Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BOLT04: Add rationale for constant error decryption. #1154

Merged
merged 2 commits into from
Jul 2, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion 04-onion-routing.md
Original file line number Diff line number Diff line change
Expand Up @@ -1057,9 +1057,17 @@ The _erring node_:
The _origin node_:
- once the return message has been decrypted:
- SHOULD store a copy of the message.
- SHOULD continue decrypting, until the loop has been repeated 20 times.
- SHOULD continue decrypting, until the loop has been repeated 27 times
(maximum route length of tlv payload type).
- SHOULD use constant `ammag` and `um` keys to obfuscate the route length.

### Rationale

The requirements for the _origin node_ should help hide the payment sender.
By continuing decrypting 27 times (dummy decryption cycles after the error is found)
the erroring node cannot learn its relative position in the route by performing
a timing analysis if the sender were to retry the same route multiple times.

## Failure Messages

The failure message encapsulated in `failuremsg` has an identical format as
Expand Down