[RFC] Add BOLT 12 payer proof primitives#4297
[RFC] Add BOLT 12 payer proof primitives#4297vincenzopalazzo wants to merge 6 commits intolightningdevkit:mainfrom
Conversation
|
👋 Thanks for assigning @jkczyz as a reviewer! |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #4297 +/- ##
==========================================
+ Coverage 86.20% 87.07% +0.87%
==========================================
Files 160 164 +4
Lines 107545 110162 +2617
Branches 107545 110162 +2617
==========================================
+ Hits 92707 95927 +3220
+ Misses 12214 11706 -508
+ Partials 2624 2529 -95
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
TheBlueMatt
left a comment
TheBlueMatt
left a comment
There was a problem hiding this comment.
A few notes, though I didn't dig into the code at a particularly low level.
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
2 times, most recently
from
2324361 to
9f84e19
Compare
Add a Rust CLI tool that generates and verifies test vectors for BOLT 12 payer proofs as specified in lightning/bolts#1295. The tool uses the rust-lightning implementation from lightningdevkit/rust-lightning#4297. Features: - Generate deterministic test vectors with configurable seed - Verify test vectors from JSON files - Support for basic proofs, proofs with notes, and invalid test cases - Uses refund flow for explicit payer key control Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
🔔 1st Reminder Hey @valentinewallace! This PR has been waiting for your review. |
TheBlueMatt
left a comment
TheBlueMatt
left a comment
There was a problem hiding this comment.
Some API comments. I'll review the actual code somewhat later (are we locked on on the spec or is it still in flux at all?), but would be nice to reduce allocations in it first anyway.
|
🔔 2nd Reminder Hey @valentinewallace! This PR has been waiting for your review. |
|
🔔 1st Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 2nd Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 4th Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 5th Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 6th Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 7th Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 8th Reminder Hey @jkczyz! This PR has been waiting for your review. |
|
🔔 9th Reminder Hey @jkczyz! This PR has been waiting for your review. |
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
5 times, most recently
from
fb8c68c to
9ad5c35
Compare
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
2 times, most recently
from
b52a5f3 to
c836395
Compare
|
Thanks @jkczyz I should have addressed everything that you asked me! |
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
1 similar comment
|
🔔 1st Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
|
🔔 2nd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
1 similar comment
|
🔔 2nd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
1 similar comment
|
🔔 3rd Reminder Hey @TheBlueMatt @jkczyz! This PR has been waiting for your review. |
lightning/src/offers/merkle.rs
Outdated
| } | ||
| } | ||
|
|
||
| missing_with_types.sort_by_key(|(min_type, _)| *min_type); |
There was a problem hiding this comment.
There was a problem hiding this comment.
Yeah, we iterate with Rusty over the spec (probably the diff was introduced inside the last fixup), and I already implemented it vincenzopalazzo#85
I shared it with @jkczyz because I was able to reduce some allocation by avoiding recursion, but assuming the DFS visit order will not allow me to simplify the code further, so some allocation remains.
For this reason, I kept it as a separate PR on my branch to avoid introducing big changes to code that is kind of in good shape.
So, wondering what your thoughts are on this, I was thinking that since there is no user of this API, we could make a follow-up PR during the beta?
There was a problem hiding this comment.
No, I don't think we should land something that's wrong just because the code has been looked at some - let's fix it and get it right.
There was a problem hiding this comment.
Ok, fixing your early review and merging my PR by keeping the change in a different commit that will make it easy to review only the part changed
Move the invoice/refund payer key derivation logic into reusable helpers so payer proofs can derive the same signing keys without duplicating the metadata and signer flow.
Add the payer proof types, selective disclosure merkle support, parsing, and tests for constructing and validating BOLT 12 payer proofs from invoices.
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
from
24f97b7 to
c62ce8b
Compare
Rename the old PaidBolt12Invoice enum to Bolt12InvoiceType, move it out of events, and update outbound payment plumbing to store the renamed invoice type directly.
Encapsulate invoice, preimage, and nonce in PaidBolt12Invoice and surface it in PaymentSent. Rework builder to return UnsignedPayerProof with SignFn/sign_message integration, use encode_tlv_stream! for serialization, move helpers to DisclosedFields methods, and address naming conventions and TLV validation feedback. Co-Authored-By: Jeffrey Czyz <jkczyz@gmail.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
3 times, most recently
from
9f488d7 to
7468188
Compare
|
Ok, I should have addressed all the review comments of @TheBlueMatt, and I also pushed the changes that are in sync with the last update of the spec, including the test vectors that are not landed inside the spec. I left them as two separate commits for easy review. I tried to minimise the allocation as much as I could, but now the order of the missing hashes is based on DFS traversal, and this introduces some allocation here and there |
lightning/src/offers/payer_proof.rs
Outdated
| assert_eq!( | ||
| proof.to_string(), | ||
| vector.bech32, | ||
| "{}: bech32 mismatch", | ||
| vector.name | ||
| ); | ||
| } |
There was a problem hiding this comment.
The spec vector test verifies encoding (produce proof → compare bech32 output) but never verifies decoding (parse the expected bech32 string → verify fields). This is the most valuable test for cross-implementation interoperability: if another implementation produces a payer proof matching the spec vector bech32, you need to confirm your parser can consume it.
Consider adding decoding verification for each vector:
| assert_eq!( | |
| proof.to_string(), | |
| vector.bech32, | |
| "{}: bech32 mismatch", | |
| vector.name | |
| ); | |
| } | |
| assert_eq!( | |
| proof.to_string(), | |
| vector.bech32, | |
| "{}: bech32 mismatch", | |
| vector.name | |
| ); | |
| // Verify the decode path also works with the spec vector bech32 string. | |
| let decoded = PayerProof::from_bech32_str(vector.bech32) | |
| .unwrap_or_else(|e| panic!("{}: bech32 decode failed: {:?}", vector.name, e)); | |
| assert_eq!(decoded.preimage(), proof.preimage(), "{}: decoded preimage mismatch", vector.name); | |
| assert_eq!(decoded.merkle_root(), proof.merkle_root(), "{}: decoded merkle_root mismatch", vector.name); | |
| assert_eq!(decoded.payer_id(), proof.payer_id(), "{}: decoded payer_id mismatch", vector.name); |
lightning/src/offers/merkle.rs
Outdated
| // The spec example only shows 3, but that appears to be incomplete | ||
| // (missing hash for type 60). Our implementation should produce 4. |
There was a problem hiding this comment.
This comment claims disagreement with the spec ("The spec example only shows 3, but that appears to be incomplete"), but the new check_against_spec_vectors test in payer_proof.rs now passes against official BOLT 12 test vectors — which means the implementation matches the current spec. This comment is now outdated/misleading and should be updated or removed to avoid confusing future readers into thinking there's a known spec divergence.
Note: this is a synthetic test with different TLV types than the spec vectors, so the "4 missing hashes" assertion here is correct for this tree structure. The comment about spec disagreement is what's stale.
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
from
8202ad0 to
3a500c8
Compare
|
@vincenzopalazzo Not sure what happened to the branch, but it looks like a lot of the earlier fixes have been dropped. Is it related to #4297 (comment)? |
Don't require payer proof missing hashes to remain TLV-sorted now that the spec uses DFS traversal order. (cherry picked from commit 334bb05)
Embed the latest payer proof vectors and keep the test harness aligned with the current unsigned builder and signing flow. (cherry picked from commit 3a500c8)
vincenzopalazzo
force-pushed
the
macros/proof-of-payment-bolt12-spec
branch
from
3a500c8 to
564682f
Compare
|
Thanks for the catch @jkczyz need to remind myself not to work with git magic command late at night, so I should have restored the old history with the changes requested in the last review from you and Matt. Thanks! |
|
🔔 4th Reminder Hey @jkczyz! This PR has been waiting for your review. |
6 participants
This is a first draft implementation of the payer proof extension to BOLT 12 as proposed in lightning/bolts#1295. The goal is to get early feedback on the API design before the spec is finalized.
Payer proofs allow proving that a BOLT 12 invoice was paid by demonstrating possession of:
This PR adds the core building blocks:
This is explicitly a PoC to validate the API surface - the spec itself is still being refined. Looking for feedback on:
cc @TheBlueMatt @jkczyz