1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

152 Commits

Author SHA1 Message Date
Christian Decker
d23f4b056c bolt04: Remove TLV based termination signal
As discussed during the IRC meeting on 2019-07-22 this would have been a
duplication of signals. It was decided to use one for now, with the option of
coming back should we ever need the last 32 bytes of the onion.
2019-07-26 11:38:33 +02:00
Christian Decker
0616c29bed bolt04: Introduce the destination_signal to the tlv_payload
As discussed during the spec meeting this allows us not to use the 32 byte
HMAC to identify the last hop, and use a 2-byte signal instead.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Christian Decker
6cdbedb649 bolt04: Add the TLV types for the new payload format
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Christian Decker
10c345bcf4 bolt04: Remove in-spec test vector in favor of JSON test vector
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Christian Decker
ecaf591bca bolt04: Amend the filler generation and onion decoding to varpayload
This actually introduces the variable size shift and filler generation.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Christian Decker
a148abbad5 bolt04: Describe the variable size hop_payload
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Christian Decker
3ac0091ef9 bolt04: Formatting cleanup and fold clarifications into conventions
The clarifications were tacked on after the fact, but they should really be
part of the conventions. I also updated the links to use the reference style,
which results in better text flow and makes it easier to read the source.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2019-07-26 11:38:33 +02:00
Orfeas Stefanos Thyfronitis Litos
238c06282d Rephrase last node payload requirements (#615)
Mention that `outgoing_cltv_value` has to be equal to
`min_final_cltv_expiry` and `amt_to_forward` has to be equal to
`amount` if the [BOLT #11](11-payment-encoding.md) invoice is used
2019-07-22 22:42:00 +02:00
Rusty Russell
6f6ea63233 BOLT 1,2,4,7: remove pubkey fundamental type in favor of point.
And remove `secret` and `preimage` types in favor of open-coding.

Agreed-at: http://www.erisian.com.au/meetbot/lightning-dev/2019/lightning-dev.2019-07-08-20.05.html

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-09 00:48:46 +00:00
Rusty Russell
6639cef095 Spec: use explicit types, not just bytelengths for fields.
It's trivial to make types->lengths, but not so much the other way.

The types I used here are the ones I found useful in implementation, and
I think add some clarity, though we can certainly argue about them.

There's no normative changes to the spec in here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-09 00:48:46 +00:00
sstone
da71867c84 BOLT 4: fix onion vectors
Final result was correct but intermediary results had not been updated when the payloads were changed.
Fixes #494
2019-02-18 20:20:42 +00:00
Orfeas Stefanos Thyfronitis Litos
835ca46a81 BOLT 4: Correct "16-byte" to "12-byte" (padding) 2019-02-04 23:45:38 +00:00
Rusty Russell
a2480ca138 BOLT 4: remove incorrect_payment_amount altogether.
914ebab908 effectively deprecated this, but
left it for "reject if more than 2x expected amount" case.

Leaving it for gross overpayment still leaves an attack on the current
network in practice (all implementations I know of reject grossly excessive
payments), and removing it causes our code to nicely break when regenerating,
since that error code is now not defined anywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-01-22 21:44:22 +01:00
Pierre-Marie Padiou
137106a716 report outgoing HTLC values when appropriate
For some relaying errors it makes more sense to report the values of the outgoing HTLC rather than the incoming HTLC.
2019-01-21 21:16:11 +01:00
Rusty Russell
cdb275b52e
Merge pull request #523 from nayuta-gondo/pr/20181204-ek_k
BOLT 4: fix the index of `ek`.
2019-01-07 19:42:17 +00:00
Matt Corallo
914ebab908 Merge incorrect_payment_amount and unknown_payment_hash errors
Because the errors are separate, if an intermediate node sees a
payment hash for relay and has several guesses as to the
destination of the payment, they can check their guesses by sending
HTLCs with the same payment hashes first and seeing the error sent
back.

By adding the htlc_msat that the final node received to
unknown_or_incorrect_payment_details, origin nodes can still
identify bad value-relaying peers.
2018-12-10 22:24:05 +00:00
Hiroki Gondo
88b0000a91 BOLT 4: fix the index of ek. 2018-12-04 18:05:49 +09:00
Conner Fromknecht
7163c52d93 04-onion-routing: document non-strict forwarding
This commit documents the allowance of non-strict
forwarding, permitting forwarding nodes to select
between any available outgoing channel with the peer
that would otherwise be specified by the
short_channel_id in the onion packet.

It also includes recommendations for fee schedules
when using non-strict forwarding, either by using
a uniform fee schedule with a peer or only
considering like-policied channels, to ensure the
channel is truly equivalent in terms of fee revenue
for the forwarder.
2018-11-29 04:21:46 +00:00
araspitzu
2b2e5632ca BOLT 4 Add clarifications about the longest route 2018-11-29 04:12:36 +00:00
araspitzu
90ba6ddbc5 Explicit the number of intermediate nodes in the longest route supported by the spec 2018-11-29 04:12:36 +00:00
araspitzu
a01efdd65e BOLT 4: clarify the maximum length of the route 2018-11-29 04:12:36 +00:00
Rusty Russell
bca814e270 BOLT 4: final_incorrect_htlc_amount should be 64-bits.
Fixes: #469
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-10-18 05:17:48 +00:00
sstone
6e6c28dae5 BOLT4: fix description of incorrect_cltv_expiry error
The explanation in the requirements section is correct but the
error message description was probably copy-pasted from
`final_incorrect_cltv_expiry`
2018-10-01 13:22:58 -07:00
ueno
3f2c747955 fix typos 2018-08-07 00:07:42 +00:00
Fabrice Drouin
33698608da Add changes requested by @cdecker 2018-05-14 01:03:44 +00:00
Fabrice Drouin
cac009cf7b BOLT4: channel_update is mandatory in UPDATE error messages 2018-05-14 01:03:44 +00:00
ueno
d52e54e1a4 the amount paid is less than the amount expected 2018-04-16 23:28:03 +02:00
Olaoluwa Osuntokun
71630b4766 BOLT 4: update sphinx packet test vector (#372)
* BOLT 4: update sphinx packet test vector

In this commit, we update the test vector for the final onion packet. In
commit 068b0bccf9, the per-hop payloads
were updated to use 8 byte amounts everywhere. However, the test vectors
were not updated. In 578573f92f the test
vectors were updated to use the proper version prefix. However, this
assumed that the state of the vectors as is was correct.

To remedy this, we've updated the test vectors to reflect the final
result using the current format for encoding the per-hop payloads. This
final test vector was generated using the original tool that we used to
confirm compatibility between the C and Go versions.
2018-04-16 16:41:04 +02:00
Jim Posen
c4e42bcfd6 BOLT 4: Rearrange sections, moving dependent concepts lower. 2018-03-05 20:11:32 +01:00
Jim Posen
3927ae3fd1 BOLT 4: Update onion construction reference code.
The description now suggests the use of an ephemeral private key, so
the reference code is simplified by using that concept. The reference
code is also updated to make fewer calls to undefined functions.
2018-03-05 20:11:32 +01:00
Jim Posen
5a3b5ce0bd BOLT 4: Clarify the onion construction section.
The new description introduces the concept of an ephemeral private key,
which I find easier to reason about and suggests a linear instead of
quadratic construction algorithm.
2018-03-05 20:11:32 +01:00
Jim Posen
745629d0f2 BOLT 4: Correct blinding factor calculation.
The instructions reference nodepk_k instead of epk_k.
2018-03-05 20:11:32 +01:00
Jim Posen
f7eb7e4d96 BOLT 4: Correct shared secret calculation.
Reference code and all implementations hash the ECDH output point with SHA256.
2018-03-05 20:11:32 +01:00
practicalswift
2c3466a2af Remove trailing whitespace 2018-01-30 04:54:31 +00:00
Rusty Russell
f6a91fbb11 BOLT 4: the failure codes are not one long enumerated list.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-30 03:47:32 +00:00
Shannon Appelcline
29ae44ec6e BOLT-4 Re-Edits
Minor edits, clarifications, and standardizations.
2018-01-30 03:33:48 +00:00
MeshCollider
4b5379b2ac Fix formatting of BOLT links 2018-01-22 14:02:01 +01:00
Landon Mutch
6586287d88 BOLT 4: fix requested changes by @rustyrussell 2017-12-14 02:07:36 +00:00
Landon Mutch
c4c77235ef BOLT 4: seperate out returning errors requirements, copy edit changes 2017-12-14 02:07:36 +00:00
Landon Mutch
91fbda6cb1 BOLT 4: seperate error messages from requirements 2017-12-14 02:07:36 +00:00
Landon Mutch
08f23a7515 BOLT 4: add packet forwarding requirements section 2017-12-14 02:07:36 +00:00
Landon Mutch
e840fdbded BOLT 4: couple last fixes and TODOs added 2017-12-07 02:36:10 +00:00
Landon Mutch
8165f28692 fix changes requested by @rustyrussell and @shannona in pr-299-rebased branch 2017-12-07 02:36:10 +00:00
Landon Mutch
aed4b11423 make spell check happy 2017-12-07 02:36:10 +00:00
Landon Mutch
54b49c09db BOLT 4: complete second-pass copy edit, introduced new terminology 'erring node', require a few clarifications 2017-12-07 02:36:10 +00:00
Landon Mutch
051f98a75e BOLT 4: second pass copy edit, update node terminology;
second pass copy edit to line 253, according to stylesheet
update node terminology to remove ambiguity; update conventions section and implement consistent usage of terms: origin node, final node, processing node, hop, sending peer, and receiving peer
2017-12-07 02:36:10 +00:00
Landon Mutch
4381f38279 BOLT 4: complete first pass copy edit by applying stylesheet guidelines 2017-12-07 02:36:10 +00:00
Landon Mutch
fe53690a9d BOLT 4: copy edit to line 735 2017-12-07 02:36:10 +00:00
Landon Mutch
a66fcf684c BOLT 4: first pass copy edit to line 600 2017-12-07 02:36:10 +00:00
Landon Mutch
94f717410f BOLT 4: first pass copy edit to line 366 2017-12-07 02:36:10 +00:00
Landon Mutch
7ce3341254 BOLT 4: apply stylesheet updates, first pass copy edit to line 128 2017-12-07 02:36:10 +00:00
Landon Mutch
07f44a4419 BOLT 4: copy-edit, reword Overview 2017-12-07 02:36:10 +00:00
Landon Mutch
560ae85007 BOLT 4: add ToC, format headers 2017-12-07 02:36:10 +00:00
Rusty Russell
c93cd75d88
BOLT 2,4: allow an error for HTLCs which expire too far away. (#265)
Fixes: #261

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-31 00:21:58 +00:00
Rusty Russell
58d4d9bca3 BOLT 2: Details of HTLC Timeouts, ie. cltv_expiry_delta.
Complete rewrite, including a routing example and the new
min_final_cltv expirt.  I hope this makes it clear.

(Thanks to everyone who reviewed and gave feedback; you rock!)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-19 12:44:53 -07:00
Christian Decker
d7791b6d4d BOLT04: Clarify that nodes should continue to unwrap the error onion
This is a partial response to #250. Reordering the HMAC and Encrypt
steps do not give us much, but we might want to hide the route
length. So we suggest that the node should continue unwrapping until
the maximum route length of 20 is reached.
2017-10-17 00:14:08 +02:00
Rusty Russell
fcc8830cc9 Typo fix: CTLV -> CLTV.
Locktime, not timelock.  Found this in my code, too, so pretty sure
it's my fault!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-07 14:57:20 +10:30
Christian Decker
578573f92f Update 04-onion-routing.md
Fixed test vector of full package
2017-09-18 22:47:28 +02:00
Christian Decker
0310e40eda BOLT04: Correct the sphinx packet version in the implementation 2017-09-18 22:47:28 +02:00
Fabrice Drouin
700b5e7a5d update test vectors
maximum error payload size is now 128 bytes, see #227
2017-09-13 13:02:46 +02:00
Olaoluwa Osuntokun
876b93151f BOLT 04: increase max size of onion payload messages (#227)
* BOLT 04: increase max size of onion payload messages

This commit increases the max size of the encapsulated onion error
messages. This is a follow up change to the recent change that added a
`chain_hash` field to the `channel_update` message. With the addition of
this field, the largest payload encoded within the onion errors has
expanded to 138 bytes:

  * msat_amount || 2_byte_len || channel_update.

As a result, the old fixed limit (including padding) is now
insufficient. We use 256 bytes here in order to give us room for future
message expansions.
2017-08-22 09:37:02 +09:30
Christian Decker
efd8096fa6 BOLT4: clarify that failure_code may reuse message type numbers
We reuse the numeric values that we previously assigned to message
types in the failure_code, but there is no possibility for a mixup
since the latter is not transmitted directly on the transport layer
but wrapped in a return packet. Hence there is no way of confusing the
two. Added a short clarification.

Reported-by: Janus Troelsen @ysangkok
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-24 13:25:15 -07:00
Rusty Russell
365a5a0f9f BOLT 4: channel_id -> short_channel_id
Consistency with BOLT 7 makes this much clearer.

Closes: #195
Reported-by: https://github.com/nayuta-ueno
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-11 10:41:01 +09:30
Rusty Russell
068b0bccf9 BOLT 2,4,7: use 8 bytes for amounts, restrict add_htlc for bitcoin only. (#175)
We had 4 byte fields for amounts because people have no ability to assess
risk, and this limited the damage to $70 at a time.

But then that means $1 maximum HTLCs on Litecoin, which isn't enough
for a cup of (decent) coffee.

Rather than have boutique hacks for Litecoin we enlarge the fields now,
and simply have a bitcoin-specific restriction that the upper 4 bytes be 0.

The ctlv_expiry field is moved down in update_add_htlc, to preserve alignment.

Suggested-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-23 12:36:34 +09:30
sstone
f7277cea43 BOLT 4: rationale for the last node's payload
Specify the payload for the last node in the route and how it is used to return
errors. The idea is to prevent the next to last node to guess if the next node is
the final one.
2017-05-19 11:12:54 +09:30
pm47
c60e5e05ec added a channel_disabled error message 2017-05-19 11:12:54 +09:30
pm47
b7a90e7e6a added UPDATE flag to temporary_channel_failure 2017-05-19 11:12:54 +09:30
Rusty Russell
bbe3c1979e BOLT 4: underscores and backticks everywhere.
This also converts data structures to the same format used elsewhere.

One other minor change, from:
	In addition, every _(address, HMAC)_-pair is incrementally obfuscated at each hop.
to:
	In addition, `hops_data` is incrementally obfuscated at each hop.

The old wording was left over from the previous format.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Fabrice Drouin
06de1a586e BOLT4: fix onion reply test vectors (see #158) 2017-05-05 12:01:51 +09:30
Rusty Russell
0b2e091da8 BOLT 4: typo fixes
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
ZmnSCPxj via Lightning-dev
7d3083e79a Add spellcheck tool (requires aspell), also spellcheck.
This is a multi-part message in MIME format.

This patch should apply to http://github.com/lightningnetwork/lightning-rfc

Nonidealities:

Aspell triggers spelling errors on the hexadecimal strings in
the test vectors. I don't have enough aspell-fu to figure
out how to make Aspell ignore these.

There are 2 possible pluralizations of `HTLC`: `HTLCs` and
`HTLC's`. I'd prefer the latter, but for now I support both.
We should standardize pluralization; we can edit the
`.aspell.en.pws` file to remove the pluralization we won't
choose.
2017-05-03 13:08:07 +09:30
Christian Decker
4a2146b1ed BOLT04: Update the go reference implementation 2017-04-26 09:59:30 +09:30
Christian Decker
a8bf53bba5 BOLT04: Updated test vectors
These test vectors should match BOLT04 after the change to merge
per-hop payloads and routing info into a single `hop_data` field. They
were generated by the golang version and crosschecked with the
`lightningd` version.

The per-hop `hop_data` were changed to be initialized by byte-filling
the `short_channel_id` matching their position in the route, and by
setting the `amt_to_forward` and `outgoing_cltv` fields to the same
value, i.e., for hop 3 the values are:

  short_channel_id = 0x0303030303030303
  amt_to_forward = 0x0000003
  outgoing_cltv = 0x0000003
2017-04-26 09:59:30 +09:30
Rusty Russell
8b29062f78 BOLT 4: Simplify onion format.
1. Only one per-hop thing, called `per-hop`, or `hops_data` when in aggregate.
2. Move HMAC to the end of stuff it covers, both of the packet itself, and the per-hop.
3. Use `channel-id` instead of RIPEMD(nodepubkey).
4. Use 4 byte amounts.
5. This is all for realm "0", we can have future realms.  We also have 16
   bytes of unused padding.
6. No longer need the `gamma` key, but document the `_um_` key used for
   errors.
7. Use normal 32-byte HMAC, not truncated 20-bytes, which more than eats
   up the room we saved.

The result is that the onion is now 1366 not 1254 bytes, but simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-26 09:59:30 +09:30
Christian Decker
48df730d42 bolt04: Specify that temporary channel failure also includes a channel_update 2017-04-26 06:05:22 +09:30
Rusty Russell
9dc3c5bf4a BOLT 4: clarify record keeping requirements. (#148)
We didn't note the actual requirements: we MUST reject replays we have forwarded
or paid to avoid replay attacks.  The details are difficult however; we have
to clean them out at some stage, and restrict the size somehow.  Suggest some
ways we could do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-24 05:19:54 +00:00
Fabrice Drouin
9cb9eef0de use 0x2002 (temporary node failure) as error message 2017-04-13 22:41:50 -07:00
Fabrice Drouin
52b7c2ddbf use correct cipher stream to obfuscate packets 2017-04-13 22:41:50 -07:00
Fabrice Drouin
2df1b0aecf BOLT 4: add test vectors for reply messages 2017-04-13 22:41:50 -07:00
Rusty Russell
e82b729a3a BOLT 4: error on last step if incorrect HTLC value.
This is particularly important if people start overpaying: a hop
may try to deduct 1 extra millisatoshi, which would be rejected by the
next unless the next is the final hop, enabling detection.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-10 17:57:17 -07:00
Rusty Russell
1a496d1941 BOLT 4: error if the final outgoing_ctlv_value is unexpected.
Not doing this check means an inconsistency in behaviour, which could
theoretically allow a hop to probe: if the next hop is the last, it might
not care, but if it's not it will return an error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-10 17:57:17 -07:00
Rusty Russell
6b80a9f258 BOLT 4: allow more overpaying.
The idea of the "SHOULD fail if amount is too much" was courtesy against
overpaying, but that's a bad idea of you value privacy and some vendor has
well-known prices.  Allow a factor of two, at least.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:41:44 +10:30
Pierre-Marie Padiou
3ec2c166b5 BOLT 4: using 4 bytes for outgoing_cltv_value (#95) 2017-02-01 13:20:57 +01:00
Christian Decker
96bbc8a9ee Merge pull request #81 from cdecker/onion-test-vectors
bolt04: Added onion routing test vectors for forward path
2017-01-17 13:46:46 +01:00
Rusty Russell
c93bf5cf8c BOLT 4: make format of failure codes the same as normal messages.
This reduces failure codes to 2 bytes, places them into data itself.

Now we can use the same parsing code for them as we use for normal packets.

BOLT 2 is adjusted to match, and order of args changed to restore sha256
alignment to a nice 8 bytes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-16 12:37:31 -08:00
Christian Decker
fea4c4a04e onion: Generated test-vectors with the libsecp256k1 ECDH variant
The previous test vectors were using the btcec variant corresponding
to RFC5903 Section 9, only using the X-coord of the result of the
scalar multiplication, whereas libsecp256k1 uses the compressed
serialization format, which includes the sign bit.
2017-01-13 18:11:48 +01:00
Christian Decker
061e5793d7 bolt04: Added onion routing test vectors for forward path
For now I just generated the wrapping direction since the unwrapping
relies on the steps in reverse. It's a 5-hop onion packet, padded to
the standard 20 hop size. Associated data and per-hop-payloads are
filled with dummy values, not the format described in the bolt.
2017-01-10 15:38:54 +01:00
Rusty Russell
82752d2219 BOLT 4: format data layout like BOLT 1 and 2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
31cf30109c BOLT 4: add padding field.
Christian points out that we lost our fixed sizedness when we included
more information in failure messages.  Add some padding to get that
back; by my calculations that gives us room for 30 bytes of expansion
before we'll see some odd-length packets again.

We can actually stash a message in here (hence contents unspecified),
but we shouldn't need to if our codes work.

Reported-by: Christian Decker <decker.christian@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
fde764bdcc BOLT 4: specify exact failure codes, and responses.
I looked through the error cases in our current prototype, and this
seems to cover most of them.  I classed them using bits, which
indicate how the origin should respond.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>



Header from folded patch 'fixes__renumber_failure_codes_for_consistency.patch':

FIXES: renumber failure codes for consistency.

Done as separate patch for now because it merely adds noise.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'fix__`failure-code`_and_`additional`_are_literal_field_names,_be_consistent.patch':

FIX: `failure-code` and `additional` are literal field names, be consistent.

Also, put HMAC fail before keyparse fail, since that's the first check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>


Header from folded patch 'bolt_2__add_another_method_of_failing_htlcs.patch':
2017-01-06 10:01:09 +10:30
Rusty Russell
ab2c5bf3c9 BOLT 2, BOLT 4: error response is not fixed-length.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Christian Decker
dbc2512591 bolt04: Added additional information field to return message
Added an `additional` field to the return message, so that we can
include any protocol level message to inform the sender about the
cause of the failure. This could for example be a `channel_update` if
the channel has become unusable. The message is no longer fixed size,
as hopefully the failure is a rare event, in which case timing
analysis becomes easy anyway.

Closes #53
2017-01-06 10:01:09 +10:30
Rusty Russell
d9aae8c727 BOLT 4: use outgoing, not incoming CLTV value.
If a node is being malicious, we get an error from the next hop either
way.  But if we've simply advertised a new cltv-expiry-delta, we
want to send our own error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Rusty Russell
8c674f26e7 BOLT 4: only return error messages, not success messages.
They're not reliable, so we can't count on them.  We also don't have a place
for forwarding them in BOLT 2's update_fulfill_htlc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-06 10:01:09 +10:30
Olaoluwa Osuntokun
69b8767017 BOLT04: specify per-hop-payload format (#56)
* BOLT04: specify per-hop-payload format
2016-12-20 10:54:42 +10:30
Rusty Russell
3f1948ec12 BOLT 4, BOLT 8: use libsecp256k1-style ECDH.
You should probably be using this library anyway, so let's use their
ECDH style.

Closes: #49
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-12-13 10:25:25 +10:30
Christian Decker
669babb843 bolt04: Added reference to RFC 2104
FIPS 198 is based on RFC 2104, but further restricts the hashing
functions to the SHA-family, so this is a bit redundant, but my hope
is to avoid confusion about whether there is a difference.

Thanks @rustyrussell for pointing this one out.
2016-12-12 09:54:13 +10:30
Christopher Jämthagen
d076039df2 Use "Bitcoin" with capital "B" where it is appropriate
pseudo random -> pseudo-random
onchain -> on-chain
2016-12-09 10:50:19 +01:00
Christopher Jämthagen
6750398c97 Some spelling and language fixes in BOLTs 3,4,5 2016-12-07 10:04:57 +01:00
Rusty Russell
193bbef972 Add CC-BY.
Closes: #2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2016-11-23 06:22:59 +10:30