routing: Support Pathfinding to Blinded Routes

[carlaKC]

Change Description

This PR surfaces the ability to create routes to blinded path via the QueryRoutes api. It takes the approach of expressing a blinded path as a chain of hop hints, and backfills all the fields required for blinded payments in a second pass.

Fixes #7200.
Depends on lightning-onion/57.

Steps to Test - LDK

Setup the following network + channels using my branch of ldk-sample: LND --- LDK0 --- LDK1

Create an invoice on LDK1:

• getinvoice (amt) (expiry seconds) -> lnr...
• lncli decodepayreq lnr... -> get payment hash, payment addr and cltv delta

Create a blinded path to LDK1 using tests:

• Checkout my branch of rust-lightning and open lightning/src/blinded_path/test.rs
• Update the following variables:
  • introduction_node = LDK0 pubkey
  • blinded_node = LDK1 pubkey
  • payment_secret = payment addr from invoice
  • channel_id = channel connecting LDK0 --> LDK1
• Run the test using cargo test -- --nocapture test_blinded_path -> this will print out a blinded path.

Pay the blinded path via LND:

lncli queryroutes 
--introduction_point={cleartext_introduction_node_id} 
--blinding_point={blinding_point} 
--blinded_hops={blinded_introduction_node}:{introduction_node_data}
--blinded_hops={blinded_node}:{blinded_node_data}
--blinded_cltv= 120 + {invoice_cltv_delta}
--amt={invoice_amount} |
 lncli sendtoroute --payment_hash={payment_hash} -

The payment should succeed!

Footguns:

• CLTV: make sure to add the delta in the LDK invoice to the value provided in the blinded path (which is just hardcoded to 120).
• Payment address: needs to be unique per-payment (for LDK reasons), so you have to regenerate every time.

Steps to Test - CLN

(this way is harder IMO, but was originally included in the PR description).

Since LND doesn't _produce_ blinded routes or forward blinded payments, you'll need the following setup: `Alice (LND) --- Bob(CLN) --- Carol (CLN) --privatechan-- Dave(CL)`

Run all CLN nodes in developer mode with: --experimental-offers --dev-fast-gossip.

You want an invoice with a blinded path, to do this you can create an offer and then fetch the raw invoice:

• cl-dave offer 1000 test -> lno... is your offer
• cl-carol fetchinvoice lno... -> lni.... is your invoice
• cl-carol decode lni... -> This will give blinded hops/data etc.

You can then pay the blinded invoice from LND:

lncli queryroutes --introduction_point={cleartext_introduction_node_id} --blinding_point={blinding_point} --blinded_hops={blinded_introduction_node}:{introduction_node_data} --blinded_cltv={blinded_route_total_cltv} --amt={invoice_amount} | lncli sendtoroute --payment_hash={payment_hash} -

CLN only creates a blinded path when the node has private channels, and otherwise will just create an invoice with the receiving node as the introduction node. To test different variations of blinded paths:

• With blinded hop: create offer on Dave and fetch with Carol
• With just introduction hop: create offer on Carol and fetch with Bob

[carlaKC]

Opening this PR early to get feedback on the approach 🙏 As we open up more PRs for route blinding, this should be easier to test and form a more coherent piece of work.

[bjarnemagnussen]

Just leaving some smaller comments for things I fell over while taking a glimpse at it.

[bitromortac]

Looks very good on first pass 🚀, great work on introducing all the essential onion building blocks for blinded routes!
I think that there may be some overlap with #6920 (this is @joostjager's idea to unify route construction by letting pathfinding do all the work and to remove newRoute, potentially it would be worth it to land this first) and #6934 (inbound fee sending support).

[carlaKC]

Thanks for taking a look! Rebased on master, addressed comments and updated to the latest and greatest lightning-onion version.

think that there may be some overlap with #6920 (this is @joostjager's idea to unify route construction by letting pathfinding do all the work and to remove newRoute

I'm reticent to make this a dependency of the refactor (since the forwarding PR already depends on this), but I'll keep track of it + rebase as required!

[ziggie1984]

Awesome work Carla, feels close to have Route-Blinding in LND :) 🚀

[carlaKC]

Please give me a shout when this needs a rebase!
Seems unnecessarily noisy to rebase on docs/protos so I'm going to leave as-is for now.

[yyforyongyu]

let's rebase and merge? cc @guggero

[lightninglabs-deploy]

@ellemouton: review reminder
@bitromortac: review reminder
@carlaKC, remember to re-request review from reviewers when ready

[bitromortac]

Sorry about that late question. If a blinded payment fails within the blinded portion of the route, the error will be converted to a normal error by the introduction node if I understand correctly, which means that they will be seen as the node to blame. I think that this could lead to a decreased incentive for routers to support route blinding. Perhaps instead we would like to only penalize a node pair within the blinded route such that we keep the node probability of the introduction node untouched, which would avoid to send to the same blinded route again as well. I could open an issue for follow-up discussions if my assumptions are correct.

[carlaKC]

the error will be converted to a normal error by the introduction node if I understand correctly, which means that they will be seen as the node to blame. I think that this could lead to a decreased incentive for routers to support route blinding.

Yeah def! I owe ya'll a quick mission control follow up for this PR (discussed somewhere in here but I've lost it in the comments). Been thinking about this more and I think that it makes sense to penalize every node after the introduction node:

• Intro node has no incentive to "fake blame" everyone else because they are not permanently affected (since they're blinded), and the intro getting paid depends on the blinded route.
• That will have the effect of discounting the blinded path (which starts to matter when we have multiple blinded paths) as you note!

Update: totally forgot I made an issue for this: #7882