1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

53 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
8dd0b75809 BOLT-04: modify Sphinx packet construction to use starting random bytes
In this commit, we modify the existing instructions to create the Sphinx
packet to no longer start out with a zero initialize set of 1366 bytes.
Instead, we now instruct the sender to use _random_ bytes derived from a
CSPRG. This fixes a recently discovered privacy leak that allows an
adversarial exit hop to ascertain a lower bound on the true path length.

Note that this doesn't affect packet processing, so this is a backwards
compatible change. Only clients need to update in order to avoid this
privacy leak.

After this change is applied, the test vectors as is don't match the
spec, as they're created using the original all zero starting bytes. We
can either update these with our specified set of random bytes, or leave
them as is, as they're fully deterministic as is.

An alternative path would be to generate more random bytes from the
shared secret as we do elsewhere (the chacha based CSPRNG).
2020-01-24 18:17:10 +01:00
Rusty Russell
b2a3c2fb07 BOLT 9: Add feature bits for payment_secret and basic_mpp.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 03:48:57 +00:00
Rusty Russell
206084c939 BOLT 9: flatten feature fields.
We simply specify, in each case, where they will appear ("Context").

Because `globalfeatures` is already in use, we fold that into the
renamed `localfeatures` field to unify them (now called `features`),
but dissuade further use.

Note also: we REQUIRE minimal `features` field in
channel_announcement, since otherwise both sides of channel will not
agree and not be able to create their signatures!

Consider these theoretical future features:

`opt_dlog_chan`: a new channel type which uses a new discrete log HTLC
type, but can't support traditional HTLC:

* `init`: presents as odd (optional) or even (if traditional channels
  not supported)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: presents as even (compulsory), since users need
  to use the new HTLCs.

`opt_wumbochan`: a node which allows channels > 2^24 satoshis:

* `init`: presents as odd (optional), or maybe even (if you only want
  giant channels)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: not present, since size of channel indicates
  capacity.

`opt_wumbohtlc`: a channel which allows HTLCs > 2^32 millisatoshis:

* `init`: presents as odd (optional), or even (compulsory)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: odd (optional) since you can use the channel
  without understanding what this option means.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
2019-11-25 19:34:23 +00:00
Rusty Russell
2afe3559e8 option_static_remotekey: final draft.
This separates out the static remotekey changes from the more ambitious
option_simplified_commitment (which also included pushme outputs and
bring-your-own-fee for HTLC outputs).

As per http://www.erisian.com.au/meetbot/lightning-dev/2019/lightning-dev.2019-09-02-20.06.html

Thanks to everyone for feedback: @araspitzu @roasbeef @bitconner

Suggested-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-26 06:19:58 +00:00
sstone
1f95ea95bc Spelling fixes 2019-09-16 22:36:59 +02:00
sstone
0b5ba0cd4e BOLT7: query_short_channel_ids: allow requesting specific information (folded)
Nodes can append additional data to their `query_short_channel_ids`
messages, which consists in one flag per short channel id and
specifies what they would like to receive (`node_announcement`,
`channel_announcement`, or/and one `channel_update` or both).
2019-09-16 22:36:59 +02:00
Rusty Russell
3da8923453 spelling: check all the .md files
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-28 07:03:19 +00:00
Christian Decker
4ac1bcc99b bolt04: Shut the spellchecker up 2019-07-26 11:38:33 +02:00
Rusty Russell
2fe6af8567 spellcheck: allow space-separated hex, and a few new terms.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-22 23:27:13 +00:00
Conner Fromknecht
65784f755f BOLT01: swap CompactSize for BigSize in TLV format
This commit modifies the varint encoding used for TLV types and lengths
to use a custom format called BigSize. The format is identical to
bitcoin's CompactSize, except it replaces the use of little-endian
encodings for multi-byte values with big-endian. This is done to prevent
mixing endianness within the protocol, since otherwise CompactSize would
be the first introduction of little-endian encodings.
2019-07-22 15:19:09 -05:00
Ugam Kamat
1db481ffeb BOLT #7: receiving node requirements related to timestamp for channel_update message (#621)
Clarify timestamp requirements for channel_update messages.
2019-07-16 09:24:26 +02:00
Conner Fromknecht
779664cd82
BOLT01: add TLV spec 2019-06-12 15:14:55 -07:00
Rusty Russell
a07dc3df3b BOLT 2: add missing spellcheck words, change 'funding txo' to 'funding output'.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-10 02:46:07 +00:00
Rusty Russell
fd9da9b95e BOLT 7: Add compressed (zlib) encoding.
[ Note: in retrospect, adding this in the initial draft without its
  own feature bit was a mistake.  It was a premature optimization,
  adds complexity and removes the ability to disable it if a problem
  is found without disabling gossip_queries entirely.  However, it
  is already deployed as-is. --RR ]
  
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-28 00:21:23 +00:00
Rusty Russell
f6312d9a70 BOLT 7: query_messages option.
[ This was a joint effort by many people, with iterations not
  indicated in this final commit: thanks to all who reviewed and
  polished!  Particularly: @jimpo @cdecker @sstone @ZmnSCPxj ]

This enables three new functions:

1. query_short_channel_ids: they will send channel_announcement /
   channel_update / node_announcement followed by reply_short_channel_ids_done.
2. query_channel_range: they will send one or more reply_channel_range
   with the short_channel_ids in these blocks.
3. gossip_timestamp_filter: filters what gossip they send.

It also changes behavior: we no longer send a `channel_announcement`
until we have at least one `channel_update`.  The announcement is
fairly useless without an update already, but this in particular
enables reasonable timestamp filtering (channel_announcement does not
have an explicit timestamp).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-28 00:21:23 +00:00
DanielWeigl
48bbee8d55 add the word 'regtest' to the spellchecker 2018-04-30 20:23:38 +00:00
Jim Posen
c4e42bcfd6 BOLT 4: Rearrange sections, moving dependent concepts lower. 2018-03-05 20:11:32 +01:00
Jim Posen
3927ae3fd1 BOLT 4: Update onion construction reference code.
The description now suggests the use of an ephemeral private key, so
the reference code is simplified by using that concept. The reference
code is also updated to make fewer calls to undefined functions.
2018-03-05 20:11:32 +01:00
Jim Posen
5a3b5ce0bd BOLT 4: Clarify the onion construction section.
The new description introduces the concept of an ephemeral private key,
which I find easier to reason about and suggests a linear instead of
quadratic construction algorithm.
2018-03-05 20:11:32 +01:00
Rusty Russell
c132855d4b Spelling list: add new words.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-20 01:10:38 +00:00
Conner Fromknecht
e24d36eb4f aspell: adds injection attack keywords to dictionary
* javascript
 * Javascript
 * DOM
 * SQL
 * XSS
 * Implementers
 * sanitization
2018-02-05 23:38:01 +00:00
Christian Decker
815182ea26 spell: Add BTC acronym to dictionary 2018-01-22 20:10:53 +01:00
Rusty Russell
7ab1665b2a BOLT 2: clarify that feerate is in *satoshi* per ksipa.
We don't actually say that!

Closes: #336
Reported-by: Matt Corallo
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-09 03:06:29 +00:00
Landon Mutch
b36d0bd9e3 make spellcheck happy 2017-12-22 00:24:48 +00:00
Landon Mutch
4e6eb48e14 make spellcheck happy 2017-12-21 04:08:33 +00:00
Rusty Russell
e7f34dc932 spelling: add incentivize to dictionary.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-18 19:13:21 +00:00
Shannon Appelcline
faba9241ac Manual rebase of Shannon's PR-294 rewrite.
This got a little messy as some changes now needed to be applied in
two places, and other wording has been completely removed.  Another
pass on top will be required.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-08 01:09:42 +00:00
Landon Mutch
aed4b11423 make spell check happy 2017-12-07 02:36:10 +00:00
Landon Mutch
c00df17214 BOLT 0,2: update stylesheet, apply associated changes, 2nd pass copy-edit
BOLT 0: Update style sheet to reflect correct Bitcoin capitalizations
BOLT 2: Complete second pass copy-edit according to stylesheet guidelines
2017-11-28 23:11:55 +00:00
Shannon Appelcline
da67c9a3f7 Appended Bitcoins to word list 2017-11-27 23:38:01 +00:00
landonmutch
04301add81
Merge branch 'master' into master 2017-11-15 03:33:36 -08:00
Rusty Russell
4f91f0bb2a htlckey: new basepoint avoid holding the payment secret.
This is stolen from @sstone's #243 "reduce attack surface".

This breaks compatibility, as agreed at the 2017-11-13 meeting.
Note also that it does not update the test vectors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-14 22:58:11 +00:00
Landon Mutch
24896d847d make spellcheck.sh happy 2017-11-13 19:18:09 -08:00
Pierre-Marie Padiou
d1fbfd30f8 BOLT 7,11: Added an optional min_final_cltv_expiry field in BOLT 11 (#258)
Added an optional `c` field in the payment request specifying the
minimum `cltv_expiry` to use for the last htlc in the route. If
not provided, default value is 9.

This commit also clarifies how `channel_update` messages are only
to be used in the context of relaying payments, and how both htlc
amounts and expiries are to be calculated backwards from the values
provided in the payment request.

Not needing the `channel_update` for the first channel in a route also
means that it is possible to make a payment through a channel which 
hasn't had any announcements yet.
2017-10-18 15:31:31 +02:00
Rusty Russell
1066c31c4b aspell: clean up and remove unused words.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-17 10:33:12 +00:00
Rusty Russell
ca713c8c6b Remove BOLT #6 from index, spelling list.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-17 10:33:12 +00:00
Rusty Russell
fcc8830cc9 Typo fix: CTLV -> CLTV.
Locktime, not timelock.  Found this in my code, too, so pretty sure
it's my fault!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-07 14:57:20 +10:30
Christian Decker
024f695bd1 Shutting the spellchecker up 2017-09-13 13:03:21 +02:00
Rusty Russell
955e874acc BOLT 11: recommend URI schemes.
This is unofficial, since we don't have IANA tag, but it doesn't
clash with any existing one.  We'll see if this turns out to be something
people want.

Closes: #206
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-22 10:05:09 +09:30
Christian Decker
017b16ee33 bolt10: shutting the spellchecker up once more 2017-08-21 22:53:18 +02:00
Christian Decker
059125dda4 tools: Add CLTV acronyms 2017-07-30 15:15:24 +02:00
Christian Decker
964527158e tools: Adding 'BOLTs' to the dictionary 2017-07-24 13:25:15 -07:00
Rusty Russell
ac8b830598 BOLT 2: channel_reestablish message, retransmission simplification.
This adds a message for each channel reconnect (after we've
sent/received `funding_signed`, ie. when we rememeber the channel),
which says exactly how many `commitment_signed` and `revoke_and_ack`
we've received.  Really, we could use one bit for each (they could
only be missing the last one), but better to be clear.

This leaves the "rollback if didn't get commitment_signed"
requirement, but avoids any need to handle update duplicates or wonder
what update number a `commitment_signed` applies to after reconnect.

Many thanks to pm47 and roasbeef especially for constructive feedback
which made this far better than I originally had.

Closes: #172
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-28 06:46:26 +09:30
Rusty Russell
01571c1e58 Bolt 11: Invoice Protocol for Lightning Payments (#183)
This specifies a draft invoice protocol for lightning payments.

Particular thanks for detailed feedback from:
* ZmnSCPxj <ZmnSCPxj@protonmail.com>
* @Saicere  
* @kallewoof
* @halseth 
* @cdecker 

Signed-off-by: Rusty Russell <rusty@blockstream.com>
2017-06-27 20:08:13 +09:30
Rusty Russell
7d6a4f82f4 tools/spellcheck: expiries is a valid word.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-19 11:12:54 +09:30
Christian Decker
6713b26272 aspell: Make CI happy again 2017-05-18 09:56:05 +09:30
Rusty Russell
8a35f1f134 tools/spellcheck: add modern words to our dict (Travis is old)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Rusty Russell
c7092de08b tools/spellcheck.sh: add --check option, add tests to travis.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Rusty Russell
925b39a619 BOLT 3: typo fixes.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Rusty Russell
c3b078bad2 BOLT 2: typo fixes.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30