Correct final_cltv handling in blinded paths #1066
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -254,14 +254,17 @@ The creator of `encrypted_recipient_data` (usually, the recipient of payment): | |
| - `total_fee_proportional_millionths(n+1) = ((total_fee_proportional_millionths(n) + fee_proportional_millionths(n+1)) * 1000000 + total_fee_proportional_millionths(n) * fee_proportional_millionths(n+1) + 1000000 - 1) / 1000000` | ||
| - MUST create the `encrypted_recipient_data` from the `encrypted_data_tlv` as required in [Route Blinding](#route-blinding). | ||
|
|
||
| The writer of the TLV `payload`: | ||
|
|
||
| - For every node inside a blinded route: | ||
| - MUST include the `encrypted_recipient_data` provided by the recipient | ||
| - For the first node in the blinded route: | ||
| - MUST include the `blinding_point` provided by the recipient in `current_blinding_point` | ||
| - If it is the final node: | ||
| - MUST include `amt_to_forward`, `outgoing_cltv_value` and `total_amount_msat`. | ||
| - `outgoing_cltv_value` MUST be set to any additional CLTV delta which was added in addition | ||
| to the required amount for the full blinded path for privacy. This may be zero. This MUST | ||
| NOT include any additional amount added to compensate for a block during payment relay. | ||
|
Comment on lines
+265
to
+267
There was a problem hiding this comment. While I understand what you mean because that's very close to what we implemented in eclair, I find this really hard to read, especially for new readers trying to understand blinded payments without a lot of implementation context. What about detailing more explicitly every step of the construction of Why don't you want the sender to include an additional amount to compensate for a block found during payment relay? I don't see a good reason to prevent that, senders should be free to do so if they want to (especially since adding a random value to protect the sender privacy actually is also a way to compensate for blocks found during payment relay)? Also, I think that what may be missing and is confusing for implementers is that recipients should include their There was a problem hiding this comment.
A few questions - I'd understood previously that this deliberately did not include the current block height, only the offset - the sender doesn't actually know what the block height should be, and if we're treating it like every other hop in the blinded path the CLTV value is just a delta against the blinded path. Further, there's a question here of who should add the blinding, should it be the recipient when creating the blinded path (IIRC this is mentioned somewhere else), in which case we really SHOULD NOT add a random number (and maybe we remove this entirely, but that breaks compat), or should it be the sender?
Because that would lead to unnecessary failures - a recipient node needs to treat the received HTLC as if the CLTV delta the HTLC has was reduced by the amount communicated by the sender. If we include the, eg, one block buffer then a block being found while the HTLC is in transit will spuriously fail. There was a problem hiding this comment. Sorry for coming back late on this, I created the following gist to detail through examples how the spec currently expects nodes to behave: https://gist.github.com/t-bast/b1371d357a2c5f3e8c09514a62db7079 Eclair was not correctly implementing one of the final checks, which I'm fixing in ACINQ/eclair#2678 I think this works, but this is quite subtle, please don't trust me on this and challenge it as much as possible! There was a problem hiding this comment.
@t-bast Just took another look at this doc because we ran into some CLTV expiry issues. It may seem obvious, but FYI I think the spec is missing that the receiver needs to include their There was a problem hiding this comment. Yes, that's correct! I'll prepare a PR to add this to the example in |
||
| - MUST NOT include any other tlv field. | ||
| - For every node outside of a blinded route: | ||
| - MUST include `amt_to_forward` and `outgoing_cltv_value`. | ||
|
|
@@ -310,7 +313,7 @@ The reader: | |
| - MUST return an error if the payload contains other tlv fields than `encrypted_recipient_data`, `current_blinding_point`, `amt_to_forward`, `outgoing_cltv_value` and `total_amount_msat`. | ||
| - MUST return an error if `amt_to_forward`, `outgoing_cltv_value` or `total_amount_msat` are not present. | ||
| - MUST return an error if `amt_to_forward` is below what it expects for the payment. | ||
| - MUST return an error if incoming `cltv_expiry` < `outgoing_cltv_value` + `min_final_cltv_expiry_delta`. | ||
| - MUST return an error if incoming `cltv_expiry` < `current_block_height` + `min_final_cltv_expiry_delta`. | ||
| - Otherwise (it is not part of a blinded route): | ||
| - MUST return an error if `blinding_point` is set in the incoming `update_add_htlc` or `current_blinding_point` is present. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we clarify that
outgoing_cltv_valuewill still be absolute? It sounds like it's set to a delta right nowThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh? I understood that it should be a delta? I'm not really sure how it could be an absolute block height given we don't actually know what the block height is at the recipient node?