From corne at bitonic.nl  Thu Nov 29 15:31:34 2018
From: corne at bitonic.nl (=?UTF-8?Q?Corn=c3=a9_Plooy?=)
Date: Thu, 29 Nov 2018 16:31:34 +0100
Subject: [Lightning-dev] Reason for having HMACs in Sphinx
Message-ID: <fd770fa8-4044-6953-1d3c-e9e461c31661@bitonic.nl>

Hi,


Is there a reason why we have HMACs in Sphinx? What could go wrong if we
didn't?

A receiving node doesn't know anyway what the origin node is; I don't
see any attack mode where an attacker wouldn't be able to generate a
valid HMAC.

A receiving node only knows which peer sent it a Sphinx packet;
verification that this peer really sent this Sphinx packet is (I think)
already done on a lower protocol layer.


AFAICS, The only real use case of the HMAC value is the special case of
a 0-valued HMAC, indicating the end of the route. But that's just silly:
it's essentially a boolean, not any kind of cryptographic verification.


CJP