Skip to content

Commit 872c6ec

Browse files
erickcestarimorehousebrunoerg
authored
Make payment_secret mandatory and ASSUMED (#1242)
Make the payment secret ('s' field) mandatory for readers in addition to writers, and update the payment_secret feature to ASSUMED status in BOLT 9. This formalizes the expectation that all Lightning invoices must include a payment secret after ~4 years of writer-side requirements. The payment secret prevents intermediate nodes in the payment path from probing for the destination by generating their own payment onions, enhancing privacy in the Lightning Network. - Add requirement for readers to fail payment if 's' field is missing - Remove requirement to skip 's' fields with incorrect length - Add test vector demonstrating an invalid invoice missing 's' field - Change payment_secret feature to ASSUMED in BOLT 9 This aligns with existing implementations like LDK which already refuse to pay invoices missing a payment secret. Co-authored-by: morehouse <[email protected]> Co-authored-by: brunoerg <[email protected]>
1 parent e1fa25c commit 872c6ec

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

09-features.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ The Context column decodes as follows:
3838
| 8/9 | `var_onion_optin` | ASSUMED | | | |
3939
| 10/11 | `gossip_queries_ex` | Gossip queries can include additional information | IN | | [BOLT #7][bolt07-query] |
4040
| 12/13 | `option_static_remotekey` | ASSUMED | | | |
41-
| 14/15 | `payment_secret` | Node supports `payment_secret` field | IN9 | | [Routing Onion Specification][bolt04] |
41+
| 14/15 | `payment_secret` | ASSUMED | IN9 | | [Routing Onion Specification][bolt04] |
4242
| 16/17 | `basic_mpp` | Node can receive basic multi-part payments | IN9 | `payment_secret` | [BOLT #4][bolt04-mpp] |
4343
| 18/19 | `option_support_large_channel` | Can create large channels | IN | | [BOLT #2](02-peer-protocol.md#the-open_channel-message) |
4444
| 22/23 | `option_anchors` | Anchor commitment type with zero fee HTLC transactions | IN | | [BOLT #3][bolt03-htlc-tx], [lightning-dev][ml-sighash-single-harmful] |

11-payment-encoding.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -205,8 +205,8 @@ A writer:
205205
- MUST specify the most-preferred field first, followed by less-preferred fields, in order.
206206

207207
A reader:
208-
- MUST skip over unknown fields, OR an `f` field with unknown `version`, OR `p`, `h`, `s` or
209-
`n` fields that do NOT have `data_length`s of 52, 52, 52 or 53, respectively.
208+
- MUST skip over unknown fields, OR an `f` field with unknown `version`, OR `p`, `h` or
209+
`n` fields that do NOT have `data_length`s of 52, 52 or 53, respectively.
210210
- if the `9` field contains unknown _odd_ bits that are non-zero:
211211
- MUST ignore the bit.
212212
- if the `9` field contains unknown _even_ bits that are non-zero:
@@ -216,8 +216,10 @@ A reader:
216216
description.
217217
- if a valid `n` field is provided:
218218
- MUST use the `n` field to validate the signature instead of performing signature recovery.
219-
- if there is a valid `s` field:
220-
- MUST use that as [`payment_secret`](04-onion-routing.md#tlv_payload-payload-format)
219+
- if a valid `s` field is not provided:
220+
- MUST fail the payment.
221+
- otherwise:
222+
- MUST use the `s` field as [`payment_secret`](04-onion-routing.md#tlv_payload-payload-format)
221223
- if the `c` field (`min_final_cltv_expiry_delta`) is not provided:
222224
- MUST use an expiry delta of at least 18 when making the payment
223225
- if an `m` field is provided:
@@ -784,6 +786,9 @@ Breakdown:
784786
> ### Invalid sub-millisatoshi precision.
785787
> lnbc2500000001p1pvjluezpp5qqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqdq5xysxxatsyp3k7enxv4jsxqzpusp5zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zyg3zygs9qrsgq0lzc236j96a95uv0m3umg28gclm5lqxtqqwk32uuk4k6673k6n5kfvx3d2h8s295fad45fdhmusm8sjudfhlf6dcsxmfvkeywmjdkxcp99202x
786788
789+
> ### Missing required `s` field.
790+
> lnbc20m1pvjluezpp5qqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqhp58yjmdan79s6qqdhdzgynm4zwqd5d7xmw5fk98klysy043l2ahrqs9qrsgq7ea976txfraylvgzuxs8kgcw23ezlrszfnh8r6qtfpr6cxga50aj6txm9rxrydzd06dfeawfk6swupvz4erwnyutnjq7x39ymw6j38gp49qdkj
791+
787792
# Authors
788793

789794
[ FIXME: ]

0 commit comments

Comments
 (0)