Hacked up a "constant message size" change for CLN, inspired by https://github.com/lightning/bolts/pull/1304
There have been a number is papers showing how trivial it is for someone with a network view to identify which messages are Lightning payments. The first mitigation is to make the TCP packet sizes identical (the rest have to do with timings, but this is a prerequisite).
The approach here is wrong: you need to attack it lower level than message construction. You need it post-encryption where you do the write(). Fortunately, we have explicit padding messages for this in the spec! Pings which do not elicit a reply.
But testing is vital: it's easy to slip up and have weird packet sizes slip though and leak all your info even though everything "works fine"!
Rusty Russell
npub179…elz4s
2026-01-14 21:30:06 UTC
Author Public Key
npub179e9tp4yqtqx4myp35283fz64gxuzmr6n3yxnktux5pnd5t03eps0elz4sPublished at
2026-01-14 21:30:06 UTCEvent JSON
{
"id": "046cde723de203e9f942f253aaa5d6e01d3b20ea23738be7a1579b07cb586ce6",
"pubkey": "f1725586a402c06aec818d1478a45aaa0dc16c7a9c4869d97c350336d16f8e43",
"created_at": 1768426206,
"kind": 1,
"tags": [
[
"alt",
"A short note: Hacked up a \"constant message size\" change for CLN..."
],
[
"r",
"https://github.com/lightning/bolts/pull/1304"
]
],
"content": "Hacked up a \"constant message size\" change for CLN, inspired by https://github.com/lightning/bolts/pull/1304\n\nThere have been a number is papers showing how trivial it is for someone with a network view to identify which messages are Lightning payments. The first mitigation is to make the TCP packet sizes identical (the rest have to do with timings, but this is a prerequisite).\n\nThe approach here is wrong: you need to attack it lower level than message construction. You need it post-encryption where you do the write(). Fortunately, we have explicit padding messages for this in the spec! Pings which do not elicit a reply.\n\nBut testing is vital: it's easy to slip up and have weird packet sizes slip though and leak all your info even though everything \"works fine\"! ",
"sig": "857a25a5830ed611ceaf8f061248fc2da251331064981631a4691483e1404b75983639e4075ff8f62d52759787ce1b61cd80045cb3946db92de8dfbe9cfefe0d"
}