📅 Original date posted:2015-10-06
📝 Original message:
On Tue, Oct 06, 2015 at 12:19:14PM +1030, Rusty Russell wrote:
> Anthony Towns <aj at erisian.com.au> writes:
> >> https://github.com/ElementsProject/lightning/pull/8
> > (This is updated correspondingly)
> Thanks, merged.
Nifty.
> I reworked test_onion and Makefile test to separate generate and
> decode;
> we should mix in the python version there too.
In onion_key.c, I don't see why you're using flip_key() -- that's only
needed for the single use onion-msg-keys, aiui?
On Tue, Oct 06, 2015 at 12:18:11PM +1030, Rusty Russell wrote:
> Anthony Towns <aj at erisian.com.au> writes:
> > - AES128 just uses the first half of the calculated enckey, iv and
> > pad_iv
> True.
> > - since libsecp256k1 already sha256s the ecdh secret; the hmac/enckey/etc
> > end up being sha256'ed twice (with a byte added in between). confused
> > me for a minute.
> I didn't notice that. Perhaps this is somewhere we should optimize?
You could save a sha call by using both halves of a sha for iv and pad_iv,
rather than two separate sha's. Otherwise don't see anything obvious to
do? I assume the ECDH step dominates as far as performance goes anyway?
> PS. Message size of 128 bytes is completely made up, as is 20 hops. We
> might want to reduce to 96 or 64 bytes.
I figured 20=floor(4096/192) which made sense to me. AFAICS the message
*needs* to include fee info and the forwarding address; so that's 4B and
20B-32B respectively (you could use the hash160 here and assume the
forwarding node can figure it out).
But maybe some nodes want to do clever things, like allow you to tell it
to deliberately delay forwarding for an hour or two, or deduct (different)
fees from multiple HTLC's simultaneously. But I guess 64B is probably
plenty for that?
Other thing is if you want to redirect an onion routed payment (which we
talked about as a possibility originally, as compared to only allowing
source-based routing). ie, a HTLC is sent from A to B->C->D->E, but
C actually needs to send it to D via X->Y->Z->D rather than doing it
directly. AFAICS, in that case you need to add and drop hops, ie:
A->B: - - - - - - - E D C B
B->C: b - - - - - - - E D C
C->X: c b - - - - - - - E D Z Y X
X->Y: x c b - - - - - - - E D Z Y
Y->Z: y x c b - - - - - - - E D Z
Z->D: c b - - - - - - - E D
D->E: d c b - - - - - - - E
ie, Z needs to be able to be told "don't add padding, in fact, drop two
blocks worth of padding before forwarding". That presumably just needs a
byte or two of data; but it completely messes up the constant-size
packets. :-/
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-09 12:44:44
in reply to nevent1q…trrz
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:44:44Event JSON
{
"id": "56202e47d41f3fa9c0d20abeb1f0e5fe0bc8058035c8fba22fda120cccb2d0d9",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686314684,
"kind": 1,
"tags": [
[
"e",
"8068f367a334368b30aff76cd525cce9c5bc6d9781f504af87639b9a503f0531",
"",
"root"
],
[
"e",
"d7af8370a8cc47f206a372d0054accecd322916ed38a34390dd06c7dfa0a13bc",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "📅 Original date posted:2015-10-06\n📝 Original message:\nOn Tue, Oct 06, 2015 at 12:19:14PM +1030, Rusty Russell wrote:\n\u003e Anthony Towns \u003caj at erisian.com.au\u003e writes:\n\u003e \u003e\u003e https://github.com/ElementsProject/lightning/pull/8\n\u003e \u003e (This is updated correspondingly)\n\u003e Thanks, merged.\n\nNifty.\n\n\u003e I reworked test_onion and Makefile test to separate generate and\n\u003e decode;\n\u003e we should mix in the python version there too.\n\nIn onion_key.c, I don't see why you're using flip_key() -- that's only \nneeded for the single use onion-msg-keys, aiui?\n\nOn Tue, Oct 06, 2015 at 12:18:11PM +1030, Rusty Russell wrote:\n\u003e Anthony Towns \u003caj at erisian.com.au\u003e writes:\n\u003e \u003e - AES128 just uses the first half of the calculated enckey, iv and\n\u003e \u003e pad_iv\n\u003e True.\n\n\u003e \u003e - since libsecp256k1 already sha256s the ecdh secret; the hmac/enckey/etc\n\u003e \u003e end up being sha256'ed twice (with a byte added in between). confused\n\u003e \u003e me for a minute.\n\u003e I didn't notice that. Perhaps this is somewhere we should optimize?\n\nYou could save a sha call by using both halves of a sha for iv and pad_iv,\nrather than two separate sha's. Otherwise don't see anything obvious to\ndo? I assume the ECDH step dominates as far as performance goes anyway?\n\n\u003e PS. Message size of 128 bytes is completely made up, as is 20 hops. We\n\u003e might want to reduce to 96 or 64 bytes.\n\nI figured 20=floor(4096/192) which made sense to me. AFAICS the message\n*needs* to include fee info and the forwarding address; so that's 4B and\n20B-32B respectively (you could use the hash160 here and assume the\nforwarding node can figure it out).\n\nBut maybe some nodes want to do clever things, like allow you to tell it\nto deliberately delay forwarding for an hour or two, or deduct (different)\nfees from multiple HTLC's simultaneously. But I guess 64B is probably\nplenty for that?\n\nOther thing is if you want to redirect an onion routed payment (which we\ntalked about as a possibility originally, as compared to only allowing\nsource-based routing). ie, a HTLC is sent from A to B-\u003eC-\u003eD-\u003eE, but\nC actually needs to send it to D via X-\u003eY-\u003eZ-\u003eD rather than doing it\ndirectly. AFAICS, in that case you need to add and drop hops, ie:\n\n A-\u003eB: - - - - - - - E D C B\n B-\u003eC: b - - - - - - - E D C\n C-\u003eX: c b - - - - - - - E D Z Y X\n X-\u003eY: x c b - - - - - - - E D Z Y\n Y-\u003eZ: y x c b - - - - - - - E D Z\n Z-\u003eD: c b - - - - - - - E D\n D-\u003eE: d c b - - - - - - - E\n\nie, Z needs to be able to be told \"don't add padding, in fact, drop two\nblocks worth of padding before forwarding\". That presumably just needs a\nbyte or two of data; but it completely messes up the constant-size\npackets. :-/\n\nCheers,\naj",
"sig": "93812d192c052ae16b28aafdf2f1fd582e0365102bb251e2e72c894e57821327c4107171537642e46b78a0d73d28b4b2b660ded63415b1c7d73289e3a2f1ecf5"
}