š
Original date posted:2018-11-05
š Original message:
Good morning Rusty,
On Monday, November 5, 2018 8:26 AM, Rusty Russell <rusty at rustcorp.com.au> wrote:
> CJP cjp at ultimatestunts.nl writes:
>
> > > Looking through BOLT 4, the text assumes inherently that source
> > > routing is done, and even has a shared secret between hop and
> > > source. However, it may be possible in rendezvous routing to simply
> > > provide the blinding key (while hiding everything beyond the first
> > > hop on the destination half of the route).
> >
> > Sounds like it makes sense; I need to look into it.
>
> Here's my attempt to design a "merchant forward" service using stuff we
> have today.
>
> Alice wants to remain anonymous, even from the lightning network. Bob's
> node offers a forwarding service. Alice pays Bob (base + percentage?),
> gives a path Bob->Alice, and Bob gives Alice a short-channel-id
> (BobAliceSCID) and privkey to use (BobAliceSecretKey). Anything sent
> from Bob to this short channel id and pubkey is in fact forwarded via a
> new HTLC to Alice.
>
> Alice identity BobAliceKey to create an invoice, with a route-hint to
> say pubkey=Bob, short_channel_id=BobAliceSCID. Alice can sign
> that invoice, and Bob can decode the incoming payment, from which it
> creates a new HTLC to pay Alice. The payer doesn't even know this
> arrangement exists: it looks exactly like Alice has a private channel
> with Bob.
>
> The minor downside: because we conflate invoice keys (Alice needs) and
> onion keys (Bob needs), Bob can now issue invoices as Alice. It's not
> very useful, since Alice won't honor them, but it is an argument for
> a separate invoice key in future.
>
I believe it is not the intent of rendezvous routing; for the goal "the payee can remain anonymous without being linked to a particular pseudonymous LN node," it occurs to me that Bob knows about Alice and in particular knows that any route going through BobAliceSCID will always go to Alice, which to me defeats the point.
My understanding is simply that Alice will provide a route from some other node, say, Randy the random node, to Alice, as an encrypted onion. Then the payer can simply concatenate the destination onion with the source route to Randy. Alice would use the same public map generated from node gossip to generate the destination-half of the onion from Randy to Alice.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5ā¦3ms3l
2023-06-09 12:52:08
in reply to nevent1qā¦a79w
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 12:52:08Event JSON
{
"id": "1f914643644cd145a8985bc1d3ef46d60855ca9e6f1ff36e1da8ba4c3a5c807a",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315128,
"kind": 1,
"tags": [
[
"e",
"592517461d2388cb6daa0eaf59e03e4207dbca848edb9b0b5038bad8ed99bd4e",
"",
"root"
],
[
"e",
"7ab5570379b824ac9686162dcfc87d3af2aafdcad45085ce5c3a6de416f852f8",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "š
Original date posted:2018-11-05\nš Original message:\nGood morning Rusty,\n\nOn Monday, November 5, 2018 8:26 AM, Rusty Russell \u003crusty at rustcorp.com.au\u003e wrote:\n\n\u003e CJP cjp at ultimatestunts.nl writes:\n\u003e\n\u003e \u003e \u003e Looking through BOLT 4, the text assumes inherently that source\n\u003e \u003e \u003e routing is done, and even has a shared secret between hop and\n\u003e \u003e \u003e source. However, it may be possible in rendezvous routing to simply\n\u003e \u003e \u003e provide the blinding key (while hiding everything beyond the first\n\u003e \u003e \u003e hop on the destination half of the route).\n\u003e \u003e\n\u003e \u003e Sounds like it makes sense; I need to look into it.\n\u003e\n\u003e Here's my attempt to design a \"merchant forward\" service using stuff we\n\u003e have today.\n\u003e\n\u003e Alice wants to remain anonymous, even from the lightning network. Bob's\n\u003e node offers a forwarding service. Alice pays Bob (base + percentage?),\n\u003e gives a path Bob-\u003eAlice, and Bob gives Alice a short-channel-id\n\u003e (BobAliceSCID) and privkey to use (BobAliceSecretKey). Anything sent\n\u003e from Bob to this short channel id and pubkey is in fact forwarded via a\n\u003e new HTLC to Alice.\n\u003e\n\u003e Alice identity BobAliceKey to create an invoice, with a route-hint to\n\u003e say pubkey=Bob, short_channel_id=BobAliceSCID. Alice can sign\n\u003e that invoice, and Bob can decode the incoming payment, from which it\n\u003e creates a new HTLC to pay Alice. The payer doesn't even know this\n\u003e arrangement exists: it looks exactly like Alice has a private channel\n\u003e with Bob.\n\u003e\n\u003e The minor downside: because we conflate invoice keys (Alice needs) and\n\u003e onion keys (Bob needs), Bob can now issue invoices as Alice. It's not\n\u003e very useful, since Alice won't honor them, but it is an argument for\n\u003e a separate invoice key in future.\n\u003e\n\nI believe it is not the intent of rendezvous routing; for the goal \"the payee can remain anonymous without being linked to a particular pseudonymous LN node,\" it occurs to me that Bob knows about Alice and in particular knows that any route going through BobAliceSCID will always go to Alice, which to me defeats the point.\n\nMy understanding is simply that Alice will provide a route from some other node, say, Randy the random node, to Alice, as an encrypted onion. Then the payer can simply concatenate the destination onion with the source route to Randy. Alice would use the same public map generated from node gossip to generate the destination-half of the onion from Randy to Alice.\n\nRegards,\nZmnSCPxj",
"sig": "522ef882697751f4d372abe21984c7e7680177377180149e6eaec2a916a63119d3cb9b546100f996f84b00e89510d86de7a30e7f143d61c4ab5940aa69c3cade"
}