Skip to content

Default to padding blinded paths #4213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Default to padding blinded paths #4213

wants to merge 3 commits into from

Conversation

@TheBlueMatt
Copy link
Collaborator

@TheBlueMatt TheBlueMatt commented Nov 10, 2025 

After much discussion in #3246 we mostly decided to allow
downstream developers to override whatever decisions the
`DefaultMessageRouter` makes regarding blinded path selection by
providing easy overrides for the selected `OnionMessageRouter`. We
did not, however, actually select good defaults for
`DefaultMessageRouter`.

Here we add those defaults, taking advantage of the
`MessageContext` we're given to detect why we're building a blinded
path and selecting blinding and compaction parameters based on it.

Specifically, if the blinded path is not being built for an offers
context, we always use a non-compact blinded path and always pad it
to four hops (including the recipient).

However, if the blinded path is being built for an `Offers` context
which implies it might need to fit in a QR code (or, worse, a
payment onion), we reduce our padding and try to build a compact
blinded path if possible.

We retain the `NodeIdMessageRouter` to disable compact blinded path
creation but use the same path-padding heuristic as for
`DefaultMessageRouter`.

@TheBlueMatt
Split OffersContext::OutboundPayment into InRefund/InInvReq
b60ba66 
Because they end up both being used to validate a `Bolt12Invoice`,
we ended up with a single `OffersContext` both for inclusion in a
`Refund` and an `InvoiceRequest`. However, this is ambiguous, and
while it doesn't seem like an issue, it also seems like a nice
property to only use a given `OffersContext` in one place.

Further, in the next commit, we use `OffersContext` to figure out
what we're building a blinded path for and changing behavior based
on it, so its nice to be unambiguous.

Thus, we split the single existing context into
`OutboundPaymentInRefund` and `OutboundPaymentInInvReq`.
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Nov 10, 2025
edited
Loading

I've assigned @valentinewallace as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@TheBlueMatt
Make DefaultMessageRouter use the context to pad/compact paths
94c7f9e 
After much discussion in lightningdevkit#3246 we mostly decided to allow
downstream developers to override whatever decisions the
`DefaultMessageRouter` makes regarding blinded path selection by
providing easy overrides for the selected `OnionMessageRouter`. We
did not, however, actually select good defaults for
`DefaultMessageRouter`.

Here we add those defaults, taking advantage of the
`MessageContext` we're given to detect why we're building a blinded
path and selecting blinding and compaction parameters based on it.

Specifically, if the blinded path is not being built for an offers
context, we always use a non-compact blinded path and always pad it
to four hops (including the recipient).

However, if the blinded path is being built for an `Offers` context
which implies it might need to fit in a QR code (or, worse, a
payment onion), we reduce our padding and try to build a compact
blinded path if possible.

We retain the `NodeIdMessageRouter` to disable compact blinded path
creation but use the same path-padding heuristic as for
`DefaultMessageRouter`.
@TheBlueMatt
Always pad BlindedMessagePath hop data to a consistent length
c7d1621 
If we're building a blinded message path with extra dummy hops, we
have to ensure we at least hide the length of the data in pre-final
hops as otherwise the dummy hops are trivially obvious. Here we do
so, taking an extra `bool` parameter to `BlindedMessagePath`
constructors to decide whether to pad every hop to the existing
`MESSAGE_PADDING_ROUND_OFF` or whether to only ensure that each
non-final hop has an identical hop data length.

In cases where the `DefaultMessageRouter` opts to use compact
paths, it now also selects compact padding, whether short channel
IDs are available or not.
@TheBlueMatt TheBlueMatt force-pushed the 2025-10-pad-use-non-compact-bps branch from 65206f0 to c7d1621 Compare November 10, 2025 15:51
@codecov
Copy link

codecov bot commented Nov 10, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 96.05911% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.34%. Comparing base (e42e74e) to head (c7d1621).

Files with missing lines Patch % Lines
lightning/src/offers/flow.rs 83.33% 2 Missing ⚠️
lightning/src/offers/invoice.rs 87.50% 2 Missing ⚠️
lightning-dns-resolver/src/lib.rs 0.00% 1 Missing ⚠️
lightning/src/blinded_path/message.rs 97.50% 1 Missing ⚠️
lightning/src/ln/channelmanager.rs 75.00% 0 Missing and 1 partial ⚠️
lightning/src/ln/offers_tests.rs 96.77% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4213      +/-   ##
==========================================
+ Coverage   89.33%   89.34%   +0.01%     
==========================================
  Files         180      180              
  Lines      138055   138086      +31     
  Branches   138055   138086      +31     
==========================================
+ Hits       123326   123368      +42     
+ Misses      12122    12116       -6     
+ Partials     2607     2602       -5
Flag Coverage Δ
fuzzing 33.55% <0.00%> (-0.03%) ⬇️
tests 88.73% <96.05%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentinewallace valentinewallace Awaiting requested review from valentinewallace

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheBlueMatt @ldk-reviews-bot