akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lnwallet: revocation root generation is now based on a block hash + node key

Browse Source 
This commit modifies the prior revocation root generation to a newer
version which is intended to allow for easy recovery of revocation
state. Rather than using the node’s keys (which we can’t count on NOT
to change), we instead now use the block hash as a salt. With this,
given the block hash prior to the one that funded the channel, and the
node’s identity key, we can reconstruct our revocation state.
This commit is contained in:
Olaoluwa Osuntokun 2017-07-29 17:55:05 -07:00
parent 2408a3ddcf
commit 13404243cf
No known key found for this signature in database
GPG Key ID: 9CC5B105D03521A2
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lnwallet/script_utils.go
View File

@ -753,20 +753,20 @@ func DeriveRevocationPrivKey(commitPrivKey *btcec.PrivateKey,
} }
// DeriveRevocationRoot derives an root unique to a channel given the // DeriveRevocationRoot derives an root unique to a channel given the
// private key for our public key in the 2-of-2 multi-sig, and the remote // derivation root, and the blockhash that the funding process began at and the
// node's multi-sig public key. The seed is derived using the HKDF[1][2] // remote node's identity public key. The seed is derived using the HKDF[1][2]
// instantiated with sha-256. The secret data used is our multi-sig private // instantiated with sha-256. With this schema, once we know the block hash of
// key, with the salt being the remote node's public key. // the funding transaction, and who we funded the channel with, we can
// reconstruct all of our revocation state.
// //
// [1]: https://eprint.iacr.org/2010/264.pdf // [1]: https://eprint.iacr.org/2010/264.pdf
// [2]: https://tools.ietf.org/html/rfc5869 // [2]: https://tools.ietf.org/html/rfc5869
func DeriveRevocationRoot(derivationRoot *btcec.PrivateKey, func DeriveRevocationRoot(derivationRoot *btcec.PrivateKey,
localMultiSigKey *btcec.PublicKey, blockSalt chainhash.Hash, nodePubKey *btcec.PublicKey) chainhash.Hash {
remoteMultiSigKey *btcec.PublicKey) *chainhash.Hash {
secret := derivationRoot.Serialize() secret := derivationRoot.Serialize()
salt := localMultiSigKey.SerializeCompressed() salt := blockSalt[:]
info := remoteMultiSigKey.SerializeCompressed() info := nodePubKey.SerializeCompressed()
seedReader := hkdf.New(sha256.New, secret, salt, info) seedReader := hkdf.New(sha256.New, secret, salt, info)
@ -776,7 +776,7 @@ func DeriveRevocationRoot(derivationRoot *btcec.PrivateKey,
var root chainhash.Hash var root chainhash.Hash
seedReader.Read(root[:]) seedReader.Read(root[:])
return &root return root
} }
// SetStateNumHint encodes the current state number within the passed // SetStateNumHint encodes the current state number within the passed