From pete at petertodd.org Mon Dec 20 12:56:28 2021 From: pete at petertodd.org (Peter Todd) Date: Mon, 20 Dec 2021 07:56:28 -0500 Subject: [Lightning-dev] Payment sender authentication In-Reply-To: References: Message-ID: On Mon, Dec 20, 2021 at 09:01:37AM +0100, Joost Jager wrote: > On Sat, Dec 18, 2021 at 6:56 PM Peter Todd wrote: > > > Lightning already has sender authentication: you simply give someone a > > pre-image hash over an authenticated channel, and the fact that the > > payment was > > made means only they could have realistically made it as they were the only > > person who knew that pre-image hash. > > > > This sounds quite similar to what is described above in lnurl-18. I can see > that that works, but I should have added that I was looking for a solution > that exists completely within the protocol without using an additional > channel. Also, routing nodes learn the preimage hash too, so the sender > isn't the only person. But that is solved by the payment secret that is > also part of the invoice. The key thing is the invoice has to get to the sender somehow in the first place. So I don't think there's any reason to use the lightning protocol itself for additional authentication. > > Going beyond that is dangerous as you're creating the ability to prove to a > > *third* party who made a particular payment. That raises serious problems > > in > > cases like government raids that need to be considered very carefully. > > > This is why I proposed to use diffie-hellman to generate a shared secret. > The receiver could then have made up all the proofs themselves and are > therefore of no value to a third party. The purpose of diffie-hellman is to generate a shared secret in the absense of a secure channel. Once you have a secure channel there's no reason to use it. Simply giving the sender the payment info is sufficient. -- https://petertodd.org 'peter'[:-1]@petertodd.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: