[Lightning-dev] Reason for having HMACs in Sphinx

[Corné Plooy]

Hi,


Is there a reason why we have HMACs in Sphinx? What could go wrong if we
didn't?

A receiving node doesn't know anyway what the origin node is; I don't
see any attack mode where an attacker wouldn't be able to generate a
valid HMAC.

A receiving node only knows which peer sent it a Sphinx packet;
verification that this peer really sent this Sphinx packet is (I think)
already done on a lower protocol layer.


AFAICS, The only real use case of the HMAC value is the special case of
a 0-valued HMAC, indicating the end of the route. But that's just silly:
it's essentially a boolean, not any kind of cryptographic verification.


CJP