rusty Russell
6654c5711a BOLT 4: rename onionmsg_hop to blinded_path_hop
It's used for blinded payment paths, too, not just onion messages.

Suggested-by: @t-bast
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:56:32 +09:30
Rusty Russell
43725d7f07 BOLT 4: put dummy hop recommendation into the requirements.
It was mentioned in the rationale only.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:55:27 +09:30
Rusty Russell
d91642e6a0 BOLT 4: try to improve blinded path description.
It's a bit complex, but try to convey the idea of an introduction point,
blinded node ids and encrypted blobs.  Since the requirements detail the
two ways to reach the introduction node, I handwaved on that a bit.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:54:27 +09:30
Rusty Russell
9c15a5c092 BOLT 4: clarify blinded path requirements.
Writer parts:
1. Be explicit that the writer creates a route.
2. Make it clear we create shared secrets, then derive blinded points.
3. Refer explicitly to all `blinded_path` fields.

Split reader into the *two* readers:
1. The reader of the blinded path, who uses it to make an onion (which wasn't described at all!)
2. The reader of the encrypted_recipient_data, who decrypts it.

In the latter case, we don't have to discuss unblinding the onion since
that's now covered in the "Onion Decryption" section.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:53:27 +09:30
Rusty Russell
6c0f0d878f BOLT 4: concretely refer to the blinded_path type and field when constructing.
This spec was initially written before the `blinded_path` type
existed.  Be precise (and we no longer need to say "MUST communicate"!).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:45:10 +09:30
Rusty Russell
14ebb445e6 BOLT 4: move Route Blinding section up a level, and put blinded_path type there.
It's currently buried in the onion message section, but it applies to payments too.

We now have a separate sub-section for the encrypted_data_tlv definition.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:41:35 +09:30
t-bast
3fffab3b88 Clean-up nits
This commit doesn't change the logic at all, it simply:

- removes `realm` from onion test vector
- cleans-up markdown formatting and indents
- fixes typos and missing parenthesis
- consistently uses `_` instead of `-` for field names
- fixes math formatting (including changes from #1169 and #1158)
2024-07-17 10:40:35 +09:30
Rusty Russell
5e9ea22272 BOLT 2, 4: rename blinding to path_key.
Sure, it's used to derive a secret for blinding, but it's also used to derive the key
for encrypted_recipient_data.  It's not used as a blinding factor *directly*.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:40:35 +09:30
Rusty Russell
bc1ce064d2 BOLT 2, BOLT 4: refer to the onion decryption section in update_add_htlc/onion message requirements.
This ties it together, saying what to use as associated data, blinding, and what to do on failure.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:40:35 +09:30
Rusty Russell
8abd9c7e26 BOLT 4: Generalize and create proper requirements for onion decryption
There's currently a *description* of how to decrypt an onion, and some requirements
in forwarding.  But it also applies to onion messages, so:

1. Turn the description into actual enumerated requirements.
2. Ensure the description covers both payload and messaging onions.
3. Include both methods to apply the blinding tweak.
4. Leave the actual handling of the extracted payload (payment vs messaging onion) to those specific sections (e.g. reporting failure)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:40:35 +09:30
Rusty Russell
6a51861d93 BOLT 4: remove obsolete references to realm
This was from the legacy onion, and is no longer present.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-07-17 10:40:35 +09:30
Elle
e29fca5703
bolt4+proposals: fix max_cltv_expiry calculation (#1176)
* BOLT4: include `min_final_cltv_expiry_delta` in `max_cltv_expiry` calc

Include `min_final_cltv_expiry_delta` in the `max_cltv_expiry`
calculation. Also add a note that indicates that this field may be set
for the final node too. This is useful for the final node as then it
does not need to persist the path expiry separately and can rely on just
checking the `payment_relay` field when the payment arrives.

* BOLT4: include calculation for `total_cltv_delta` of a blinded path

Include an explicit formula to use for determining the total CLTV delta
of a blinded path so that it is clear that it should include the
recipient's `min_final_cltv_expiry_delta`.

* proposals: fix `max_cltv_expiry` value for final hop in example

More info
[here](https://github.com/lightning/bolts/issues/1174#issue-2371364610)
outlining why the example needed to be updated.
2024-07-15 22:20:48 +02:00
Matt Corallo
93b7ee031b
Drop the required channel_update in failure onions (#1173)
As noted previously, `channel_update`s in the onion failure packets
are massive gaping fingerprintign vulnerabilities - if a node
applies them in a publicly-visible way the err'ing node can easily
identify the sender of an HTLC.

While the updates are still arguably marginally useful for nodes to
use in their pathfinding local to retires of the same payment, this
too will eventually become an issue with PTLCs. Further, we
shouldn't be letting nodes get away with delaying payments by
failing to announce the latest channel parameters or enforcing new
parameters too soon, so treating the node as having indicated
insufficient liquidity (or other general failure) is appropriate
in the general case.

Thus, here, we begin phasing out the `channel_update` field,
requiring nodes ignore it outside of the current payment and making
it formally optional (though nodes have been doing this for some
time due to various bugs).

Because some nodes may want to use update data on mobile when they
have stale gossip data, it is left optional.
2024-07-11 09:32:21 +02:00
ziggieXXX
64ce121cdc
BOLT04: Add rationale for constant error decryption. (#1154)
To avoid timing analysis when decrypting failed payments the sender
should act as if the failure in the route came for the 27th hop.
Also changed the maximum number of hops in the route from 20 (legacy)
to 27 (tlv onion).
2024-07-02 12:03:54 +02:00
Rusty Russell
c562d91ace BOLT 2: add requirement for disconnect if quiescence takes too long with HTLCs pending.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-06-18 07:08:11 +09:30
Keagan McClelland
99d67c6c73 require quiescence sessions to be single-use 2024-06-18 07:08:11 +09:30
Rusty Russell
5dd9d9cd5f BOLT 2: quiescence protocol.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>




Header from folded patch 'bolt_2__set_an_initiator_in_quiescence.patch':

BOLT #2: Set an initiator in quiescence.

This is especially useful for protocols such as splicing; for
simplified commitment transactions, there is already an implied
initiator at each point, so having the negotiation at splicing
time would be redundant.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>



Header from folded patch 'option_quiesce__feature_to_support_stfu_method.patch':

option_quiesce: feature to support stfu method.

In practice, sftu is useless unless you have something (e.g. channel_upgrade)
which uses it, but adding a feature is best practice IMHO.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-06-18 07:08:11 +09:30
Olaoluwa Osuntokun
57ce4b1e05
Merge pull request #1165 from t-bast/remove-old-features-typos
Clean-up: follow-up on removing spec features
2024-06-03 13:11:04 -07:00
t-bast
3e9b5728cc
Clean-up: follow-up on removing spec features
This is a follow-up to https://github.com/lightning/bolts/pull/1092
that fixes the following issues:

- fix a few typos
- remove non-zero-fee anchors test cases
- remove `remote_pubkey` rotation
2024-05-21 10:58:55 +02:00
Rusty Russell
fc687e8c76 BOLT 9: Remove initial_routing_sync.
This only had an effect when `gossip_queries` was not negotiated, which is now assumed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-20 15:06:27 -05:00
Rusty Russell
fce8bab931 BOLT 9: Assume gossip_queries.
Supported by all but 11 nodes*.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[* there are 449 three-year old LND nodes which advertize `2200` as their features, which have already been trimmed from most gossip for not having htlc_maximum_msat in their channel_updates]
2024-05-20 15:06:27 -05:00
Rusty Russell
e042c615ef BOLT 9: assume var_onion_optin.
Advertized as supported by all but 6 nodes (and those can no longer
route payments since people only send the modern onion these days)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-20 15:06:27 -05:00
Rusty Russell
c48b4e3b27 BOLT 9: rename option_anchors_zero_fee_htlc_tx to option_anchors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-20 15:06:27 -05:00
Rusty Russell
d745028f65 BOLT 9: Remove option_anchor_outputs, in favor of option_anchors_zero_fee_htlc_tx.
It's supported only by pre-23.05 core-lightning nodes built with
EXPERIMENTAL_FEATURES.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-20 15:06:27 -05:00
Rusty Russell
91f4bd2383 BOLT 9: option_data_loss_protect and option_static_remotekey are now assumed.
These still have names and numbers, since they appear in `channel_type`.  They are somewhat tangled with each other, so let's tie them together as assumed.

option_data_loss_protect is advertized by all by 11 nodes(*), and option_static_remotekey all but 16 nodes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[* there are 449 three-year old LND nodes which advertize `2200` as their features, which have already been trimmed from most gossip for not having htlc_maximum_msat in their channel_updates]
2024-05-20 15:06:27 -05:00
Rusty Russell
b750c3d8f9 BOLT 9: Add ASSUMED marker we can use on features.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-05-20 15:06:27 -05:00
Bastien Teinturier
5f8fea8dc3
gossip: 12-blocks delay channel closed follow-up (#1156)
We introduced a 12-blocks delay for channel closing in #1004, but we
didn't update the requirement in the section about pruning.
2024-05-07 09:45:44 +02:00
Olaoluwa Osuntokun
db278ab9b2
Merge pull request #1151 from Roasbeef/blinded-paths-notation
BOLT-04: use underscores in place of parens for blinded paths notation
2024-04-22 13:21:55 -07:00
Olaoluwa Osuntokun
ed012edc15
BOLT-04: convert blinded paths syntax to use LaTeX rendering
Github now supports inline LaTeX rendering:
https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions

In this commit, we use this new feature to improve the rendering of the
routines for blinded paths.
2024-03-27 18:30:37 -07:00
Olaoluwa Osuntokun
25e7dbd5ed
BOLT-04: use underscores in place of parens for blinded paths notation
In this commit, we propose a purely syntactical change to the current
blinded paths specification. Rather than denote the public key of the i-th
node as `E(i)`, we propose that instead it's denoted as: `E_i`. This results
in less overall characters, and is more similar to notation customarily
used in LaTeX.

My personal preference is that the proposed notation is easier to scan at a
glance, and also less ambiguous (doesn't look like a function call).
2024-03-27 18:30:31 -07:00
Erik De Smedt
08ce2f6f83
Fix broken link in BOLT-2 (#1148) 2024-03-14 11:48:03 +01:00
Carla Kirk-Cohen
78e5a6b066
04-onion-routing: strict validation of scid for blinded payments (#1147)
This commit updates bolt04 to more strictly enforce that encrypted_data
that is part of a blinded payment only has short_channel_id set. On
the reader side, we disallow setting of both short_channel_id and
next_node_id (which is intended for use in the context of onion
messages), and on the writer side we specify that next_node_id should
not be included by recipients.
2024-03-12 09:56:54 +01:00
Trigger
60de4a0972
BOLT 7: correct the default min_final_cltv_expiry_delta in routing example (#1143) 2024-02-22 10:01:47 +01:00
Rusty Russell
8fc3ba9f0c
BOLT 4: It's Check Lock Time Verify not Check Time Lock Verify. (#1141)
I always get this wrong too, so CLN actually has a source check for this, and it triggered when importing the latest spec!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-02-19 09:34:00 +01:00
jrakibi
ec525cc418 Update Signet port to correct hex value in BOLT #1 spec 2024-02-16 08:57:36 +10:30
niftynei
0bdaa8b9f6 dual-fund: add require_confirmed_inputs to RBF messages
Make `require_confirmed_inputs` explicit for RBF regnegotiation.

Requested-By: @t-bast
2024-02-13 11:55:23 -06:00
niftynei
6018a4d43b dual-fund, verbiage: clarify situation for closing a underfunded channel
Moved up some rationale from the Rationale section and added a
bit of clarification to when you'd want to close/cancel an open.

Reported-By: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
bd1460d8cf dual-fund, wording: move sighash_all into existing verbiage
Suggested-By: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
d9c571d25d dual-fund, nit: change wording on common input heuristic
Suggested-By: @devrandom
2024-02-13 11:55:23 -06:00
niftynei
f0c9ff732f tx-signatures: address comments regarding underpyament of fees
Reported-By: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
076f21d65e nit: verbiage + wording
Suggested-By: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
fa879e325c tx-complete: clarify that the total input/total output incl funding
Found-by: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
11dea59504 tx-abort: port over meaning of the data field from warning
`tx_abort`'s structure comes from the `warning`/`error` messages,
but we failed to port over the rationale/rules for the `data` field.

Suggested-By: @morehouse
2024-02-13 11:55:23 -06:00
Dustin Dettmer
71e67e6d46 Bolt 2: Make interactive-tx explicitly use SIGHASH_ALL
This was previously assumed but adding it to the spec makes it explicit, should we ever want to change it in the future.

Suggested-By: @morehouse
2024-02-13 11:55:23 -06:00
niftynei
c51ef43fee interactive-tx: highlight MUST of serial_id sorting
Suggested-By: @dunxen
2024-02-13 11:55:23 -06:00
Duncan Dean
2ddddbd7c2 Use bitcoin wire encoding for witnesses 2024-02-13 11:55:23 -06:00