Why are Sphinx forward messages not used in Lightning's onion packets?

Question

It is useful to send some additional information with a payment in LN. For example, spontaneous payments in LND send a payment_preimage to the destination of a payment. LND uses a non-trivial EOB format to try and encode this information into the hops_data. The hops_data must be a fixed size to prevent intermediary nodes knowing where they are in a route, which limits the size of information which can be forwarded.

The Sphinx protocol on which LN's onion routing is based already supports forwarding encrypted messages as a separate field. The notation (M,δ) is used for an onion message, where the M corresponds to the onion_packet format in BOLT4. δ is the encrypted payload, which can be of arbitrary size, and is not used.

Would it not make more sense to utilize this message forwarding rather than trying to overcomplicate the protocol with the EOB format, which gains us a trivial number of bytes?

I can see that arbitrary size may be an issue for an attacker monitoring traffic flows. Perhaps δ can be made a fixed size and padded such that each update_add_htlc_with_payload remains a fixed size. We could potentially transfer larger and more useful information to the destination (in particular, I would like to be able to embed a refund invoice in the payment).

Are there any other issues with forwarding a separate encrypted payload which I'm unaware of?

Answer 1

Questions like these are always leading to an opinionated response and are a little bit tough to answer. I will give it a shot though.

First of all I think youelf already answered your question to an important degree. Forwarding messages via the SPHINX protocol yield the possibility of message length attacks.

I think Another reason was the goal to be simple in the beginning. I know there is a lot of discussion to extend onion routing to HORNET which would create a connection oriented encrypted communication layer on top of the lightning network and routing protocol. This obviously yield some advantages but also complexity and possibilities to introduce exploits. Let us remember that sphinx mix format was created to send and receive messages / emails and we "abuse" it for lightning. So I guess we liked at the core feature we needed.

I think the main reason for using the EOB field in spontaneous payments is that it was easy to implement this in the current system without too many changes. But to be sure roasbeef might give the exact reason.