You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These use onion encoding for simple one-way messaging: there are no error returns.
However, every onion uses route blinding *even if it doesn't need to*.
You can prove what path was used to reach you by including `path_id` in the
encrypted_data_tlv.
Note that this doesn't actually define the payload we're transporting:
that's explictly defined to be payloads in the 64-255 range.
Signed-off-by: Rusty Russell <[email protected]>
The `onionmsg_tlv` itself is a TLV: an intermediate node expects an
1455
+
`encrypted_tlv_stream` which it can decrypt into an `encrypted_data_tlv`
1456
+
using the `blinding` which it is handed along with the onion message.
1457
+
1458
+
Field numbers 64 and above are reserved for payloads for the final
1459
+
hop, though these are not explicitly refused by non-final hops (unless
1460
+
even, of course!).
1461
+
1462
+
1.`tlv_stream`: `onionmsg_tlv`
1463
+
2. types:
1464
+
1. type: 2 (`reply_path`)
1465
+
2. data:
1466
+
*[`blinded_path`:`path`]
1467
+
1. type: 4 (`encrypted_recipient_data`)
1468
+
2. data:
1469
+
*[`...*byte`:`encrypted_recipient_data`]
1470
+
1471
+
1. subtype: `blinded_path`
1472
+
2. data:
1473
+
*[`point`:`first_node_id`]
1474
+
*[`point`:`blinding`]
1475
+
*[`byte`:`num_hops`]
1476
+
*[`num_hops*onionmsg_hop`:`path`]
1477
+
1478
+
1. subtype: `onionmsg_hop`
1479
+
2. data:
1480
+
*[`point`:`blinded_node_id`]
1481
+
*[`u16`:`enclen`]
1482
+
*[`enclen*byte`:`encrypted_recipient_data`]
1483
+
1484
+
#### Requirements
1485
+
1486
+
The creator of `encrypted_recipient_data` (usually, the recipient of the onion):
1487
+
1488
+
- MUST create the `encrypted_recipient_data` from the `encrypted_data_tlv` as required in [Route Blinding](#route-blinding).
1489
+
- MUST NOT include `short_channel_id`, `payment_relay` or `payment_constraints` in any `encrypted_data_tlv`
1490
+
- MUST include `encrypted_data_tlv.next_node_id` for each non-final node.
1491
+
- MUST NOT include any other fields in `encrypted_data_tlv` for any non-final node.
1492
+
- MUST create the `encrypted_recipient_data` from the `encrypted_data_tlv` as required in [Route Blinding](#route-blinding).
1493
+
1494
+
The writer:
1495
+
1496
+
- MUST set the `onion_message_packet``version` to 0.
1497
+
- MUST construct the `onion_message_packet``onionmsg_payloads` as detailed above using Sphinx.
1498
+
- MUST NOT use any `associated_data` in the Sphinx construcion.
1499
+
- SHOULD set `onion_message_packet``len` to 1366 or 32834.
1500
+
- SHOULD retry via a different path if it expects a response and
1501
+
doesn't receive one after a reasonable period.
1502
+
- For the non-final nodes' `onionmsg_tlv`:
1503
+
- MUST NOT set `reply_path`
1504
+
- For the final node's `onionmsg_tlv`:
1505
+
- if the final node is permitted to reply:
1506
+
- MUST set `reply_path``blinding` to the initial blinding factor for the `first_node_id`
1507
+
- MUST set `reply_path``first_node_id` to the unblinded node id of the first node in the reply path.
1508
+
- For every `reply_path``path`:
1509
+
- MUST set `blinded_node_id` to the blinded node id to encrypt the onion hop for.
1510
+
- MUST set `encrypted_recipient_data` to a valid encrypted `encrypted_data_tlv` stream which meets the requirements of the `onionmsg_tlv` when used by the recipient.
1511
+
- MAY use `path_id` to contain a secret so it can recognize use of this `reply_path`.
1512
+
- otherwise:
1513
+
- MUST NOT set `reply_path`.
1514
+
- SHOULD retry via a different route if it expects a response and doesn't receive one after a reasonable period.
1515
+
1516
+
1517
+
The reader:
1518
+
1519
+
- SHOULD accept onion messages from peers without an established channel.
1520
+
- MAY rate-limit messages by dropping them.
1521
+
- MUST read the `encrypted_recipient_data` using `blinding` as required in [Route Blinding](#route-blinding).
1522
+
- MUST ignore the message if that considers the message invalid.
1523
+
- if `encrypted_data_tlv` contains `allowed_features`:
1524
+
- MUST ignore the message if:
1525
+
-`encrypted_data_tlv.allowed_features.features` contains an unknown feature bit (even if it is odd).
1526
+
- the payment uses a feature not included in `encrypted_data_tlv.allowed_features.features`.
1527
+
- if it is not the final node according to the onion encryption:
1528
+
- if the `onionmsg_tlv` contains other tlv fields than `encrypted_recipient_data`:
1529
+
- MUST ignore the message.
1530
+
- if the `encrypted_data_tlv` contains `path_id`:
1531
+
- MUST ignore the message.
1532
+
- otherwise:
1533
+
- SHOULD forward the message using `onion_message` to the next peer indicated by `next_node_id`.
1534
+
- if it forwards the message:
1535
+
- MUST set `blinding` in the forwarded `onion_message` to the next blinding as calculated in [Route Blinding](#route-blinding).
1536
+
- otherwise (it is the final node):
1537
+
- if `path_id` is set and corresponds to a path the reader has previously published in a `reply_path`:
1538
+
- if the onion message is not a reply to that previous onion:
1539
+
- MUST ignore the onion message
1540
+
- otherwise (unknown or unset `path_id`):
1541
+
- if the onion message is a reply to an onion message which contained a `path_id`:
1542
+
- MUST respond (or not respond) exactly as if it did not send the initial onion message.
1543
+
- if the `onionmsg_tlv` contains other tlv fields than `encrypted_recipient_data` and `reply_path`:
1544
+
- MUST ignore the message.
1545
+
- if it wants to send a reply:
1546
+
- MUST create an onion message using `reply_path`.
1547
+
- MUST send the reply via `onion_message` to the node indicated by
1548
+
the `first_node_id`, using `reply_path``blinding` to send
1549
+
along `reply_path``path`.
1550
+
1551
+
1552
+
#### Rationale
1553
+
1554
+
Care must be taken that replies are only accepted using the exact
1555
+
reply_path given, otherwise probing is possible. That means checking
1556
+
both ways: non-replies don't use the reply path, and replies always
1557
+
use the reply path.
1558
+
1559
+
The requirement to discard messages with `onionmsg_tlv` fields which
1560
+
are not strictly required ensures consistency between current and
1561
+
future implementations. Even odd fields can be a problem since they
1562
+
are parsed (and thus may be rejected!) by nodes which understand them,
1563
+
and ignored by those which don't.
1564
+
1565
+
All onion messages are blinded, even though this overhead is not
1566
+
always necessary (33 bytes here, the 16-byte MAC for each encrypted_data_tlv in
1567
+
the onion). This blinding allows nodes to use a path provided by
1568
+
others without knowing its contents. Using it universally simplifies
1569
+
implementations a little, and makes it more difficult to distinguish
1570
+
onion messages.
1571
+
1572
+
`len` allows larger messages to be sent than the standard 1300 bytes
1573
+
allowed for an HTLC onion, but this should be used sparingly as it is
1574
+
reduces the anonymity set, hence the recommendation that it either looks
1575
+
like an HTLC onion, or if larger, be a fixed size.
1576
+
1577
+
Onion messages don't explicitly require a channel, but for
1578
+
spam-reduction a node may choose to ratelimit such peers, especially
Copy file name to clipboardExpand all lines: 09-features.md
+1
Original file line number
Diff line number
Diff line change
@@ -44,6 +44,7 @@ The Context column decodes as follows:
44
44
| 22/23 |`option_anchors_zero_fee_htlc_tx`| Anchor commitment type with zero fee HTLC transactions | IN |`option_static_remotekey`|[BOLT #3][bolt03-htlc-tx], [lightning-dev][ml-sighash-single-harmful]|
0 commit comments