Skip to content

Introduce ReceiveAuthKey verification for Blinded Payment Paths #4126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Introduce ReceiveAuthKey verification for Blinded Payment Paths #4126

wants to merge 2 commits into from
+183 −311

Conversation

@shaavan
Copy link
Member

@shaavan shaavan commented Sep 25, 2025

Building on the goals set forth in #3917, this PR introduces ReceiveAuthKey-based verification for Blinded Payment Paths.

Key Outcomes

  • Uniform verification mechanism: Both payment and message blinded paths now share the same authentication logic.
  • Smaller payloads: The final ReceiveTlvs are noticeably reduced in size, making blinded paths lighter.

Follow-Up Preparation

This PR also lays the groundwork for introducing dummy payment hops in a follow-up PR.
By minimizing per-hop authentication data, we keep dummy hops compact — preserving overall path size and ensuring that forward and dummy TLVs are padded to the same length, improving hop indistinguishability and privacy.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Sep 25, 2025
edited
Loading

I've assigned @jkczyz as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@codecov
Copy link

codecov bot commented Sep 25, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 89.83051% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.33%. Comparing base (95c4eaf) to head (a6719b1).
⚠️ Report is 24 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/blinded_path/payment.rs 70.37% 3 Missing and 5 partials ⚠️
lightning/src/routing/router.rs 70.00% 3 Missing ⚠️
lightning/src/ln/msgs.rs 94.11% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4126      +/-   ##
==========================================
+ Coverage   89.28%   89.33%   +0.04%     
==========================================
  Files         180      180              
  Lines      137913   138086     +173     
  Branches   137913   138086     +173     
==========================================
+ Hits       123142   123354     +212     
+ Misses      12167    12136      -31     
+ Partials     2604     2596       -8
Flag Coverage Δ
fuzzing 35.86% <5.19%> (+2.30%) ⬆️
tests 88.70% <89.83%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Sep 27, 2025

🔔 1st Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Sep 29, 2025

🔔 2nd Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 1, 2025

🔔 3rd Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 4, 2025

🔔 4th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 6, 2025

🔔 5th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@shaavan
Copy link
Member Author

shaavan commented Oct 6, 2025

Updated from pr4126.01 to pr4126.02 (diff):

Changes:

  1. Various cleanups
  2. Expanded Documentation
  3. Restructured the fails_receive_tlvs_authentication test so that it can properly test the new ReceiveAuthKey based authentication

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 8, 2025

🔔 6th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@shaavan shaavan mentioned this pull request Oct 9, 2025
Draft
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 11, 2025

🔔 7th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 13, 2025

🔔 8th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 15, 2025

🔔 9th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 18, 2025

🔔 10th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 20, 2025

🔔 11th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 22, 2025

🔔 12th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 25, 2025

🔔 13th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 27, 2025

🔔 14th Reminder

Hey @jkczyz! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

jkczyz
jkczyz reviewed Oct 27, 2025
View reviewed changes
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 27, 2025

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

@shaavan
Copy link
Member Author

shaavan commented Nov 4, 2025

Updated .02 → .03

Thanks @jkczyz - changes:

  • Test cleanups
  • Various documentation changes.

@shaavan shaavan force-pushed the aad-payment branch 2 times, most recently from acbadec to 18e6b33 Compare November 4, 2025 15:21
@shaavan
Copy link
Member Author

shaavan commented Nov 4, 2025

Rebased .03 → .04

@shaavan
Copy link
Member Author

shaavan commented Nov 8, 2025

Rebased .04 → .05

TheBlueMatt
TheBlueMatt reviewed Nov 11, 2025
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@shaavan
Copy link
Member Author

shaavan commented Nov 12, 2025

Updated .05 → .06

Thanks @TheBlueMatt — changes:

  • Added used_aad check in decrypt_intro_payload
  • Restored HMAC variable names for clarity on reuse risk
  • Moved used_aad check to read-time to simplify downstream logic

jkczyz
jkczyz reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@jkczyz jkczyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Mostly some nits but one is needed to be addressed to fix CI.

@shaavan
Introduce ReceiveAuthKey-based verification in Blinded Payment Paths
4a75560 
Extends the work started in
[PR#3917](lightningdevkit#3917)
by adding ReceiveAuthKey-based verification for Blinded Payment Paths.

This reduces space previously taken by individual ReceiveTlvs and
aligns the verification logic with that used for Blinded Message Paths.
@shaavan
Cleanup: Remove redundant (hmac, nonce) from codebase
a6719b1 
Now that we have introduced an alternate mechanism for authentication
in the codebase, we can safely remove the now redundant (hmac, nonce)
fields from the Payment ReceiveTlvs's while maintaining the security
of the onion messages.
@shaavan
Copy link
Member Author

shaavan commented Nov 12, 2025

Updated: .06 → .07

Thanks @jkczyz — changes:

  • Removed unrelated edits from onion_payment.rs
  • Fix lint errors
  • Rename receive_auth_keylocal_node_receive_key (match message.rs)
  • Doc nits

jkczyz
jkczyz reviewed Nov 12, 2025
View reviewed changes
lightning/src/routing/router.rs
/// Creates [`BlindedPaymentPath`]s for payment to the `recipient` node. The channels in `first_hops`
/// are assumed to be with the `recipient`'s peers. The payment secret and any constraints are
/// given in `tlvs`.
/// given in `tlvs`. The `receive_auth_key` is required to authenticate the blinded payment paths.
Copy link
Contributor

@jkczyz jkczyz Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/receive_auth_key/local_node_receive_key

lightning/src/ln/onion_utils.rs
/// for the payer, resulting in a payment that cannot be authenticated.
///
/// [`BlindedPaymentPath`]: crate::blinded_path::payment::BlindedPaymentPath
UnauthenticatedPayload,
Copy link
Contributor

@jkczyz jkczyz Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an easy way to add a test checking for this failure?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt left review comments

@jkczyz jkczyz jkczyz left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shaavan @ldk-reviews-bot @TheBlueMatt @jkczyz