-
Notifications
You must be signed in to change notification settings - Fork 490
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BOLT-04: modify Sphinx packet construction to use starting random bytes
In this commit, we modify the existing instructions to create the Sphinx packet to no longer start out with a zero initialize set of 1366 bytes. Instead, we now instruct the sender to use _random_ bytes derived from a CSPRG. This fixes a recently discovered privacy leak that allows an adversarial exit hop to ascertain a lower bound on the true path length. Note that this doesn't affect packet processing, so this is a backwards compatible change. Only clients need to update in order to avoid this privacy leak. After this change is applied, the test vectors as is don't match the spec, as they're created using the original all zero starting bytes. We can either update these with our specified set of random bytes, or leave them as is, as they're fully deterministic as is. An alternative path would be to generate more random bytes from the shared secret as we do elsewhere (the chacha based CSPRNG).
- Loading branch information
Showing
4 changed files
with
30 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -374,3 +374,4 @@ snprintf | |
GitHub | ||
IRC | ||
bitmasks | ||
CSPRNG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters