You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: 11-payment-encoding.md
+52-15Lines changed: 52 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -129,6 +129,7 @@ Each Tagged Field is of the form:
129
129
Currently defined tagged fields are:
130
130
131
131
*`p` (1): `data_length` 52. 256-bit SHA256 payment_hash. Preimage of this provides proof of payment.
132
+
*`s` (16): `data_length` 52. This 256-bit secret prevents forwarding nodes from probing the payment recipient.
132
133
*`d` (13): `data_length` variable. Short description of purpose of payment (UTF-8), e.g. '1 cup of coffee' or 'ナンセンス 1杯'
133
134
*`n` (19): `data_length` 53. 33-byte public key of the payee node
134
135
*`h` (23): `data_length` 52. 256-bit description of purpose of payment (SHA256). This is used to commit to an associated description that is over 639 bytes, but the transport mechanism for the description in that case is transport specific and not defined here.
@@ -148,7 +149,7 @@ Currently defined tagged fields are:
148
149
### Requirements
149
150
150
151
A writer:
151
-
- MUST include exactly one `p`field.
152
+
- MUST include exactly one `p`and `s` fields.
152
153
- MUST set `payment_hash` to the SHA2 256-bit hash of the `payment_preimage`
153
154
that will be given in return for payment.
154
155
- MUST include either exactly one `d` or exactly one `h` field.
@@ -191,8 +192,8 @@ A writer:
191
192
- MUST specify the most-preferred field first, followed by less-preferred fields, in order.
192
193
193
194
A reader:
194
-
- MUST skip over unknown fields, OR an `f` field with unknown `version`, OR `p`, `h`, or
195
-
`n` fields that do NOT have `data_length`s of 52, 52, or 53, respectively.
195
+
- MUST skip over unknown fields, OR an `f` field with unknown `version`, OR `p`, `h`, `s`or
196
+
`n` fields that do NOT have `data_length`s of 52, 52, 52 or 53, respectively.
196
197
- if the `9` field contains unknown _odd_ bits that are non-zero:
197
198
- MUST ignore the bit.
198
199
- if the `9` field contains unknown _even_ bits that are non-zero:
@@ -202,6 +203,8 @@ A reader:
202
203
description.
203
204
- if a valid `n` field is provided:
204
205
- MUST use the `n` field to validate the signature instead of performing signature recovery.
206
+
- if there is a valid `s` field:
207
+
- MUST use that as [`payment_secret`](04-onion-routing.md#tlv_payload-payload-format)
205
208
206
209
### Rationale
207
210
@@ -279,6 +282,34 @@ The field is big-endian. The least-significant bit is numbered 0,
279
282
which is _even_, and the next most significant bit is numbered 1,
280
283
which is _odd_.
281
284
285
+
Note that the `payment_secret` feature probing attacks from nodes
286
+
along the path, but only if made compulsory: yet doing so will break
287
+
older clients which do not understand the feature.
288
+
289
+
### Requirements
290
+
291
+
A writer:
292
+
- if `payment_secret` feature is set:
293
+
- MUST include an `s` field.
294
+
- otherwise:
295
+
- MUST NOT include an `s` field.
296
+
- if the `payment_secret` field is required in the onion:
297
+
- MUST set the even feature `payment_secret`.
298
+
- If the final node supports [Basic multi-part payments](04-onion-routing.md#basic-multi-part-payments):
299
+
- MUST set the `basic_mpp` feature.
300
+
- Otherwise:
301
+
- MUST NOT set the `basic_mpp` feature.
302
+
- if it sets either `payment_secret` or `basic_mpp` features:
303
+
- MUST set the `var_onion_optin` feature.
304
+
- MUST set `var_onion_optin` if and only if it supports that feature.
305
+
306
+
A reader:
307
+
- if the `basic_mpp` feature is offered in the invoice:
308
+
- MAY pay using [Basic multi-part payments](04-onion-routing.md#basic-multi-part-payments).
309
+
- otherwise:
310
+
- MUST NOT use [Basic multi-part payments](04-onion-routing.md#basic-multi-part-payments).
311
+
312
+
282
313
# Payer / Payee Interactions
283
314
284
315
These are generally defined by the rest of the Lightning BOLT series,
NB: all the following examples are signed with `priv_key`=`e126f68f7eafcc8b74f54d269fe206be715000f94dac067d1c04a8ca3b2db734`.
352
+
NB: all the following examples are signed with `priv_key`=`e126f68f7eafcc8b74f54d269fe206be715000f94dac067d1c04a8ca3b2db734`. Also, the first 9 examples are legacy: modern invoices have an `s` field.
322
353
323
354
> ### Please make a donation of any amount using payment_hash 0001020304050607080900010203040506070809000102030405060708090102 to me @03e7156ae33b0a208d0744199163177e909e80176e55d97a2f221ede0f934dd9ad
*`6c6e626332306d0b25fe64570d0e496dbd9f8b0d000dbb44824f751380da37c6dba89b14f6f92047d63f576e304021a00008101820283038404800081018202830384048000810182028303840480810243500c318a1e0a628b34025e8c9019ab6d09b64c2b3c66a693d0dc63194b02481931000` hex of data for signing (prefix + data after separator up to the start of the signature)
536
567
*`399a8b167029fda8564fd2e99912236b0b8017e7d17e416ae17307812c92cf42` hex of SHA256 of the preimage
537
568
538
-
> ### Please send $30 for coffee beans to the same peer, which supports features 1 and 9
> ### Please send $30 for coffee beans to the same peer, which supports features 15 and 99, using secret 0x1111111111111111111111111111111111111111111111111111111111111111
0 commit comments