lightning-dev
[BOLT Draft] Onion Routing Spec
Posted on: October 3, 2016 17:21 UTC
The conversation discusses the use of EC-Schnorr for on-chain keys instead of EC-DSA.
The public/priv keys would remain the same, allowing the keys to be used for signing/verifying multi-sign for channel authentication proofs. The importance of protecting different secrets is highlighted and it is noted that compromise of the identity public key could allow an attacker to open/accept authenticated+confidential p2p connections on the network. It is suggested that all keying material should be as independent as possible from a compartmentalization standpoint. The commit keys should be rolled anew for each channel to enable per-channel process signers with mlock'd secrets and dedicated hardware. Separating onion privkey allows rotation, which would be beneficial if forward secrecy was obtained. The comms symmetric key should also be rotated with forward secrecy in mind. A simple ratcheting scheme could be included in the initial p2p spec.