[Lightning-dev] Proposal: Lightning Pre-Image Encryption Standard

[ZmnSCPxj]

Good morning Nadav et al.,

> > Any node on the route of the payment knows the preimage and can decrypt the data. It would be nice to tune the protocol in a way that only the buyer can decrypt the data. For example we could use something like this:
>
> Is this not covered by sending over the pre-image encrypted data over a secure channel such as HTTPS? If anyone along the route who learns the pre-image does intercept the message with the encrypted data, that data will already be encrypted for the intended recipient right?

True, but the added protection allows sending the option of sending data over a non-secure channel.
In particular, a secure channel like HTTPS would impose an encryption/decryption overhead, and then you will *also* encrypt/decrypt at the application layer i.e. you are encrypting twice.
If you have the choice of using an insecure channel, you could take that and only have the encrypt/decrypt overhead only for the preimage-encrypted data.

i.e. with this, you have the option of sending over both secure and insecure channels.
It does not hinder use of secure channel, but enables use of insecure channel.
Putting MAC inside the encryption would help ensure that we can detect data replacement over insecure channel, and use of shared secret ensures only intended recipient can decrypt.

Regards,
ZmnSCPxj