Skip to content

Instantly share code, notes, and snippets.

@t-bast

t-bast/trampoline-error.md

Created June 10, 2020 15:55
Show Gist options
  • Save t-bast/598c4295e8112863fa4b179e6c898c25 to your computer and use it in GitHub Desktop.
Save t-bast/598c4295e8112863fa4b179e6c898c25 to your computer and use it in GitHub Desktop.
Download ZIP
Description of trampoline error encryption/decryption
Raw
trampoline-error.md

Trampoline error encryption

Trampoline nodes apply the same error-wrapping mechanism that's used for normal onions at the trampoline onion level. That means there's simply two layers of error wrapping.

Notations

We note ss(Alice, Bob) the shared secret between Alice and Bob for the outer onion encryption, and tss(Alice, Bob) the shared secret between Alice and Bob for the trampoline onion encryption.

Error before first trampoline

  +---> N1 ---> N2 (error)
  |
Alice
  • Alice receives wrap(ss(Alice,N1), wrap(ss(Alice,N2), error))
  • She discovers N2 is the failing node by unwrapping with outer onion shared secrets

Error between trampoline nodes

  +---> N1 ---> N2 ---++---> M1 ---++---> E1 ---> E2 (error)
  |                   ||           ||
Alice                 T1           T2
  • T2 receives wrap(ss(T2,E1),wrap(ss(T2,E2), error))
  • T2 discovers E2 is the failing node by unwrapping with outer onion shared secrets, and can transform this error to the error that makes the most sense to return to the payer, and wraps it with the trampoline shared secret and then the outer onion shared secret: wrap(ss(T1,T2), wrap(tss(Alice,T2), error))
  • T1 receives wrap(ss(T1, M1), wrap(ss(T1,T2), wrap(tss(Alice,T2), error)))
  • After unwrapping with the outer onion shared secrets it obtains: wrap(tss(Alice,T2), error) It cannot decrypt further, so it adds its own two layers of wrapping and forwards upstream wrap(ss(Alice,T1), wrap(tss(Alice,T1), wrap(tss(Alice,T2), error)))
  • Alice receives wrap(ss(Alice,N1), wrap(ss(Alice,N2), wrap(ss(Alice,T1), wrap(tss(Alice,T1), wrap(tss(Alice,T2), error)))))
  • She unwraps with the outer onion secrets and obtains: wrap(tss(Alice,T1), wrap(tss(Alice,T2), error))
  • Since this is still not a plaintext error, she unwraps with the trampoline onion secrets and recovers error.

Error at a trampoline node

  +---> N1 ---> N2 ---++---> M1 ---+
  |                   ||           |
Alice                 T1           T2 (error)
  • T2 creates a local error and wraps it: wrap(ss(T1,T2), wrap(tss(Alice,T2), error))
  • T1 receives wrap(ss(T1, M1), wrap(ss(T1,T2), wrap(tss(Alice,T2), error)))
  • After unwrapping with the outer onion shared secrets it obtains: wrap(tss(Alice,T2), error) It cannot decrypt further, so it adds its own two layers of wrapping and forwards upstream wrap(ss(Alice,T1), wrap(tss(Alice,T1), wrap(tss(Alice,T2), error)))
  • Alice receives wrap(ss(Alice,N1), wrap(ss(Alice,N2), wrap(ss(Alice,T1), wrap(tss(Alice,T1), wrap(tss(Alice,T2), error)))))
  • She unwraps with the outer onion secrets and obtains: wrap(tss(Alice,T1), wrap(tss(Alice,T2), error))
  • Since this is still not a plaintext error, she unwraps with the trampoline onion secrets and recovers error.

Unparsable error somewhere in the route

This works the same, each trampoline unwraps as much as it can then re-wraps. It will result in an unparsable error at Alice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment