{"type":"rich","version":"1.0","title":"Rusty Russell [ARCHIVE] wrote","author_name":"Rusty Russell [ARCHIVE] (npub1zw…hkhpx)","author_url":"https://yabu.me/npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpx","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2020-02-03\n📝 Original message:\nBastien TEINTURIER \u003cbastien at acinq.fr\u003e writes:\n\u003e We can easily get rid of (1.) by leveraging the `payment_secret`. The\n\u003e improved scheme is:\n\u003e\n\u003e * Alice draws a random `decoy_key`\n\u003e * Alice computes the corresponding `decoy_node_id = decoy_key * G`\n\u003e * Alice draws a random `payment_secret`\n\u003e * Alice computes `decoy_short_channel_id = H(payment_secret * decoy_key *\n\u003e bob_node_id) xor short_channel_id`\n\u003e * Alice uses the `decoy_key` to sign the invoice\n\u003e * Carol recovers `decoy_node_id` from the invoice signature\n\u003e * Carol includes `P_I = payment_secret * decoy_node_id` in the onion\n\u003e payload for Bob\n\u003e * Bob can compute `short_channel_id = H(bob_private_key * P_I) xor\n\u003e decoy_short_channel_id`\n\u003e\n\u003e But I don't see how to get rid of (2.). If anyone has a clever idea on how\n\u003e to do that, I'd love to hear it!\n\nI really don't want a special marker on Carol; she needs to just pay\nlike normal.  Not just because it's simple, but because it means that\nCarol can use a custodial wallet without having to flag the payment as\nsomehow special.\n\nAFAICT, having Bob assign scids is the only viable way to do this.  The\ncurrent proposal limits to one scid at a time, but it could be extended\nto allow multiple scids.\n\n(I'm seeking a clever way that Bob can assign them and trivially tell\nwhich ID is assigned to which peer, but I can't figure it out, so I\nguess Bob keeps a mapping and restricts each peer to 256 live scids?).\n\nI've updated and somewhat simplified the PR now.\n\nCheers,\nRusty."}