From ZmnSCPxj at protonmail.com  Tue Mar 10 12:14:58 2020
From: ZmnSCPxj at protonmail.com (ZmnSCPxj)
Date: Tue, 10 Mar 2020 12:14:58 +0000
Subject: [Lightning-dev] Blind paths revisited
In-Reply-To: <87k13txds8.fsf@rustcorp.com.au>
References: <87k13txds8.fsf@rustcorp.com.au>
Message-ID: <XuiV-FSBdHeeUmaYT8DXwO1Hi_18vbh1swkmCZvy-_N2vV7I0CpsezZxzccR3_OqqipzfC68LHBlq5S57oiziZdP2KPrJBVeaudbyXvRlLc=@protonmail.com>

Good morning Rusty, et al.,


> Note that this means no payment secret is necessary, since the incoming
> `blinding` serves the same purpose. If we wanted to, we could (ab)use
> payment_secret as the first 32-bytes to put in Carol's enc1 (i.e. it's
> the ECDH for Carol to decrypt enc1).

I confess to not reading everything in detail, but it seems to me that, with payment point + scalar and path decorrelation, we need to establish a secret with each hop anyway (the blinding scalar for path decorrelation), so if you need a secret per hop, possibly this could be reused as well?

Regards,
ZmnSCPxj