BOLT04: Add rationale for constant error decryption.

To avoid timing analysis when decrypting failed payments the sender should act as if the failure in the route came for the 27th hop. Also changed the maximum number of hops in the route from 20 (legacy) to 27 (tlv onion).
lightning · Apr 16, 2024 · e6bc330 · e6bc330
1 parent 08ce2f6
commit e6bc330
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/04-onion-routing.md b/04-onion-routing.md
@@ -1057,9 +1057,16 @@ The _erring node_:
 The _origin node_:
   - once the return message has been decrypted:
     - SHOULD store a copy of the message.
-    - SHOULD continue decrypting, until the loop has been repeated 20 times.
+    - SHOULD continue decrypting, until the loop has been repeated 27 times
+    (maximum route length of tlv payload type).
     - SHOULD use constant `ammag` and `um` keys to obfuscate the route length.
 
+### Rationale
+
+The requirements for the _origin node_ should help hide the payment sender. By
+continuing decrypting 27 times (dummy decryption cycles after the error is found
+) no information can be obtained via timing analyis.
+
 ## Failure Messages
 
 The failure message encapsulated in `failuremsg` has an identical format as