Merge pull request #3011 from jkczyz/2024-04-compact-blinded-path-creation

Compact blinded path creation

Author: TheBlueMatt

fuzz/src/chanmon_consistency.rs

@@ -31,6 +31,7 @@ use bitcoin::hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::hash_types::{BlockHash, WPubkeyHash};
 
 use lightning::blinded_path::BlindedPath;
+use lightning::blinded_path::message::ForwardNode;
 use lightning::blinded_path::payment::ReceiveTlvs;
 use lightning::chain;
 use lightning::chain::{BestBlock, ChannelMonitorUpdateStatus, chainmonitor, channelmonitor, Confirm, Watch};
@@ -119,7 +120,7 @@ impl MessageRouter for FuzzRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _peers: Vec<ForwardNode>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedPath>, ()> {
 		unreachable!()
 	}

fuzz/src/full_stack.rs

@@ -28,6 +28,7 @@ use bitcoin::hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::hash_types::{Txid, BlockHash, WPubkeyHash};
 
 use lightning::blinded_path::BlindedPath;
+use lightning::blinded_path::message::ForwardNode;
 use lightning::blinded_path::payment::ReceiveTlvs;
 use lightning::chain;
 use lightning::chain::{BestBlock, ChannelMonitorUpdateStatus, Confirm, Listen};
@@ -157,7 +158,7 @@ impl MessageRouter for FuzzRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _peers: Vec<ForwardNode>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedPath>, ()> {
 		unreachable!()
 	}

fuzz/src/invoice_request_deser.rs

@@ -11,6 +11,7 @@ use bitcoin::secp256k1::{KeyPair, Parity, PublicKey, Secp256k1, SecretKey, self}
 use crate::utils::test_logger;
 use core::convert::TryFrom;
 use lightning::blinded_path::BlindedPath;
+use lightning::blinded_path::message::ForwardNode;
 use lightning::sign::EntropySource;
 use lightning::ln::PaymentHash;
 use lightning::ln::features::BlindedHopFeatures;
@@ -73,9 +74,19 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 	invoice_request: &InvoiceRequest, secp_ctx: &Secp256k1<T>
 ) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
 	let entropy_source = Randomness {};
+	let intermediate_nodes = [
+		[
+			ForwardNode { node_id: pubkey(43), short_channel_id: None },
+			ForwardNode { node_id: pubkey(44), short_channel_id: None },
+		],
+		[
+			ForwardNode { node_id: pubkey(45), short_channel_id: None },
+			ForwardNode { node_id: pubkey(46), short_channel_id: None },
+		],
+	];
 	let paths = vec![
-		BlindedPath::new_for_message(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
-		BlindedPath::new_for_message(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::new_for_message(&intermediate_nodes[0], pubkey(42), &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::new_for_message(&intermediate_nodes[1], pubkey(42), &entropy_source, secp_ctx).unwrap(),
 	];
 
 	let payinfo = vec![

fuzz/src/onion_message.rs

@@ -7,6 +7,7 @@ use bitcoin::secp256k1::ecdsa::RecoverableSignature;
 use bitcoin::secp256k1::schnorr;
 
 use lightning::blinded_path::{BlindedPath, EmptyNodeIdLookUp};
+use lightning::blinded_path::message::ForwardNode;
 use lightning::ln::features::InitFeatures;
 use lightning::ln::msgs::{self, DecodeError, OnionMessageHandler};
 use lightning::ln::script::ShutdownScript;
@@ -88,7 +89,7 @@ impl MessageRouter for TestMessageRouter {
 	}
 
 	fn create_blinded_paths<T: secp256k1::Signing + secp256k1::Verification>(
-		&self, _recipient: PublicKey, _peers: Vec<PublicKey>, _secp_ctx: &Secp256k1<T>,
+		&self, _recipient: PublicKey, _peers: Vec<ForwardNode>, _secp_ctx: &Secp256k1<T>,
 	) -> Result<Vec<BlindedPath>, ()> {
 		unreachable!()
 	}

fuzz/src/refund_deser.rs

@@ -11,6 +11,7 @@ use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, SecretKey, self};
 use crate::utils::test_logger;
 use core::convert::TryFrom;
 use lightning::blinded_path::BlindedPath;
+use lightning::blinded_path::message::ForwardNode;
 use lightning::sign::EntropySource;
 use lightning::ln::PaymentHash;
 use lightning::ln::features::BlindedHopFeatures;
@@ -62,9 +63,19 @@ fn build_response<T: secp256k1::Signing + secp256k1::Verification>(
 	refund: &Refund, signing_pubkey: PublicKey, secp_ctx: &Secp256k1<T>
 ) -> Result<UnsignedBolt12Invoice, Bolt12SemanticError> {
 	let entropy_source = Randomness {};
+	let intermediate_nodes = [
+		[
+			ForwardNode { node_id: pubkey(43), short_channel_id: None },
+			ForwardNode { node_id: pubkey(44), short_channel_id: None },
+		],
+		[
+			ForwardNode { node_id: pubkey(45), short_channel_id: None },
+			ForwardNode { node_id: pubkey(46), short_channel_id: None },
+		],
+	];
 	let paths = vec![
-		BlindedPath::new_for_message(&[pubkey(43), pubkey(44), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
-		BlindedPath::new_for_message(&[pubkey(45), pubkey(46), pubkey(42)], &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::new_for_message(&intermediate_nodes[0], pubkey(42), &entropy_source, secp_ctx).unwrap(),
+		BlindedPath::new_for_message(&intermediate_nodes[1], pubkey(42), &entropy_source, secp_ctx).unwrap(),
 	];
 
 	let payinfo = vec![

lightning/src/blinded_path/message.rs

@@ -1,3 +1,16 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
+//! Data structures and methods for constructing [`BlindedPath`]s to send a message over.
+//!
+//! [`BlindedPath`]: crate::blinded_path::BlindedPath
+
 use bitcoin::secp256k1::{self, PublicKey, Secp256k1, SecretKey};
 
 #[allow(unused_imports)]
@@ -16,6 +29,17 @@ use crate::util::ser::{FixedLengthReader, LengthReadableArgs, Writeable, Writer}
 use core::mem;
 use core::ops::Deref;
 
+/// An intermediate node, and possibly a short channel id leading to the next node.
+#[derive(Clone, Debug, Hash, PartialEq, Eq)]
+pub struct ForwardNode {
+	/// This node's pubkey.
+	pub node_id: PublicKey,
+	/// The channel between `node_id` and the next hop. If set, the constructed [`BlindedHop`]'s
+	/// `encrypted_payload` will use this instead of the next [`ForwardNode::node_id`] for a more
+	/// compact representation.
+	pub short_channel_id: Option<u64>,
+}
+
 /// TLVs to encode in an intermediate onion message packet's hop data. When provided in a blinded
 /// route, they are encoded into [`BlindedHop::encrypted_payload`].
 pub(crate) struct ForwardTlvs {
@@ -60,17 +84,24 @@ impl Writeable for ReceiveTlvs {
 	}
 }
 
-/// Construct blinded onion message hops for the given `unblinded_path`.
+/// Construct blinded onion message hops for the given `intermediate_nodes` and `recipient_node_id`.
 pub(super) fn blinded_hops<T: secp256k1::Signing + secp256k1::Verification>(
-	secp_ctx: &Secp256k1<T>, unblinded_path: &[PublicKey], session_priv: &SecretKey
+	secp_ctx: &Secp256k1<T>, intermediate_nodes: &[ForwardNode], recipient_node_id: PublicKey,
+	session_priv: &SecretKey
 ) -> Result<Vec<BlindedHop>, secp256k1::Error> {
-	let blinded_tlvs = unblinded_path.iter()
+	let pks = intermediate_nodes.iter().map(|node| &node.node_id)
+		.chain(core::iter::once(&recipient_node_id));
+	let tlvs = pks.clone()
 		.skip(1) // The first node's TLVs contains the next node's pubkey
-		.map(|pk| ForwardTlvs { next_hop: NextMessageHop::NodeId(*pk), next_blinding_override: None })
-		.map(|tlvs| ControlTlvs::Forward(tlvs))
+		.zip(intermediate_nodes.iter().map(|node| node.short_channel_id))
+		.map(|(pubkey, scid)| match scid {
+			Some(scid) => NextMessageHop::ShortChannelId(scid),
+			None => NextMessageHop::NodeId(*pubkey),
+		})
+		.map(|next_hop| ControlTlvs::Forward(ForwardTlvs { next_hop, next_blinding_override: None }))
 		.chain(core::iter::once(ControlTlvs::Receive(ReceiveTlvs { path_id: None })));
 
-	utils::construct_blinded_hops(secp_ctx, unblinded_path.iter(), blinded_tlvs, session_priv)
+	utils::construct_blinded_hops(secp_ctx, pks, tlvs, session_priv)
 }
 
 // Advance the blinded onion message path by one hop, so make the second hop into the new

lightning/src/blinded_path/mod.rs

@@ -10,7 +10,7 @@
 //! Creating blinded paths and related utilities live here.
 
 pub mod payment;
-pub(crate) mod message;
+pub mod message;
 pub(crate) mod utils;
 
 use bitcoin::secp256k1::{self, PublicKey, Secp256k1, SecretKey};
@@ -21,6 +21,7 @@ use crate::offers::invoice::BlindedPayInfo;
 use crate::routing::gossip::{NodeId, ReadOnlyNetworkGraph};
 use crate::sign::EntropySource;
 use crate::util::ser::{Readable, Writeable, Writer};
+use crate::util::scid_utils;
 
 use crate::io;
 use crate::prelude::*;
@@ -124,7 +125,7 @@ impl BlindedPath {
 	pub fn one_hop_for_message<ES: Deref, T: secp256k1::Signing + secp256k1::Verification>(
 		recipient_node_id: PublicKey, entropy_source: ES, secp_ctx: &Secp256k1<T>
 	) -> Result<Self, ()> where ES::Target: EntropySource {
-		Self::new_for_message(&[recipient_node_id], entropy_source, secp_ctx)
+		Self::new_for_message(&[], recipient_node_id, entropy_source, secp_ctx)
 	}
 
 	/// Create a blinded path for an onion message, to be forwarded along `node_pks`. The last node
@@ -133,17 +134,21 @@ impl BlindedPath {
 	/// Errors if no hops are provided or if `node_pk`(s) are invalid.
 	//  TODO: make all payloads the same size with padding + add dummy hops
 	pub fn new_for_message<ES: Deref, T: secp256k1::Signing + secp256k1::Verification>(
-		node_pks: &[PublicKey], entropy_source: ES, secp_ctx: &Secp256k1<T>
+		intermediate_nodes: &[message::ForwardNode], recipient_node_id: PublicKey,
+		entropy_source: ES, secp_ctx: &Secp256k1<T>
 	) -> Result<Self, ()> where ES::Target: EntropySource {
-		if node_pks.is_empty() { return Err(()) }
+		let introduction_node = IntroductionNode::NodeId(
+			intermediate_nodes.first().map_or(recipient_node_id, |n| n.node_id)
+		);
 		let blinding_secret_bytes = entropy_source.get_secure_random_bytes();
 		let blinding_secret = SecretKey::from_slice(&blinding_secret_bytes[..]).expect("RNG is busted");
-		let introduction_node = IntroductionNode::NodeId(node_pks[0]);
 
 		Ok(BlindedPath {
 			introduction_node,
 			blinding_point: PublicKey::from_secret_key(secp_ctx, &blinding_secret),
-			blinded_hops: message::blinded_hops(secp_ctx, node_pks, &blinding_secret).map_err(|_| ())?,
+			blinded_hops: message::blinded_hops(
+				secp_ctx, intermediate_nodes, recipient_node_id, &blinding_secret,
+			).map_err(|_| ())?,
 		})
 	}
 
@@ -213,6 +218,35 @@ impl BlindedPath {
 			},
 		}
 	}
+
+	/// Attempts to a use a compact representation for the [`IntroductionNode`] by using a directed
+	/// short channel id from a channel in `network_graph` leading to the introduction node.
+	///
+	/// While this may result in a smaller encoding, there is a trade off in that the path may
+	/// become invalid if the channel is closed or hasn't been propagated via gossip. Therefore,
+	/// calling this may not be suitable for long-lived blinded paths.
+	pub fn use_compact_introduction_node(&mut self, network_graph: &ReadOnlyNetworkGraph) {
+		if let IntroductionNode::NodeId(pubkey) = &self.introduction_node {
+			let node_id = NodeId::from_pubkey(pubkey);
+			if let Some(node_info) = network_graph.node(&node_id) {
+				if let Some((scid, channel_info)) = node_info
+					.channels
+					.iter()
+					.filter_map(|scid| network_graph.channel(*scid).map(|info| (*scid, info)))
+					.min_by_key(|(scid, _)| scid_utils::block_from_scid(*scid))
+				{
+					let direction = if node_id == channel_info.node_one {
+						Direction::NodeOne
+					} else {
+						debug_assert_eq!(node_id, channel_info.node_two);
+						Direction::NodeTwo
+					};
+					self.introduction_node =
+						IntroductionNode::DirectedShortChannelId(direction, scid);
+				}
+			}
+		}
+	}
 }
 
 impl Writeable for BlindedPath {

lightning/src/blinded_path/payment.rs

@@ -1,3 +1,12 @@
+// This file is Copyright its original authors, visible in version control
+// history.
+//
+// This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
+// or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// You may not use this file except in accordance with one or both of these
+// licenses.
+
 //! Data structures and methods for constructing [`BlindedPath`]s to send a payment over.
 //!
 //! [`BlindedPath`]: crate::blinded_path::BlindedPath

lightning/src/ln/channel.rs

@@ -1403,7 +1403,7 @@ pub(super) struct ChannelContext<SP: Deref> where SP::Target: SignerProvider {
 	/// Either the height at which this channel was created or the height at which it was last
 	/// serialized if it was serialized by versions prior to 0.0.103.
 	/// We use this to close if funding is never broadcasted.
-	channel_creation_height: u32,
+	pub(super) channel_creation_height: u32,
 
 	counterparty_dust_limit_satoshis: u64,
 

lightning/src/ln/channelmanager.rs

@@ -32,6 +32,7 @@ use bitcoin::secp256k1::Secp256k1;
 use bitcoin::{secp256k1, Sequence};
 
 use crate::blinded_path::{BlindedPath, NodeIdLookUp};
+use crate::blinded_path::message::ForwardNode;
 use crate::blinded_path::payment::{Bolt12OfferContext, Bolt12RefundContext, PaymentConstraints, PaymentContext, ReceiveTlvs};
 use crate::chain;
 use crate::chain::{Confirm, ChannelMonitorUpdateStatus, Watch, BestBlock};
@@ -8996,8 +8997,16 @@ where
 
 		let peers = self.per_peer_state.read().unwrap()
 			.iter()
-			.filter(|(_, peer)| peer.lock().unwrap().latest_features.supports_onion_messages())
-			.map(|(node_id, _)| *node_id)
+			.map(|(node_id, peer_state)| (node_id, peer_state.lock().unwrap()))
+			.filter(|(_, peer)| peer.latest_features.supports_onion_messages())
+			.map(|(node_id, peer)| ForwardNode {
+				node_id: *node_id,
+				short_channel_id: peer.channel_by_id
+					.iter()
+					.filter(|(_, channel)| channel.context().is_usable())
+					.min_by_key(|(_, channel)| channel.context().channel_creation_height)
+					.and_then(|(_, channel)| channel.context().get_short_channel_id()),
+			})
 			.collect::<Vec<_>>();
 
 		self.router