[Lightning-dev] Reason for having HMACs in Sphinx

Corné Plooy corne at bitonic.nl
Thu Nov 29 15:31:34 UTC 2018


Is there a reason why we have HMACs in Sphinx? What could go wrong if we

A receiving node doesn't know anyway what the origin node is; I don't
see any attack mode where an attacker wouldn't be able to generate a
valid HMAC.

A receiving node only knows which peer sent it a Sphinx packet;
verification that this peer really sent this Sphinx packet is (I think)
already done on a lower protocol layer.

AFAICS, The only real use case of the HMAC value is the special case of
a 0-valued HMAC, indicating the end of the route. But that's just silly:
it's essentially a boolean, not any kind of cryptographic verification.


More information about the Lightning-dev mailing list