From c1a43a04af5abb76e7954bc8a509cd16c09b3479 Mon Sep 17 00:00:00 2001 From: ZmnSCPxj Date: Wed, 21 Mar 2018 15:19:31 +0000 Subject: [PATCH] payalgo: Be willing to overpay up to maxfeepercent, for privacy. This obscures how far an intermediate hop is from the ultimate payee, and also obscures slightly the exact payment value. Fixes: #1089 --- lightningd/payalgo.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/lightningd/payalgo.c b/lightningd/payalgo.c index 4a45af051..eca43deb7 100644 --- a/lightningd/payalgo.c +++ b/lightningd/payalgo.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -487,6 +488,8 @@ static bool json_pay_try(struct pay *pay) struct command *cmd = pay->cmd; struct timeabs now = time_now(); struct siphash_seed seed; + u64 maxoverpayment; + u64 overpayment; /* If too late anyway, fail now. */ if (time_after(now, pay->expiry)) { @@ -513,13 +516,28 @@ static bool json_pay_try(struct pay *pay) /* Generate random seed */ randombytes_buf(&seed, sizeof(seed)); + /* Generate an overpayment, from fuzz * maxfee. */ + /* Now normally the use of double for money is very bad. + * Note however that a later stage will ensure that + * we do not end up paying more than maxfeepercent + * of the msatoshi we intend to pay. */ + maxoverpayment = ((double) pay->msatoshi * pay->fuzz * pay->maxfeepercent) + / 100.0; + if (maxoverpayment > 0) { + /* We will never generate the maximum computed + * overpayment this way. Maybe OK for most + * purposes. */ + overpayment = pseudorand(maxoverpayment); + } else + overpayment = 0; + ++pay->getroute_tries; /* FIXME: use b11->routes */ req = towire_gossip_getroute_request(pay->try_parent, &cmd->ld->id, &pay->receiver_id, - pay->msatoshi, + pay->msatoshi + overpayment, pay->riskfactor, pay->min_final_cltv_expiry, &pay->fuzz,