2

In the tagged fields of the BOLT 11, it is stated:

This 256-bit secret prevents forwarding nodes from probing the payment recipient.

When referring to the tagged field identified by the s key. Can someone ELI5 what's the intended use of this field?

Bilthon
  • 237
  • 1
  • 11

1 Answers1

2

The payment secret is used to make sure the amount the sender intends to pay is actually received by the recipient. It is encoded in the BOLT11 invoice, so only the sender and recipient of the payment know about it. The sender adds the payment secret to the onion payload (BOLT4) for the recipient. This way the recipient knows the payload was constructed by the sender and thus the amount was the intended amount.

If the payment secret would not be added in the onion payload, the forwarding node of the final hop could attempt to forward a smaller amount than intended by the sender. If the sender overpaid the invoice, for example because it was a zero amount invoice, the recipient would accept the payment and release the preimage. The forwarding node will have made the difference in a successful attack by 'probing' with a smaller amount.

Jesse de Wit
  • 136
  • 3
  • Interesting concept. However how can a node know it is forwarding the final hop of the payment in this scenario? – Bilthon Oct 28 '22 at 01:37
  • 1
    @Bilthon it can't from the payment itself. It would have to know that the peer is a common destination and that it uses zero amount invoices a lot for example. But it could attempt the smaller amount and if that fails attempt with the actual amount too. – Jesse de Wit Oct 28 '22 at 07:40