Skip to content

Order blinded paths by reliability criteria #2912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 7, 2024
Merged

Order blinded paths by reliability criteria #2912

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5e9a998
Prefer well-connected nodes for introduction nodes
jkczyz Feb 28, 2024
e105833
Prefer one-hop blinded path to Tor intro nodes
jkczyz Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 66 additions & 1 deletion lightning/src/ln/offers_tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ fn prefers_non_tor_nodes_in_blinded_paths() {
disconnect_peers(david, &[bob, &nodes[4], &nodes[5]]);

let tor = SocketAddress::OnionV2([255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 38, 7]);
announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor);
announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor.clone());
Copy link

@coderabbitai coderabbitai bot Feb 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of tor.clone() in announce_node_address is unnecessary since SocketAddress::OnionV2 implements the Copy trait. This means the tor variable can be passed directly without cloning, which would be more efficient.

- announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor.clone());
+ announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor);
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change
announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor.clone());
announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you point me to lines of code where it implements the Copy trait?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jkczyz, the output from the search does not directly show the Copy trait implementation for the SocketAddress enum. The snippet provided includes the definition of SocketAddress but does not include any derive attributes that might indicate the implementation of the Copy trait. It's possible that the relevant part of the code was not included in the output snippet. Without direct evidence from the provided output, I cannot confirm the Copy trait implementation for SocketAddress::OnionV2. My previous statement regarding the unnecessary use of .clone() may have been incorrect without this confirmation.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for the definition of `SocketAddress` and check if it implements the `Copy` trait.
rg "enum SocketAddress" -A 10

Length of output: 1118


let offer = bob.node
.create_offer_builder("coffee".to_string()).unwrap()
Expand All @@ -259,8 +259,73 @@ fn prefers_non_tor_nodes_in_blinded_paths() {
assert_ne!(offer.signing_pubkey(), bob_id);
assert!(!offer.paths().is_empty());
for path in offer.paths() {
assert_ne!(path.introduction_node_id, bob_id);
assert_ne!(path.introduction_node_id, charlie_id);
}

// Use a one-hop blinded path when Bob is announced and all his peers are Tor-only.
announce_node_address(&nodes[4], &[alice, bob, charlie, david, &nodes[5]], tor.clone());
announce_node_address(&nodes[5], &[alice, bob, charlie, david, &nodes[4]], tor.clone());

let offer = bob.node
.create_offer_builder("coffee".to_string()).unwrap()
.amount_msats(10_000_000)
.build().unwrap();
assert_ne!(offer.signing_pubkey(), bob_id);
assert!(!offer.paths().is_empty());
for path in offer.paths() {
assert_eq!(path.introduction_node_id, bob_id);
}
}

/// Checks that blinded paths prefer an introduction node that is the most connected.
#[test]
fn prefers_more_connected_nodes_in_blinded_paths() {
let mut accept_forward_cfg = test_default_channel_config();
accept_forward_cfg.accept_forwards_to_priv_channels = true;

let mut features = channelmanager::provided_init_features(&accept_forward_cfg);
features.set_onion_messages_optional();
features.set_route_blinding_optional();

let chanmon_cfgs = create_chanmon_cfgs(6);
let node_cfgs = create_node_cfgs(6, &chanmon_cfgs);

*node_cfgs[1].override_init_features.borrow_mut() = Some(features);

let node_chanmgrs = create_node_chanmgrs(
6, &node_cfgs, &[None, Some(accept_forward_cfg), None, None, None, None]
);
let nodes = create_network(6, &node_cfgs, &node_chanmgrs);

create_unannounced_chan_between_nodes_with_value(&nodes, 0, 1, 10_000_000, 1_000_000_000);
create_unannounced_chan_between_nodes_with_value(&nodes, 2, 3, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 1, 4, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 1, 5, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 2, 4, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 2, 5, 10_000_000, 1_000_000_000);

// Add extra channels so that more than one of Bob's peers have MIN_PEER_CHANNELS and one has
// more than the others.
create_announced_chan_between_nodes_with_value(&nodes, 0, 4, 10_000_000, 1_000_000_000);
create_announced_chan_between_nodes_with_value(&nodes, 3, 4, 10_000_000, 1_000_000_000);

let (alice, bob, charlie, david) = (&nodes[0], &nodes[1], &nodes[2], &nodes[3]);
let bob_id = bob.node.get_our_node_id();

disconnect_peers(alice, &[charlie, david, &nodes[4], &nodes[5]]);
disconnect_peers(david, &[bob, &nodes[4], &nodes[5]]);

let offer = bob.node
.create_offer_builder("coffee".to_string()).unwrap()
.amount_msats(10_000_000)
.build().unwrap();
assert_ne!(offer.signing_pubkey(), bob_id);
assert!(!offer.paths().is_empty());
for path in offer.paths() {
assert_eq!(path.introduction_node_id, nodes[4].node.get_our_node_id());
}
}

/// Checks that an offer can be paid through blinded paths and that ephemeral pubkeys are used
Expand Down
17 changes: 13 additions & 4 deletions lightning/src/onion_message/messenger.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,27 +358,36 @@ where
const MIN_PEER_CHANNELS: usize = 3;

let network_graph = self.network_graph.deref().read_only();
let is_recipient_announced =
network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient));

let mut peer_info = peers.iter()
// Limit to peers with announced channels
.filter_map(|pubkey|
network_graph
.node(&NodeId::from_pubkey(pubkey))
.filter(|info| info.channels.len() >= MIN_PEER_CHANNELS)
.map(|info| (*pubkey, info.is_tor_only()))
.map(|info| (*pubkey, info.is_tor_only(), info.channels.len()))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think choosing the right introduction points in order to optimize for a specific metric such as reliability is very related to finding optimal autopilot/attachment strategies. Using the node degree as a proxy metric for reliability seems like a solid first step, especially if we're talking about payment reliability.

A few more thoughts though: Further down the road we could also entertain a few other metrics that could make sense, for example optimizing for betweenness centrality or choosing introduction points according to k-Center optimization. (Some of our simulation results in this paper might be of interest here, see for example Fig. 1). Also, we could account for node uptime (regularity of node announcements?) or latency metrics, that might become available as part of the attributable errors proposal?

Doing anything more than just scoring by node degree might of course require us to pre-calculate and store more per-node metrics, so would probably only make sense if we'd ever come around to introduce a node score, possibly as part of #63?

)
// Exclude Tor-only nodes when the recipient is announced.
.filter(|(_, is_tor_only, _)| !(*is_tor_only && is_recipient_announced))
.collect::<Vec<_>>();
peer_info.sort_unstable_by(|(_, a_tor_only), (_, b_tor_only)| a_tor_only.cmp(b_tor_only));

// Prefer using non-Tor nodes with the most channels as the introduction node.
peer_info.sort_unstable_by(|(_, a_tor_only, a_channels), (_, b_tor_only, b_channels)| {
a_tor_only.cmp(b_tor_only).then(a_channels.cmp(b_channels).reverse())
});

let paths = peer_info.into_iter()
.map(|(pubkey, _)| vec![pubkey, recipient])
.map(|(pubkey, _, _)| vec![pubkey, recipient])
.map(|node_pks| BlindedPath::new_for_message(&node_pks, &*self.entropy_source, secp_ctx))
.take(MAX_PATHS)
.collect::<Result<Vec<_>, _>>();

match paths {
Ok(paths) if !paths.is_empty() => Ok(paths),
_ => {
if network_graph.nodes().contains_key(&NodeId::from_pubkey(&recipient)) {
if is_recipient_announced {
Comment on lines +382 to +390
Copy link

@coderabbitai coderabbitai bot Feb 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

The verification process did not find evidence of tests covering the scenario where no paths are found despite the recipient being announced, supporting the suggestion to add targeted tests for the fallback logic to one-hop paths. It's important to ensure comprehensive test coverage for this specific case to maintain robustness in error handling and fallback mechanisms.

Analysis chain

The logic to map peers to BlindedPath and take only up to MAX_PATHS paths is correctly implemented. However, it's important to ensure that the error handling when no paths are found (especially when the recipient is announced) is thoroughly tested to avoid scenarios where a one-hop path could have been used but wasn't due to an oversight.

Scripts Executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# It's recommended to add tests specifically covering the scenario where no paths are found
# despite the recipient being announced, ensuring the fallback to a one-hop path works as expected.
echo "Suggest adding targeted tests for the fallback logic to one-hop paths."

Length of output: 150

Script:

#!/bin/bash
# First, find test files related to onion_message or messenger functionality
fd 'test' --type f | grep -E 'onion_message|messenger|BlindedPath'

# If relevant test files are found, search within those files for tests covering the specific scenario
# Note: The actual search within files will be planned based on the output of the first command

Length of output: 114

Script:

#!/bin/bash
# Search within the identified test file for mentions of the scenario of interest
rg -i 'no paths found|recipient announced|one-hop path|MAX_PATHS' lightning/src/onion_message/functional_tests.rs

Length of output: 115

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that scenario covered in creates_and_pays_for_offer_using_one_hop_blinded_path?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the information available and the results of the script execution, I couldn't find a test named creates_and_pays_for_offer_using_one_hop_blinded_path within the lightning/src/onion_message/ directory. It's possible that the test might not exist under that exact name, or it could be located in a different part of the codebase. If you have more details about the test's location or its exact name, that could help in locating it.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for the test `creates_and_pays_for_offer_using_one_hop_blinded_path` within the codebase.
rg 'fn creates_and_pays_for_offer_using_one_hop_blinded_path' lightning/src/onion_message/

Length of output: 92

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is located in file lightning/src/ln/offers_tests.rs.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jkczyz: The test creates_and_pays_for_offer_using_one_hop_blinded_path in lightning/src/ln/offers_tests.rs indeed covers the scenario of using a one-hop blinded path for offer payment. It verifies that an offer can be paid through such a path and checks the use of ephemeral public keys instead of exposing the node's public key, with the node's public key still being used as the introduction node of the blinded path. This test ensures that the functionality for creating and paying for offers using a one-hop blinded path is working as expected.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Extract the content of the test function from the specified file.
rg --context 50 'fn creates_and_pays_for_offer_using_one_hop_blinded_path' lightning/src/ln/offers_tests.rs

Length of output: 4238

BlindedPath::one_hop_for_message(recipient, &*self.entropy_source, secp_ctx)
.map(|path| vec![path])
} else {
Expand Down