routing: send payment metadata #5810
Conversation
record/hop.go
Outdated
|
|
||
| // MetadataOnionType is the type used in the onion for the payment | ||
| // metadata. | ||
| MetadataOnionType tlv.Type = 10 |
There was a problem hiding this comment.
@Roasbeef, I've created a draft PR to evaluate touch points. Do you want to go for this?
There was a problem hiding this comment.
Makes a ton of sense IMO, super useful for the AMP recurring case as well. Could also bundle it w/ the pubkey based routing stuff as well...
There was a problem hiding this comment.
Why is it useful for the AMP recurring case actually? The sending of metadata I get. This could be something like a donation comment. But what would be the purpose of embedding metadata in the payment request? Recurring payment senders would all pass through that same metadata, but what does the receiver learn from this that they didn't already know?
joostjager
force-pushed
the
payment-metadata
branch
from
396eca0
to
916ad5f
Compare
joostjager
force-pushed
the
payment-metadata
branch
2 times, most recently
from
904ce49
to
bc28d7e
Compare
| @@ -938,6 +938,7 @@ func (i *InvoiceRegistry) NotifyExitHopHtlc(rHash lntypes.Hash, | |||
| customRecords: payload.CustomRecords(), | |||
| mpp: payload.MultiPath(), | |||
| amp: payload.AMPRecord(), | |||
| metadata: payload.Metadata(), | |||
There was a problem hiding this comment.
What is missing here is that we are assuming that an invoice already exists. The goal of the new metadata field is to enable stateless invoices. In that case, there isn't an invoice yet. It is a kind of spontaneous payment (not really spontaneous - the receiver just 'forgot' the invoice), but the difference with keysend/amp is that the receiver is able to re-derive the preimage. The preimage can be used as proof of payment.
I am wondering what the options are to implement this. Will it be yet another payment type? Or is this the point where it becomes necessary to allow invoice registry plugins so that users can implement the logic themselves?
There was a problem hiding this comment.
LDK approach with this: lightningdevkit/rust-lightning#1171
There was a problem hiding this comment.
I am wondering what the options are to implement this. Will it be yet another payment type
I think we can just use the existing keysend flow here, which ends up inserting the the database, or using the existing AMP pattern to re-insert a new sub-invoice with a main tracking identifier. IIUC, with the proposal you'd still write the invoice to disk, but the "stateless" part is what lets you not have to remember the invoice until its paid?
There was a problem hiding this comment.
Alternatively, the existing HTLC interceptor logic can handle this as well assuming you have the invoice logic already living outside of lnd.
There was a problem hiding this comment.
I think "stateless" can be implemented in multiple ways, but doing a JIT insert similar to keysend seems definitely one of the options.
joostjager
force-pushed
the
payment-metadata
branch
from
ed27191
to
7b691dd
Compare
joostjager
force-pushed
the
payment-metadata
branch
from
7b691dd
to
13fe949
Compare
joostjager
force-pushed
the
payment-metadata
branch
from
13fe949
to
86a3c59
Compare
cmd/lncli/cmd_invoice.go
Outdated
| @@ -26,6 +26,11 @@ var addInvoiceCommand = cli.Command{ | |||
| Usage: "a description of the payment to attach along " + | |||
| "with the invoice (default=\"\")", | |||
| }, | |||
| cli.StringFlag{ | |||
| Name: "metadata", | |||
| Usage: "the hex-encoded metadata that will be sent " + | |||
There was a problem hiding this comment.
Why hex-encoded on the cli? Depending on the sort of values we're expecting here, I'd think that most people would just want to provide a string + have it hex-encoded on their behalf by the cli?
There was a problem hiding this comment.
I think it depends on what the purpose of the metadata is. With this PR, we can't reap the fruits of the metadata yet. It is only preparatory. Yes, we store the metadata in the invoice database upon receipt, but I don't think that is much different from just using description to store additional data locally.
A next step is to no longer store the invoices that we create in the invoice registry. Then when a payment comes in, we use the metadata in the tlv to construct and insert an invoice just-in-time. One of the things that metadata can contain is a preimage encrypted to ourselves.
In those kind of setups, I'd expect metadata to be structured, machine-readable data. Therefore the hex encoding.
| // PaymentMetadataRequired is a required bit that denotes that an | ||
| // invoice contains metadata that must be passed along with the payment | ||
| // htlc(s). | ||
| PaymentMetadataRequired = 48 |
There was a problem hiding this comment.
I saw there was some discussion in the spec PR about this, seems like the conclusion was to add the optional feature bit as well? Even if we're not going to use it, might be worth adding it here? (more confusing to not have it, than have it and not use it IMO)
There was a problem hiding this comment.
Added the optional feature bit.
The Eclair team is going to use this to get an idea of the proportion of senders that have upgraded to node software that supports metadata sending. They want to include some metadata with every invoice generated and then observe the incoming htlcs to see if it is echoed in tlv.
This is something for us to decide on too. Do we want to increase the size of every invoice slightly to include the marker metadata and the optional bit?
There was a problem hiding this comment.
I think its clearer to just have it there, rather than explain why it's not there.
This is something for us to decide on too. Do we want to increase the size of every invoice slightly to include the marker metadata and the optional bit?
Wouldn't this decision fall on implementors rather than lnd itself?
There was a problem hiding this comment.
With this PR as is, there is no way they can add that marker metadata.
joostjager
force-pushed
the
payment-metadata
branch
from
86a3c59
to
0ce379c
Compare
|
I've marked the last commits as Real receiver-side logic for stateless invoices needs more thinking, but at least with this PR we can start the upgrade process for senders. |
joostjager
force-pushed
the
payment-metadata
branch
2 times, most recently
from
e9585cd
to
c2fa9aa
Compare
joostjager
force-pushed
the
payment-metadata
branch
2 times, most recently
from
cb00b8f
to
f67bc51
Compare
|
Added test coverage |
joostjager
force-pushed
the
payment-metadata
branch
from
f67bc51
to
2ae37a0
Compare
zpay32/invoice_test.go
Outdated
| @@ -726,6 +751,10 @@ func TestDecodeEncode(t *testing.T) { | |||
| } | |||
|
|
|||
| if decodedInvoice != nil { | |||
| if test.implicitDest { | |||
There was a problem hiding this comment.
Add a comment to explain this? I'm not quite following
There was a problem hiding this comment.
Removed again. I discovered that there was already a mechanism for this with the beforeEncoding closure.
| // PaymentMetadataRequired is a required bit that denotes that an | ||
| // invoice contains metadata that must be passed along with the payment | ||
| // htlc(s). | ||
| PaymentMetadataRequired = 48 |
There was a problem hiding this comment.
I think its clearer to just have it there, rather than explain why it's not there.
This is something for us to decide on too. Do we want to increase the size of every invoice slightly to include the marker metadata and the optional bit?
Wouldn't this decision fall on implementors rather than lnd itself?
joostjager
force-pushed
the
payment-metadata
branch
2 times, most recently
from
3a656ce
to
1c34595
Compare
joostjager
force-pushed
the
payment-metadata
branch
from
1c34595
to
348b9ed
Compare
|
Rebased. As a reminder, this PR is a small change that unlocks interesting new ways to accept payments statelessly. It does require senders on the network to upgrade, which takes time. It would be great to include this in the next release. Other implementations are moving too: ElementsProject/lightning#5086 @carlaKC is this PR still on the safe side for the 0.15 cut and does it need another reviewer? |
|
@carlaKC: review reminder |
There was a problem hiding this comment.
Only thing I think this is missing is extending the InterceptedPacket type with the payment metadata field (as is since this isn't a "custom" record, it won't show up) to also add this field. With this addition, then the full "stateless" invoice concept can be fully realized with a custom HTLC interceptor.
| @@ -164,6 +164,17 @@ func writeTaggedFields(bufferBase32 *bytes.Buffer, invoice *Invoice) error { | |||
| } | |||
| } | |||
|
|
|||
| if invoice.Metadata != nil { | |||
| base32, err := bech32.ConvertBits(invoice.Metadata, 8, 5, true) | |||
There was a problem hiding this comment.
writeBytes32 can be used here instead.
There was a problem hiding this comment.
writeBytes32 always writes 32 bytes, where as the invoice metadata is variable length?
| @@ -938,6 +938,7 @@ func (i *InvoiceRegistry) NotifyExitHopHtlc(rHash lntypes.Hash, | |||
| customRecords: payload.CustomRecords(), | |||
| mpp: payload.MultiPath(), | |||
| amp: payload.AMPRecord(), | |||
| metadata: payload.Metadata(), | |||
There was a problem hiding this comment.
I am wondering what the options are to implement this. Will it be yet another payment type
I think we can just use the existing keysend flow here, which ends up inserting the the database, or using the existing AMP pattern to re-insert a new sub-invoice with a main tracking identifier. IIUC, with the proposal you'd still write the invoice to disk, but the "stateless" part is what lets you not have to remember the invoice until its paid?
| @@ -938,6 +938,7 @@ func (i *InvoiceRegistry) NotifyExitHopHtlc(rHash lntypes.Hash, | |||
| customRecords: payload.CustomRecords(), | |||
| mpp: payload.MultiPath(), | |||
| amp: payload.AMPRecord(), | |||
| metadata: payload.Metadata(), | |||
There was a problem hiding this comment.
Alternatively, the existing HTLC interceptor logic can handle this as well assuming you have the invoice logic already living outside of lnd.
joostjager
force-pushed
the
payment-metadata
branch
3 times, most recently
from
9fd64ab
to
52cecfa
Compare
I don't think this is needed. HTLCs can't be intercepted at the exit hop, so anything that is intercepted will be a forward. For external invoice handling, the intercepted forward will generally be to the exit hop. This means that the forwarding node, where the interceptor is connected to, won't be able to decrypt the payment metadata. It is still packed in the next hop payload in encrypted form and this payload is already available to the interceptor. |
joostjager
force-pushed
the
payment-metadata
branch
from
52cecfa
to
3730002
Compare
joostjager
force-pushed
the
payment-metadata
branch
from
3730002
to
62ae038
Compare
Ah true, and even if you used hop hints to have the node be seen as the penultimate hop to the sender, the payload itself is in the onion packet which is already available and can be decrypted by the interceptor if things are well formed. |
Implements lightning/bolts#912
Please attach comments to the most appropriate line of the diff (or a random line if none is appropriate), so that discussions remain threaded and can eventually be resolved.