Bastien TEINTURIER [ARCHIVE] wrote

rich1.0Bastien TEINTURIER [ARCHIVE] wroteBastien TEINTURIER [ARCHIVE] (npub17f…ntr0s)https://yabu.me/npub17fjkngg0s0mfx4uhhz6n4puhflwvrhn2h5c78vdr5xda4mvqx89swntr0snjumphttps://yabu.me📅 Original date posted:2020-02-03 📝 Original message: Hi ZmnSCPxj, That is precisely what I am referring to, the lowest bits of the node ID > are embedded in the SCID, which we do not want to openly reveal to Carol. > Got it, I wasn't understanding your point correctly. We totally agree on that. Though if the point is to prevent Carol from correlating different invoices > as arising from the same payee, then my scheme fails against that. > IMO we should prevent Carol from correlating different invoices by using a different node_id for each invoice. This requires minimal changes and happens entirely payee-side (see my initial mail). Alice would do better to use multiple Bobs in that case. > That's of course a solution as well. Even with that though, if Alice opens multiple channels to each of her Bobs, she should use Tor and a different node_id each time for better privacy. Cheers, Bastien Le lun. 3 févr. 2020 à 15:51, ZmnSCPxj <ZmnSCPxj at protonmail.com> a écrit : > Good morning t-bast, > > > > > This is relevant if we ever want to hide the node id of the last node: > Bob could provide a symmetric > > > encryption key to all its peers with unpublished channels, which the > peer can XOR with its own true > > > node id and use the lowest 40 bits (or 46 bits or 58 bits) in the SCID. > > > > I don't understand your point here. Alice cannot hide her node_id from > Bob since the `node_id` is > > tied to the (unannounced) channel creation. > > > > But this is not an issue. What Alice wants to break is the ability to > link multiple HTLCs together > > because they use the same `node_id`. Since Alice can use a different > `node_id` in every invoice, > > it's easy for her to make sure Carol cannot tie those HTLCs together. > > That is precisely what I am referring to, the lowest bits of the node ID > are embedded in the SCID, which we do not want to openly reveal to Carol. > Though if the point is to prevent Carol from correlating different > invoices as arising from the same payee, then my scheme fails against that. > > > > > In order to hide from Bob, the best Alice can do is use a different > `node_id` for each channel she > > opens to Bob and use Tor. This way Bob cannot know that node_id_1 and > node_id_2 both belong to Alice. > > I don't think we can do better than that. > > Alice would do better to use multiple Bobs in that case. > > > Regards, > ZmnSCPxj > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200203/acea682e/attachment-0001.html>