Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Followup]: Update Mission Control to Handle invalid_onion_blinding #7882

Closed
carlaKC opened this issue Aug 10, 2023 · 2 comments · Fixed by #8095
Closed

[Followup]: Update Mission Control to Handle invalid_onion_blinding #7882

carlaKC opened this issue Aug 10, 2023 · 2 comments · Fixed by #8095
Assignees
@carlaKC
Labels
blinded paths mission control

Comments

@carlaKC
Copy link
Collaborator

carlaKC commented Aug 10, 2023

This issue describes a small follow up to #7200.

Once LND has the ability to send payments to blinded routes (albeit only via SendToRoute), we need to update mission control to handle a new invalid_onion_blinding error code. A quick recap of core concepts for error handling in blinded routes:

  • LND's pathfinding expresses blinded routes as a series of chained hints (introduction -> B1 -> B2)
  • These hints use blinded node IDs, which are effectively "single use" for the blinded path (as blinding point is unique per-path)
  • Error handling within a blinded routes is as follows:
    • Relaying nodes (B1/B2): MUST send an update_fail_malformed_htlc error using the invalid_onion_blinding
    • Introduction node: MUST send an update_fail_htlc error using the invalid_onion_blinding

This means that any error that occurs within a blinded route will appear to originate from the introduction node. This can be handled by mission control by penalizing the full blinded route (introduction -> final node) as we don't know which node has failed.
@carlaKC carlaKC added enhancement Improvements to existing features / behaviour blinded paths mission control and removed enhancement Improvements to existing features / behaviour labels Aug 10, 2023
@carlaKC
Copy link
Collaborator Author

carlaKC commented Aug 10, 2023

One thing that I wonder about is whether it's unfair to the introduction node to do it this way (as their real node ID gets hit and everybody else is just penalized for that payment) but I don't really see any incentive for the blinded hops to try to mess with the introduction node because they're tied to it (if it can't be used for the payment to that blinded path, they can't be used either).

@carlaKC carlaKC self-assigned this Aug 10, 2023
@carlaKC carlaKC mentioned this issue Sep 28, 2023
Merged
@carlaKC
Copy link
Collaborator Author

carlaKC commented Oct 12, 2023
edited
Loading

More specific proposal for how to handle these (erroring node highlighted in yellow).

Intermediate Failures

  • Report success up until the introduction node.
  • Report failure afterwards.
Screenshot 2023-10-12 at 2 53 56 PM

Final Node Failures

Always fail the receiving node and terminate payment because we do not expect this error from a final node:

  • Introduction nodes should send a regular error if they're the recipient.
  • Other nodes have no business sending this error.
Screenshot 2023-10-13 at 1 43 22 PM

Unexpected Reports

In theory, nodes that are not part of a blinded route could report this error. In this case we'll penalize the node heavily because it's either buggy or disobeying the spec on purpose.

Screenshot 2023-10-12 at 2 54 06 PM

Will follow with code but please LMK any thoughts on the approach!

@carlaKC carlaKC mentioned this issue Oct 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carlaKC carlaKC

Labels
blinded paths mission control
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

missioncontrol: add invalid onion blinding handling for blinded paths carlaKC/lnd
1 participant
@carlaKC