lightning-dev
[BOLT Draft] Onion Routing Spec
Posted on: October 21, 2016 08:30 UTC
In an email discussion, Olaoluwa Osuntokun expressed concern about the payment hash being included in the MAC check of the header.
He assumed that the packet format would not be modified to include the payment hash in either the header or e2e payload. Instead, he proposed that the payment hash be a parameter to the packet processing/creation function, where it would be concatenated to the material being authenticated similar to the "associated data" in AEAD cipher modes. This way, there would be no additional data added to the packets, but the payment hash would be authenticated as part of packet processing at each hop. This would make replay attempts by adversaries fail, assuming all nodes remember all payment hashes, and come at a direct monetary cost to the attacker. Christian Lundkvist acknowledged the oversight and promised to add it to the spec and implementations.