|
@ -7,17 +7,17 @@ |
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
/* BOLT #3:
|
|
|
* |
|
|
* |
|
|
* ### `localkey`, `remotekey`, `local_htlckey`, `remote_htlckey`, `local_delayedkey` and `remote_delayedkey` Derivation |
|
|
* ### `localpubkey`, `remotepubkey`, `local_htlcpubkey`, `remote_htlcpubkey`, `local_delayedpubkey`, and `remote_delayedpubkey` Derivation |
|
|
* |
|
|
* |
|
|
* These keys are simply generated by addition from their base points: |
|
|
* These pubkeys are simply generated by addition from their base points: |
|
|
* |
|
|
* |
|
|
* pubkey = basepoint + SHA256(per_commitment_point || basepoint) * G |
|
|
* pubkey = basepoint + SHA256(per_commitment_point || basepoint) * G |
|
|
* |
|
|
* |
|
|
* The `localkey` uses the local node's `payment_basepoint`, `remotekey` |
|
|
* The `localpubkey` uses the local node's `payment_basepoint`; the |
|
|
* uses the remote node's `payment_basepoint`, the `local_delayedkey` |
|
|
* `remotepubkey` uses the remote node's `payment_basepoint`; the |
|
|
* uses the local node's `delayed_payment_basepoint`, the `local_htlckey` |
|
|
* `local_delayedpubkey` uses the local node's `delayed_payment_basepoint`; the |
|
|
* uses the local node's `htlc_basepoint` and the `remote_delayedkey` uses |
|
|
* `local_htlcpubkey` uses the local node's `htlc_basepoint`; and the |
|
|
* the remote node's `delayed_payment_basepoint`. |
|
|
* `remote_delayedpubkey` uses the remote node's `delayed_payment_basepoint`. |
|
|
*/ |
|
|
*/ |
|
|
bool derive_simple_key(const struct pubkey *basepoint, |
|
|
bool derive_simple_key(const struct pubkey *basepoint, |
|
|
const struct pubkey *per_commitment_point, |
|
|
const struct pubkey *per_commitment_point, |
|
@ -53,11 +53,11 @@ bool derive_simple_key(const struct pubkey *basepoint, |
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
/* BOLT #3:
|
|
|
* |
|
|
* |
|
|
* The corresponding private keys can be derived similarly if the basepoint |
|
|
* The corresponding private keys can be similarly derived, if the basepoint |
|
|
* secrets are known (i.e., `localkey`, `local_htlckey` and `local_delayedkey` |
|
|
* secrets are known (i.e. the private keys corresponding to `localpubkey`, |
|
|
* only): |
|
|
* `local_htlcpubkey`, and `local_delayedpubkey` only): |
|
|
* |
|
|
* |
|
|
* secretkey = basepoint_secret + SHA256(per_commitment_point || basepoint) |
|
|
* privkey = basepoint_secret + SHA256(per_commitment_point || basepoint) |
|
|
*/ |
|
|
*/ |
|
|
bool derive_simple_privkey(const struct secret *base_secret, |
|
|
bool derive_simple_privkey(const struct secret *base_secret, |
|
|
const struct pubkey *basepoint, |
|
|
const struct pubkey *basepoint, |
|
@ -93,22 +93,23 @@ bool derive_simple_privkey(const struct secret *base_secret, |
|
|
|
|
|
|
|
|
/* BOLT #3:
|
|
|
/* BOLT #3:
|
|
|
* |
|
|
* |
|
|
* The `revocationkey` is a blinded key: when a node wishes to create a new |
|
|
* The `revocationpubkey` is a blinded key: when the local node wishes to |
|
|
* commitment for a remote node, it uses its own `revocation_basepoint` and |
|
|
* create a new commitment for the remote node, it uses its own |
|
|
* the remote node's `per_commitment_point` to derive a new `revocationkey` |
|
|
* `revocation_basepoint` and the remote node's `per_commitment_point` to |
|
|
* for the commitment. Once the remote node reveals (thereby revoking that |
|
|
* derive a new `revocationpubkey` for the commitment. After the remote node |
|
|
* commitment) the `per_commitment_secret` used, the node can now derive the |
|
|
* reveals the `per_commitment_secret` used (thereby revoking that |
|
|
* `revocationsecretkey` as they now know the two secrets necessary to derive |
|
|
* commitment), the local node can then derive the `revocationprivkey`, as it |
|
|
* the key (`revocation_basepoint_secret` and `per_commitment_secret`). |
|
|
* now knows the two secrets necessary to derive the key |
|
|
|
|
|
* (`revocation_basepoint_secret` and `per_commitment_secret`). |
|
|
* |
|
|
* |
|
|
* The `per_commitment_point` is generated using EC multiplication: |
|
|
* The `per_commitment_point` is generated using elliptic-curve multiplication: |
|
|
* |
|
|
* |
|
|
* per_commitment_point = per_commitment_secret * G |
|
|
* per_commitment_point = per_commitment_secret * G |
|
|
* |
|
|
* |
|
|
* And this is used to derive the revocation key from the remote node's |
|
|
* And this is used to derive the revocation pubkey from the remote node's |
|
|
* `revocation_basepoint`: |
|
|
* `revocation_basepoint`: |
|
|
* |
|
|
* |
|
|
* revocationkey = revocation_basepoint * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_point*SHA256(per_commitment_point || revocation_basepoint) |
|
|
* revocationpubkey = revocation_basepoint * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_point * SHA256(per_commitment_point || revocation_basepoint) |
|
|
*/ |
|
|
*/ |
|
|
bool derive_revocation_key(const struct pubkey *basepoint, |
|
|
bool derive_revocation_key(const struct pubkey *basepoint, |
|
|
const struct pubkey *per_commitment_point, |
|
|
const struct pubkey *per_commitment_point, |
|
@ -177,7 +178,7 @@ bool derive_revocation_key(const struct pubkey *basepoint, |
|
|
* The corresponding private key can be derived once the `per_commitment_secret` |
|
|
* The corresponding private key can be derived once the `per_commitment_secret` |
|
|
* is known: |
|
|
* is known: |
|
|
* |
|
|
* |
|
|
* revocationsecretkey = revocation_basepoint_secret * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_secret*SHA256(per_commitment_point || revocation_basepoint) |
|
|
* revocationprivkey = revocation_basepoint_secret * SHA256(revocation_basepoint || per_commitment_point) + per_commitment_secret * SHA256(per_commitment_point || revocation_basepoint) |
|
|
*/ |
|
|
*/ |
|
|
bool derive_revocation_privkey(const struct secret *base_secret, |
|
|
bool derive_revocation_privkey(const struct secret *base_secret, |
|
|
const struct secret *per_commitment_secret, |
|
|
const struct secret *per_commitment_secret, |
|
|