-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route blinding MVP #2413
Route blinding MVP #2413
Conversation
f4dc1aa
to
8ed2025
Compare
Codecov ReportPatch coverage:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2413 +/- ##
==========================================
+ Coverage 90.45% 90.61% +0.15%
==========================================
Files 112 113 +1
Lines 58564 59002 +438
Branches 58564 59002 +438
==========================================
+ Hits 52976 53466 +490
+ Misses 5588 5536 -52
☔ View full report in Codecov by Sentry. |
8ed2025
to
223e2de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than splitting the pr into handle-it-all-then-add-error-handling, can we split it into "handle sending, with all error handling, handle receiving, with all error handling, and then handle forwarding, with all error handling"?
I'm still looking into this but we can't materially test any error handling until we have forwarding, because 1-hop blinded paths are supposed to error the same as unblinded payments, i.e. not wipe the error or return malformed. Another option would be to split forwarding+error handling off into its own PR and land sending/1-hop receiving first. |
223e2de
to
952e537
Compare
Removed forwarding support for now, so all forwarding + error handling will be done in #2540 (should be updated tomorrow). |
c2715bf
to
80405b4
Compare
80405b4
to
43a54c4
Compare
Rebased and removed support for receiving to multi-hop blinded paths. This way we can ship an MVP BOLT 12 in 117 and complete route blinding support in 118, to avoid holding up the current release. |
43a54c4
to
4b39220
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to squash!
This will be used in the next commit to deserialize encrypted TLVs for receiving to 1-hop blinded paths.
Useful until forwarding and receiving to multi-hop blinded paths is supported.
4b39220
to
ebdc4ae
Compare
let ev = remove_first_msg_event_to_node(&nodes[1].node.get_our_node_id(), &mut events); | ||
pass_along_path(&nodes[0], expected_route[0], amt_msat, payment_hash.clone(), | ||
Some(payment_secret), ev.clone(), false, None); | ||
|
||
let ev = remove_first_msg_event_to_node(&nodes[2].node.get_our_node_id(), &mut events); | ||
pass_along_path(&nodes[0], expected_route[1], amt_msat, payment_hash.clone(), | ||
Some(payment_secret), ev.clone(), true, None); | ||
claim_payment_along_route(&nodes[0], expected_route, false, payment_preimage); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: ev
clones not needed
amt_msat: u64, | ||
total_msat: u64, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Heh, can we get away from the legacy names and use more descriptive names since we're adding new code here? Something about mpp_part_amt_msat and total_payment_msat?
@@ -1234,7 +1234,9 @@ impl OutboundPayments { | |||
if route.paths.len() < 1 { | |||
return Err(PaymentSendFailure::ParameterError(APIError::InvalidRoute{err: "There must be at least one path to send over".to_owned()})); | |||
} | |||
if recipient_onion.payment_secret.is_none() && route.paths.len() > 1 { | |||
if recipient_onion.payment_secret.is_none() && route.paths.len() > 1 | |||
&& !route.paths.iter().any(|p| p.blinded_tail.is_some()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldnt this be all?
return Err(DecodeError::InvalidValue) | ||
} | ||
let enc_tlvs = encrypted_tlvs_opt.ok_or(DecodeError::InvalidValue)?.0; | ||
let enc_tlvs_ss = node_signer.ecdh(Recipient::Node, &blinding_point, None) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like we should do blinded paths to a random key and not reuse the node id. That wouldn't avoid the new trait pass cause we need it for forwards, but for nodes with the node id on a separate hardware device/VLS we'd avoid the need to call out to the hardware device here for receives, which I think would be very nice.
0.0.118 - Oct 23, 2023 - "Just the Twelve Sinks" API Updates =========== * BOLT12 sending and receiving is now supported as an alpha feature. You may run into unexpected issues and will need to have a direct connection with the offer's blinded path introduction points as messages are not yet routed. We are seeking feedback from early testers (lightningdevkit#2578, lightningdevkit#2039). * `ConfirmationTarget` has been rewritten to provide information about the specific use LDK needs the feerate estimate for, rather than the generic low-, medium-, and high-priority estimates. This allows LDK users to more accurately target their feerate estimates (lightningdevkit#2660). For those wishing to retain their existing behavior, see the table below for conversion. * `ChainHash` is now used in place of `BlockHash` where it represents the genesis block (lightningdevkit#2662). * `lightning-invoice` payment utilities now take a `Deref` to `AChannelManager` (lightningdevkit#2652). * `peel_onion` is provided to statelessly decode an `OnionMessage` (lightningdevkit#2599). * `ToSocketAddrs` + `Display` are now impl'd for `SocketAddress` (lightningdevkit#2636, lightningdevkit#2670) * `Display` is now implemented for `OutPoint` (lightningdevkit#2649). * `Features::from_be_bytes` is now provided (lightningdevkit#2640). For those moving to the new `ConfirmationTarget`, the new variants in terms of the old mempool/low/medium/high priorities are as follows: * `OnChainSweep` = `HighPriority` * `MaxAllowedNonAnchorChannelRemoteFee` = `max(25 * 250, HighPriority * 10)` * `MinAllowedAnchorChannelRemoteFee` = `MempoolMinimum` * `MinAllowedNonAnchorChannelRemoteFee` = `Background - 250` * `AnchorChannelFee` = `Background` * `NonAnchorChannelFee` = `Normal` * `ChannelCloseMinimum` = `Background` Bug Fixes ========= * Calling `ChannelManager::close_channel[_with_feerate_and_script]` on a channel which did not exist would immediately hang holding several key `ChannelManager`-internal locks (lightningdevkit#2657). * Channel information updates received from a failing HTLC are no longer applied to our `NetworkGraph`. This prevents a node which we attempted to route a payment through from being able to learn the sender of the payment. In some rare cases, this may result in marginally reduced payment success rates (lightningdevkit#2666). * Anchor outputs are now properly considered when calculating the amount available to send in HTLCs. This can prevent force-closes in anchor channels when sending payments which overflow the available balance (lightningdevkit#2674). * A peer that sends an `update_fulfill_htlc` message for a forwarded HTLC, then reconnects prior to sending a `commitment_signed` (thus retransmitting their `update_fulfill_htlc`) may result in the channel stalling and being unable to make progress (lightningdevkit#2661). * In exceedingly rare circumstances, messages intended to be sent to a peer prior to reconnection can be sent after reconnection. This could result in undefined channel state and force-closes (lightningdevkit#2663). Backwards Compatibility ======================= * Creating a blinded path to receive a payment then downgrading to LDK prior to 0.0.117 may result in failure to receive the payment (lightningdevkit#2413). * Calling `ChannelManager::pay_for_offer` or `ChannelManager::create_refund_builder` may prevent downgrading to LDK prior to 0.0.118 until the payment times out and has been removed (lightningdevkit#2039). Node Compatibility ================== * LDK now sends a bogus `channel_reestablish` message to peers when they ask to resume an unknown channel. This should cause LND nodes to force-close and broadcast the latest channel state to the chain. In order to trigger this when we wish to force-close a channel, LDK now disconnects immediately after sending a channel-closing `error` message. This should result in cooperative peers also working to confirm the latest commitment transaction when we wish to force-close (lightningdevkit#2658). Security ======== 0.0.118 expands mitigations against transaction cycling attacks to non-anchor channels, though note that no mitigations which exist today are considered robust to prevent the class of attacks. * In order to mitigate against transaction cycling attacks, non-anchor HTLC transactions are now properly re-signed before broadcasting (lightningdevkit#2667). In total, this release features 61 files changed, 3470 insertions, 1503 deletions in 85 commits from 12 authors, in alphabetical order: * Antonio Yang * Elias Rohrer * Evan Feenstra * Fedeparma74 * Gursharan Singh * Jeffrey Czyz * Matt Corallo * Sergi Delgado Segura * Vladimir Fomene * Wilmer Paulino * benthecarman * slanesuke
Support sending to blinded payment paths and receiving to 1-hop paths. Partially addresses #1970. Error handling, forwarding and receiving to multi-hop blinded paths will be completed in follow-up.
Based on #2411, #2412, #2128, #2459, #2514, #2503