📅 Original date posted:2018-11-29
📝 Original message:
Hi,
Is there a reason why we have HMACs in Sphinx? What could go wrong if we
didn't?
A receiving node doesn't know anyway what the origin node is; I don't
see any attack mode where an attacker wouldn't be able to generate a
valid HMAC.
A receiving node only knows which peer sent it a Sphinx packet;
verification that this peer really sent this Sphinx packet is (I think)
already done on a lower protocol layer.
AFAICS, The only real use case of the HMAC value is the special case of
a 0-valued HMAC, indicating the end of the route. But that's just silly:
it's essentially a boolean, not any kind of cryptographic verification.
CJP
Corné Plooy [ARCHIVE] /
npub1ly…cdx6n
2023-06-09 12:53:14
in reply to nevent1q…0e5s
Author Public Key
npub1ly5vrg5ylhdkxrkj824jhlnfsy2z8fvlg8wcc0jqc4aezma6majsycdx6nPublished at
2023-06-09 12:53:14Event JSON
{
"id": "118ce1f8fcd15d631c1f8c2ef14dcfb6c1357fd08e65d4c9faf75b4bfd04389d",
"pubkey": "f928c1a284fddb630ed23aab2bfe69811423a59f41dd8c3e40c57b916fbadf65",
"created_at": 1686315194,
"kind": 1,
"tags": [
[
"e",
"8655b319e5067135f1dc1e4f6a2deb0a8d8e5e4c09b5ffccfe961b3ca83e49c2",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2018-11-29\n📝 Original message:\nHi,\n\n\nIs there a reason why we have HMACs in Sphinx? What could go wrong if we\ndidn't?\n\nA receiving node doesn't know anyway what the origin node is; I don't\nsee any attack mode where an attacker wouldn't be able to generate a\nvalid HMAC.\n\nA receiving node only knows which peer sent it a Sphinx packet;\nverification that this peer really sent this Sphinx packet is (I think)\nalready done on a lower protocol layer.\n\n\nAFAICS, The only real use case of the HMAC value is the special case of\na 0-valued HMAC, indicating the end of the route. But that's just silly:\nit's essentially a boolean, not any kind of cryptographic verification.\n\n\nCJP",
"sig": "6928f39c4a3f353cc0e52172b2119d3a9a2393e303585ec56872238e84c1125dd3ff86b1afffe14317b140847c2aab4e1cf9668eddb683110bbaf527ff470e7e"
}