On Mon, Dec 20, 2021 at 09:01:37AM +0100, Joost Jager wrote: > On Sat, Dec 18, 2021 at 6:56 PM Peter Todd <p...@petertodd.org> wrote: > > > Lightning already has sender authentication: you simply give someone a > > pre-image hash over an authenticated channel, and the fact that the > > payment was > > made means only they could have realistically made it as they were the only > > person who knew that pre-image hash. > > > > This sounds quite similar to what is described above in lnurl-18. I can see > that that works, but I should have added that I was looking for a solution > that exists completely within the protocol without using an additional > channel. Also, routing nodes learn the preimage hash too, so the sender > isn't the only person. But that is solved by the payment secret that is > also part of the invoice.
The key thing is the invoice has to get to the sender somehow in the first place. So I don't think there's any reason to use the lightning protocol itself for additional authentication. > > Going beyond that is dangerous as you're creating the ability to prove to a > > *third* party who made a particular payment. That raises serious problems > > in > > cases like government raids that need to be considered very carefully. > > > This is why I proposed to use diffie-hellman to generate a shared secret. > The receiver could then have made up all the proofs themselves and are > therefore of no value to a third party. The purpose of diffie-hellman is to generate a shared secret in the absense of a secure channel. Once you have a secure channel there's no reason to use it. Simply giving the sender the payment info is sufficient. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev