rust-lightning icon indicating copy to clipboard operation
rust-lightning copied to clipboard

Published 20 hours ago verified publisher icon lightningdevkit

BOLT12 support for Fedimint

Open jkczyz opened this issue 9 months ago • 0 comments

This issue tracks LDK changes needed to add BOLT12 in Fedimint, which has the following requirements:

  • Use a federation-provided payment_hash when creating a Bolt12Invoice
  • Use the federation pubkey for the signing_pubkey
  • Sign InvoiceRequest (outbound payment) and Bolt12Invoice (inbound payment) with a threshold signature
  • TODO: HTLC interception -- is this a requirement still?

The above requirements are currently a work in progress and only addresses receiving. It is mostly based on https://github.com/fedimint/fedimint/discussions/1507.

Below describes the current BOLT12 support in ChannelManager and what may be needed for Fedimint support.

Payment Hash

The OffersMessageHandler implementation for ChannelManager constructs a payment_hash and payment_secret for the Bolt12Invoice and it's blinded payment paths, respectively. It does so using ChannelManager::create_inbound_payment. To support using a federation-provided payment_hash instead, ChannelManager::create_inbound_payment_for_hash needs to be called with the provided payment_hash instead. The mechanism for doing so is TBD.

Federation pubkey

An InvoiceRequest for an Offer created via ChannelManager::create_offer_builder can be handled by the OffersMessageHandler implementation for ChannelManager. Currently, this requires using a transient signing_pubkey and a blinded path in the Offer. If the latter requirement is relaxed, then a given node_id may be used for the signing_pubkey instead of a transient one. The InvoiceRequest can still be verified but the privacy provided by the transient signing_pubkey and blinded path is lost. Changes would be needed in OfferBuilder to support using a static signing_pubkey (i.e., the federation pubkey) and blinded paths, if that is desired.

Threshold signatures

When signing a Bolt12Invoice, the OffersMessageHandler implementation for ChannelManager will either sign by re-deriving the key-pair used for the transient signing_pubkey or call NodeSigner::sign_bolt12_invoice for a static signing_pubkey. Fedimint would need to use the latter, but as noted above, the blinded path requirement in ChannelManager::create_offer_builder would need to be relaxed to support this.

jkczyz avatar May 14 '24 21:05 jkczyz