高級
Blinded Paths 盲化路徑
了解閃電網路的盲化路徑機制,如何保護收款人隱私並防止支付路徑暴露。
12 分鐘
什麼是盲化路徑?
盲化路徑(Blinded Paths)是一種隱私技術,允許收款人隱藏其節點身份和 最後幾跳的路徑資訊。付款人只能看到路徑的起點(引入點), 無法知道實際的收款人位置。
收款人隱私: 傳統發票暴露收款人節點 ID,盲化路徑則完全隱藏。 即使付款人也無法確定誰是最終收款人。
工作原理
Blinded Path Mechanism
Traditional Routing vs Blinded Paths:
Traditional:
Sender → A → B → C → Receiver
↑
Exposed in invoice
Blinded:
Sender → A → B → [Blinded Zone]
↑ ╔═══════════════════╗
Introduction ║ C → Receiver ║
Point ║ (encrypted) ║
╚═══════════════════╝
Blinding Process (by receiver):
1. Select introduction point
• This is the last node visible to sender
2. Generate blinded data for each subsequent node:
• blinded_node_id = node_id * blinding_factor
• encrypted_data = encrypted routing info
3. Include blinded path in Offer/Invoice 密碼學基礎
Blinding Cryptography
ECDH Key Derivation (for each node i in path):
1. Blinding factor derivation:
e_i = SHA256(e_{i-1} || blinded_node_id_{i-1})
2. Blinded node ID:
blinded_node_id_i = node_id_i * e_i
3. Shared secret (ECDH):
ss_i = SHA256(e_i * node_id_i)
= SHA256(e_i * k_i * G)
= SHA256(k_i * blinded_node_id_i) <- node can compute
Encrypted Data (encrypted_data_i via ChaCha20-Poly1305):
Contents:
• padding: optional padding
• short_channel_id: next hop channel
• payment_relay: fee and timelock info
• payment_constraints: payment restrictions
• next_blinding_override: optional blinding factor override
Key: HKDF(ss_i, "blinded_path")
Nonce: 0 路徑結構
Blinded Path TLV Format blinded_path: ┌─────────────────────────────────────────────────────────────┐ │ introduction_node_id: 33 bytes │ │ Real node ID of introduction point │ │ │ │ blinding_point: 33 bytes │ │ Initial blinding point (for ECDH) │ │ │ │ blinded_hops: array │ │ [0] blinded_node_id: 33 bytes │ │ encrypted_data: variable │ │ [1] blinded_node_id: 33 bytes │ │ encrypted_data: variable │ │ [n] last one is receiver │ └─────────────────────────────────────────────────────────────┘ Sender's View: Visible: • introduction_node_id (can route to here) • Number of blinded hops • Total fee and timelock requirements Hidden: • Actual node IDs • Channel IDs • Receiver identity
中繼節點處理
How Nodes Process Blinded Payments Receiving Blinded Onion: Onion contains: • current_blinding_point • encrypted_data Node Processing Steps: 1. Compute shared secret: ss = SHA256(private_key * current_blinding_point) 2. Decrypt encrypted_data: key = HKDF(ss, "blinded_path") data = ChaCha20-Poly1305_Decrypt(encrypted_data, key) 3. Extract from decrypted data: • Next hop channel ID • Fee and timelock • Next blinding point (if override exists) 4. Compute next blinding point (default): next_blinding = SHA256(ss || current_blinding) * current 5. Forward payment to specified channel
BOLT12 整合
Blinded Paths in BOLT12 Blinded Paths in Offers: offer_paths: one or more blinded paths Buyer flow: 1. Receives Offer 2. Selects a blinded path 3. Sends invoice_request via that path Seller flow: 1. Receives request via blinded path 2. Generates Invoice (may also contain blinded paths) 3. Replies via onion message Multiple Blinded Paths - Benefits: • Redundancy: if one path fails, use another • Privacy: harder to correlate different requests • Availability: distribute load Example: offer_paths: - path_1: A -> [blinded] -> Receiver - path_2: B -> [blinded] -> Receiver - path_3: C -> [blinded] -> Receiver
隱私保護
付款人隱私
收款人只看到引入點,不知道付款人的真實位置或路徑。 洋蔥路由保護付款人身份。
收款人隱私
盲化路徑隱藏收款人節點和最後幾跳。 付款人無法知道誰是最終收款人。
中繼節點隱私
盲化區域的節點 ID 被隱藏,中繼節點無法識別彼此。
抗關聯性
每次使用不同盲化因子,相同路徑看起來不同, 防止跨支付關聯。
實現狀態
Implementation Support Status Core Lightning: [x] Full blinded path support [x] BOLT12 Offers integration [x] Onion message support # Create Offer with blinded path lightning-cli offer any "my offer" LND: [~] Partial support (in development) [~] Route blinding as forwarding node [ ] BOLT12 not fully supported yet Eclair: [x] Blinded path support [x] BOLT12 partial support [x] Used in Phoenix wallet LDK: [x] Blinded path construction [x] Blinded path parsing [x] BOLT12 support
路徑長度: 盲化路徑增加 payload 大小。建議限制盲化跳數在 2-3 跳, 平衡隱私和效率。
相關資源
下一步: 了解 BOLT12 Offers 如何使用盲化路徑提供隱私支付請求。
已複製連結