Author: Corné Plooy 2018-12-04 10:47:59
Published on: 2018-12-04T10:47:59+00:00
One possible solution to stop attacks on onion messages is to include a shared secret in the message to the final node. However, it might be easier to switch to path decorrelation and points+privkeys instead of hashes+preimages. Path decorrelation involves giving each hop a random point to be added to the next SS "HTLC". The final node needs to be given the total of the scalars of each hop random point along the route, most likely within the last hop of the onion. This method prevents an intermediate node from guessing the total scalar or invoice hash/invoice point. While this solution may stop an attacker from testing 2nd-degree, 3rd-degree neighbors, it does not prevent the attacker from learning the point used in the direct neighbor hop. Thus, the attacker can still test whether the next node is the final hop.
Updated on: 2023-06-02T15:21:25.512130+00:00