Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
BOLT2, BOLT3: reduce attack surface #243
add specific htlc payment keys, let node specify their final scriptpubkey in open/accept
The goal of this PR is to reduce the attack surface for LN nodes by minimizing
This PR does not address attacks where the attacker is the remote party and
It also does not prevent attacks where the attacker sends HTLCs to
In more details:
Letting nodes specify their final scriptpubkey in their open/accept
Having separate keys for pending HTLCs means that nodes don't
2 times, most recently
Sep 18, 2017
requested review from
and removed request for
Oct 2, 2017
changed the title
add specific htlc payement keys, let node specify their final scriptp…
Oct 13, 2017
rustyrussell left a comment
The final_scriptpubkey change is quite useful, but is trivial to append as an optional field: if you understand it and it's not zero length, you fail the channel if the shutdown message doesn't match. We should probably still assign a feature bit so you can later insist that a peer support it.
The htlc_payment_basepoint is much more essential. It could be done as an option (needs an option bit though, since you need to know if the other end will use it), in which case it's a little neater to rename payment_basepoint to htlc_payment_basepoint, and the optional basepoint is the payment_basepoint (== htlc_payment_basepoint if not set).
I am deeply reluctant to break freeze (again!) for this, but it is both important and easy. Let's discuss on call.