From rusty at rustcorp.com.au Tue Mar 10 23:05:57 2020 From: rusty at rustcorp.com.au (Rusty Russell) Date: Wed, 11 Mar 2020 09:35:57 +1030 Subject: [Lightning-dev] Blind paths revisited In-Reply-To: References: <87k13txds8.fsf@rustcorp.com.au> Message-ID: <87a74nyfmy.fsf@rustcorp.com.au> ZmnSCPxj writes: > Good morning Rusty, et al., > > >> Note that this means no payment secret is necessary, since the incoming >> `blinding` serves the same purpose. If we wanted to, we could (ab)use >> payment_secret as the first 32-bytes to put in Carol's enc1 (i.e. it's >> the ECDH for Carol to decrypt enc1). > > I confess to not reading everything in detail, but it seems to me that, with payment point + scalar and path decorrelation, we need to establish a secret with each hop anyway (the blinding scalar for path decorrelation), so if you need a secret per hop, possibly this could be reused as well? Indeed, this could be used the same way, though for that secret it can simply be placed inside the onion rather than passed alongside. Cheers, Rusty.