From d5a83eea05e48d1bb533bf7e060da08c4fc59836 Mon Sep 17 00:00:00 2001
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Date: Wed, 21 Mar 2018 15:19:31 +0000
Subject: [PATCH] payalgo: Be willing to overpay up to maxfeepercent, for
 privacy.

This obscures how far an intermediate hop is from the ultimate
payee, and also obscures slightly the exact payment value.

Fixes: #1089
---
 lightningd/payalgo.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/lightningd/payalgo.c b/lightningd/payalgo.c
index 397eb3ed7219..fa2d8b8df5bf 100644
--- a/lightningd/payalgo.c
+++ b/lightningd/payalgo.c
@@ -488,6 +488,8 @@ static bool json_pay_try(struct pay *pay)
 	struct timeabs now = time_now();
 	struct json_result *data;
 	struct siphash_seed seed;
+	u64 maxoverpayment;
+	u64 overpayment;
 
 	/* If too late anyway, fail now. */
 	if (time_after(now, pay->expiry)) {
@@ -514,13 +516,29 @@ static bool json_pay_try(struct pay *pay)
 	/* Generate random seed */
 	randombytes_buf(&seed, sizeof(seed));
 
+	/* Generate an overpayment, from fuzz * maxfee. */
+	/* Now normally the use of double for money is very bad.
+	 * Note however that a later stage will ensure that
+	 * we do not end up paying more than maxfeepercent
+	 * of the msatoshi we intend to pay. */
+	maxoverpayment = ((double) pay->msatoshi * pay->fuzz * pay->maxfeepercent)
+		/ 100.0;
+	if (maxoverpayment > 0) {
+		randombytes_buf(&overpayment, sizeof(overpayment));
+		/* We will never generate the maximum computed
+		 * overpayment this way. Maybe OK for most
+		 * purposes. */
+		overpayment = overpayment % maxoverpayment;
+	} else
+		overpayment = 0;
+
 	++pay->getroute_tries;
 
 	/* FIXME: use b11->routes */
 	req = towire_gossip_getroute_request(pay->try_parent,
 					     &cmd->ld->id,
 					     &pay->receiver_id,
-					     pay->msatoshi,
+					     pay->msatoshi + overpayment,
 					     pay->riskfactor,
 					     pay->min_final_cltv_expiry,
 					     &pay->fuzz,