I would like to get a correct understanding of the padding mechanism used in onion routing. The following is taken from the original paper of onion routing[https://www.onion-router.net/Publications/IH-1996.pdf].
Notice that at each hop the onion shrinks as a layer is peeled off. To avoid compromised nodes inferring route information from this monotonically diminishing size, a random bit string the size of the peeled offlayer is appended to the end of the payload before forwarding. No proxy except the last will know how much of the payload he receives is such padding because he won't know where he is in the chain. He simply `decrypts' the padding along with the rest of the onion
To make my question concrete, let's assume the chain is of length 3 consisting of $X$, $Y$, $Z$, where $Z$ is the last node in the chain. Let's also assume the chain keys have already been established. From my understanding, if the source wants to send $M$ to a destination using this chain, it encrypts $M$ as follows:
$$ O_Z = \left[\_,C_Z = E.K_{FZ}(M), T_Z=\text{MAC}.K'_{FZ}(C_Z)\right] \\ O_Y = \left[Z, C_Y = E.K_{FY}(O_Z), T_Z=\text{MAC}.K'_{FY}(C_Y)\right] \\ O_X = \left[Y, C_X = E.K_{FX}(O_Y), T_Z=\text{MAC}.K'_{FX}(C_X)\right] $$ assuming authenticated encryption is used to encrypt the payload.
If $X$ receives $O_X$ from the sender, $X$ peals of the outer layer and sends $O_Y$ to $Y$ and so on. It is clear that the size of onion will shrink if only the decrypted onion is forwarded.
If X adds random padding to $O_Y$ before sending it to $Y$, how can $Y$ know the size of the padding? If $Y$ can somehow determine the size of the padding, I think $Y$ can know where he is in the chain which contradicts what is argued in the original paper. What am I missing here?
