Author: ZmnSCPxj 2018-12-04 10:38:58
Published on: 2018-12-04T10:38:58+00:00
In a conversation with CJP, ZmnSCPxj suggested including a shared secret in onion messages to prevent attacks. However, ZmnSCPxj believes this could be achieved easily by switching to path decorrelation and using points+privkeys instead of hashes+preimages. Path decorrelation involves giving each hop a random point to be added to the next SS "HTLC". The final node needs to be given the total of the scalars of each hop random point along the route, most likely within the last hop of the onion. This way, intermediate nodes along the way cannot guess the shared secret and the final node will give the same error message, i.e. "invoice point not found" for both incorrect scalar totals and "invoice hash"/invoice point errors.
Updated on: 2023-06-02T15:21:02.890456+00:00