📅 Original date posted:2016-08-13
📝 Original message:
Olaoluwa Osuntokun <laolu32 at gmail.com> writes:
> Rusty Russell <rusty at rustcorp.com.au> wrote:
>> Ephemeral key and mac make sense as a header, but it's fairly easy
>> to image a different next hop address format for different networks.
>> See also "realm byte" below.
>>
>> Thus I'm suggesting a format like:
>>
>> [ephemeral key] [mac] [realm] [per-realm-information]
>>
>> Per-realm-information is next-hop, amount, etc.
>
> In order to maintain the security properties of the onion blob, each onion
> blob
> is required to be the exact same length. Therefore, the amount of bytes
> allocated for the "next-hop" address needs to be uniform. In my mind, the
> next-hop" field should just be an opaque blob (at the specification level)
> with
> no further explicit meaning. Nodes residing on various chains will parse the
> address accordingly (they might be using a different curve, etc).
Kind of. We need some identifier to know, as nodes may straddle chains.
> With this said, I fail to see what we gain by making the current
> chain-boundary
> explicit (within the onion blob's mix-header).
>
>> An explicit network byte makes sense since we could eventually have
> multiple
>> networks (atomic cross-chain exchange). While node keys are network
> globally
>> unique (thus the exchange is *implied* by the next hop), it's nice to be
>> explicit.
>>
>> We need some flag for the terminal node anyway, so it makes sense IMHO
>> to expand it.
>
> Sure, but the explicit network byte should be within the main p2p message
> header rather than the header for the onion blob itself. When crossing
> chains,
> nodes will properly set the net magic in the outer message header.
Some node will have to straddle two chains, right? So you'd route A ->
B -> C as normal, and C is (say) litecoin (B straddles both). You
really want the onion to be explicit that this transfer to litecoin is
what the sender intended. Or some sidechain.
Now, we'd hope nobody would screw this up, but I think it's worth
flagging since the sender really should know it's changing chains.
> Also we don't need to allocate an additional byte for the terminal node in
> any
> case. The terminal node can either be identified by the null-MAC, or
> null-nexthop (if that isn't being used to dispatch into virtual channels).
That implies there's a final hop in the packet which is unused? I
believe strongly we want a realm byte, so I think it makes more sense to
overload it for this.
>> Strawman proposal:
>> 1) HTLC-hash and HTLC-preimage? (aha H-hash & H-preimage).
>> 2) committx-hash and committx-preimage (C-hash / C-preimage) for the
>> commitment transaction revocation?
>>
>> That avoids R altogether, which is overloaded...
>
> Sounds good to me!
I shall try to use those consistently from now on!
Thanks,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:46:25
in reply to nevent1q…kj02
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:46:25Event JSON
{
"id": "3abe29ad455942f32c4755bdc25fb5aefb7c376157bf8f0aba3212ee9598c388",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314785,
"kind": 1,
"tags": [
[
"e",
"f166a20039cde752a8ba4e6cccc22d4b2719f9a29840f0c295641243ae59d83f",
"",
"root"
],
[
"e",
"eca58751486c3336d89133485692fe28940909b4266d20f8b92c28b8bfbb32b9",
"",
"reply"
],
[
"p",
"2df3fc2660459521b852c995d4fc1a93938389a5e085677d0ebb33ef92cc5476"
]
],
"content": "📅 Original date posted:2016-08-13\n📝 Original message:\nOlaoluwa Osuntokun \u003claolu32 at gmail.com\u003e writes:\n\u003e Rusty Russell \u003crusty at rustcorp.com.au\u003e wrote:\n\u003e\u003e Ephemeral key and mac make sense as a header, but it's fairly easy\n\u003e\u003e to image a different next hop address format for different networks.\n\u003e\u003e See also \"realm byte\" below.\n\u003e\u003e\n\u003e\u003e Thus I'm suggesting a format like:\n\u003e\u003e\n\u003e\u003e [ephemeral key] [mac] [realm] [per-realm-information]\n\u003e\u003e\n\u003e\u003e Per-realm-information is next-hop, amount, etc.\n\u003e\n\u003e In order to maintain the security properties of the onion blob, each onion\n\u003e blob\n\u003e is required to be the exact same length. Therefore, the amount of bytes\n\u003e allocated for the \"next-hop\" address needs to be uniform. In my mind, the\n\u003e next-hop\" field should just be an opaque blob (at the specification level)\n\u003e with\n\u003e no further explicit meaning. Nodes residing on various chains will parse the\n\u003e address accordingly (they might be using a different curve, etc).\n\nKind of. We need some identifier to know, as nodes may straddle chains.\n\n\u003e With this said, I fail to see what we gain by making the current\n\u003e chain-boundary\n\u003e explicit (within the onion blob's mix-header).\n\u003e\n\u003e\u003e An explicit network byte makes sense since we could eventually have\n\u003e multiple\n\u003e\u003e networks (atomic cross-chain exchange). While node keys are network\n\u003e globally\n\u003e\u003e unique (thus the exchange is *implied* by the next hop), it's nice to be\n\u003e\u003e explicit.\n\u003e\u003e\n\u003e\u003e We need some flag for the terminal node anyway, so it makes sense IMHO\n\u003e\u003e to expand it.\n\u003e\n\u003e Sure, but the explicit network byte should be within the main p2p message\n\u003e header rather than the header for the onion blob itself. When crossing\n\u003e chains,\n\u003e nodes will properly set the net magic in the outer message header.\n\nSome node will have to straddle two chains, right? So you'd route A -\u003e\nB -\u003e C as normal, and C is (say) litecoin (B straddles both). You\nreally want the onion to be explicit that this transfer to litecoin is\nwhat the sender intended. Or some sidechain.\n\nNow, we'd hope nobody would screw this up, but I think it's worth\nflagging since the sender really should know it's changing chains.\n\n\u003e Also we don't need to allocate an additional byte for the terminal node in\n\u003e any\n\u003e case. The terminal node can either be identified by the null-MAC, or\n\u003e null-nexthop (if that isn't being used to dispatch into virtual channels).\n\nThat implies there's a final hop in the packet which is unused? I\nbelieve strongly we want a realm byte, so I think it makes more sense to\noverload it for this.\n\n\u003e\u003e Strawman proposal:\n\u003e\u003e 1) HTLC-hash and HTLC-preimage? (aha H-hash \u0026 H-preimage).\n\u003e\u003e 2) committx-hash and committx-preimage (C-hash / C-preimage) for the\n\u003e\u003e commitment transaction revocation?\n\u003e\u003e\n\u003e\u003e That avoids R altogether, which is overloaded...\n\u003e\n\u003e Sounds good to me!\n\nI shall try to use those consistently from now on!\n\nThanks,\nRusty.",
"sig": "13af99c28a5dadb326f4b322abcfbe24cccf320d4c53750ca9b2c945c299287c27488bca040aa63dacff1c359a5a79e4fc6005b019f47181ea346511ebc2c54d"
}