Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sphinx: pad out the starting packet with random bytes #40

Open
wants to merge 1 commit into
base: master
from

Conversation

@Roasbeef
Copy link
Member

Roasbeef commented Nov 6, 2019

By padding out the starting packet with random bytes rather than leaving
the zeroes in tact, we patch a privacy leak that may reveal a lower
bound on the true route length to an adversarial exit node.

In order to reconcile this with our existing set of test vectors, we've
introduced a new abstraction that allows the caller to specify how they
want the starting bytes of the packet to be filled out. By default, all
callers will use the randPacketFiller, but may also pass in the
blankPacketFiller, if they packet construction to be deterministic.

Fixes #42.

sphinx.go Outdated Show resolved Hide resolved
sphinx.go Show resolved Hide resolved
@Roasbeef

This comment has been minimized.

Copy link
Member Author

Roasbeef commented Nov 22, 2019

Latest push should now pass the build. We now require the caller specify a packet filler. In lnd and everywhere else, the randomPacketFiller should be used. For our test vectors, we're able to pass in a blankPacketFiller which doesn't actually do anything a (noop).

@Roasbeef Roasbeef force-pushed the Roasbeef:random-starting-bytes branch from 088b62e to 99a747b Nov 22, 2019
By padding out the starting packet with random bytes rather than leaving
the zeroes in tact, we patch a privacy leak that may reveal a lower
bound on the true route length to an adversarial exit node.

In order to reconcile this with our existing set of test vectors, we've
introduced a new abstraction that allows the caller to specify how they
want the starting bytes of the packet to be filled out. By default, all
callers will use the `randPacketFiller`, but may also pass in the
`blankPacketFiller`, if they packet construction to be deterministic.
@Roasbeef Roasbeef force-pushed the Roasbeef:random-starting-bytes branch from 99a747b to f5986e4 Nov 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.