Although the Lightning Network has the potential to help Bitcoin scale to millions of new users, the scheme powered by payment channels has become a controversial topic of conversation in the community. Some would rather see an immediate increase in the block size limit, but the developers behind Bitcoin Core seem intent on turning the Lightning Network into a reality as quickly as possible.
One area of dispute involved with the Lightning Network is whether the system would hamper or help privacy in Bitcoin. There have been many proposals for improving privacy in Bitcoin over the years, such as Zerocash and JoinMarket, but the Lightning Network opens up new issues in its system where, effectively, transactions are not immediately broadcasted on the blockchain.
There are now proposals to add Tor-style onion routing to the Lightning Network, which would limit the amount of identifying information shared between users on the network. Two Bitcoin developers who are currently working on the design of the Lightning Network, Blockstream Core Tech Engineer Rusty Russell and Lightning Network Developer Olaoluwa “Laolu” Osuntokun, recently shared some of their thoughts concerning onion routing and privacy on the Lightning Network with CoinJournal.
Privacy is Key for Lightning Network Developers
Many have viewed the Lightning Network as nothing more than a useful tool for microtransactions, but Rusty Russell believes privacy must be viewed with the utmost importance during the development and design of this project. During his correspondence with CoinJournal, Russell used an example of a possible application of the Lightning Network to make his point:
“PRIVACY IS AN IMPORTANT TOPIC. WHILE LIGHTNING’S FIRST USE CASE IS MICROTRANSACTIONS, IN SOME WAYS THEIR PRIVACY IS MORE IMPORTANT THAN LARGE TRANSACTIONS! IMAGINE AN AD-BLOCKER WHICH TIPPED WEBSITES IN BITCOIN: I DON’T CARE IF YOU KNOW THAT I PAY MY MORTGAGE ON TIME, BUT I MIGHT CARE IF YOU KNOW EVERY WEB PAGE I VISIT.”
Russell also noted that the battle between privacy and surveillance is not one that will simply go away after specific patches are made to the design of the Lightning Network. He stated:
“EVEN ONCE YOU’VE COVERED THE OBVIOUS PRIVACY CONCERNS, WE’LL HAVE AN ARMS RACE OVER THINGS LIKE TIMING ATTACKS AND TRAFFIC ANALYSIS: JUST LOOK AT THE TOR NETWORK, FOR EXAMPLE.”
Although many view Tor as a tool for completely anonymous use of the Internet, the reality is the network is not as private and secure as some would like to imagine. The anonymizing network has proven itself to be useful over time, but it should not be viewed as a bulletproof shield against government-level adversaries.
Lightning Network designers are very much aware of the need to preserve censorship resistance in Bitcoin. Rusty Russell noted the developers working on this concept wish to bring as much privacy to the network as possible.
Proposals for Onion Routing on the Lightning Network
Rusty Russell, who Linus Torvalds once referred to as a “top deputy” for his work on the Linux kernal, has been working on an implementation of the Lightning Network over the past year or so. Russell originally sent a proposal for onion routing to the Lightning Network mailing list in October, and alternative proposals have been made by other developers since then.
“LAOLU POSTED TO THE MAILING LIST ON A PROVEN DESIGN WHICH WOULD SAVE US THE WORK OF VALIDATING MINE, SO WE’LL CLEARLY DO THAT INSTEAD.”
CoinJournal was also able to make contact with Laolu, and after commending Rusty on his work developing an onion routing format from scratch, he confirmed his view that finding an existing, peer-reviewed solution for onion routing would be the best option. Laolu stated:
“I REALLY COMMEND RUSTY FOR DEVELOPING AN ONION ROUTING FORMAT, FROM SCRATCH, FOLLOWING FIRST PRINCIPLES. THAT’S NO SMALL FEAT! HOWEVER, I FELT THAT WE MAY BE ABLE TO SAVE SOME REVIEW [AND] VETTING TIME BY USING AN EXISTING PEER-REVIEW SOLUTION. SO I SEARCHED THROUGH THE EXISTING ACADEMIC LITERATURE ON MIX-NETS AND ONION ROUTING. I FOUND TWO SCHEMES WHICH SEEMED PERFECT FOR OUR PARTICULAR USE CASE. BOTH SCHEMES HAVE BEEN THOROUGHLY VETTED VIA ACADEMIC PEER REVIEW, AND CONTAIN FORMAL PROOFS OF SECURITY.”
“WITH THE ADDITION OF HORNET, THE STATE OF PRIVACY WITHIN THE LIGHTNING NETWORK CAN BE TAKEN TO THE NEXT LEVEL. WITHIN THE SCHEME, HORNET ALLOWS FOR AN OPTIONAL RENDEZVOUS SYSTEM SIMILAR TO TOR’S HIDDEN SERVICES. LEVERAGING THIS SYSTEM WITHIN THE LIGHTNING NETWORK WILL ALLOW FULL SENDER-RECEIVER ANONYMITY.”
An in-progress implementation of Laolu’s proposal can be found on GitHub.
How Much Privacy Can the Lightning Network Provide to Users?
During CoinJournal’s correspondence with Rusty Russell, the Bitcoin developer also shared his thoughts on the overall level of privacy that will eventually be available on the Lightning Network. Although there are privacy improvements in development right now, it’s clear that Russell does not see this new enhancement for Bitcoin transactions as the best option for those who wish to remain private or anonymous. Russell explained:
“THE AMOUNTS ARE KNOWN, AT LEAST APPROXIMATELY. ALSO, THERE’S COMMUNICATION (VIA NUMEROUS HOPS, SURE) BETWEEN THE PAYER AND PAYEE, WHICH OFFERS ROOM FOR TRAFFIC ANALYSIS AND THE LIKE.”
Russell’s key point here is the Lightning Network creates a situation where two peers on the network are communicating with each other rather than having one party (or even a third party) broadcast the transaction onto the Bitcoin network via Tor. He explained further:
“COMPARE [THE LIGHTNING NETWORK’S PRIVACY MODEL] WITH BITCOIN OVER TOR, WHERE YOU MIGHT HAVE THE BITCOIN PAYMENT ADDRESS DAYS BEFORE AND SIMPLY DROP A TRANSACTION ON THE NETWORK, WHICH [THE RECIPIENT] RECEIVES LIKE [ANY OTHER NODE ON THE NETWORK].”
When asked how the Lightning Network would eventually compare with something like Zerocash over the long term, Russell noted:
“AS FAR AS I CAN TELL, ZEROCASH IS THE ULTIMATE IN PRIVACY, WHICH DOESN’T [REVEAL] WHAT INPUTS WERE SPENT, WHAT ADDRESSES RECEIVED, OR HOW MUCH WAS SENT.”
Possible Solutions for Lightning Network Privacy
Laolu mentioned some of the privacy issues that still remain with the Lightning Network in an email to CoinJournal. For one, there is an issue with the redemption hash (R-value) in the Lightning Network’s current design that could make it relatively easy for an attacker to correlate payments between two parties. Laolu explained:
“EVEN WITH [HORNET], THERE’S STILL A GLARING HOLE WITHIN THE LIGHTNING NETWORK AS FAR AS PRIVACY OF PAYMENTS: THE R VALUE! SINCE THE VALUE OF R REMAINS CONSTANT ALONG THE ROUTE, IT’S TRIVIAL FOR AN ADVERSARY TO CORRELATE PAYMENTS WITHIN THE ONION CIRCUIT EVEN THOUGH IT DOESN’T LEARN THE FULL ROUTE.”
The Lightning Network designer went on to note that Blockchain.info’s Mats Jerratsch and Bitcoin Core Developer Greg Maxwell have both come up with schemes that could potentially solve this problem. Laolu explained how a proper solution to this issue would limit the amount of information nodes on the Lightning Network would have in regards to senders and receivers:
“INTERMEDIATE NODES ARE OBLIVIOUS TO: THE TOTAL LENGTH OF THE PAYMENT PATH, THEIR POSITION WITHIN THE ROUTE, THE SENDER, THE RECEIVER, AND THE R VALUE THAT THE RECEIVER AND ALL OTHER INTERMEDIATE NODES WILL USED TO SETTLE THE FINAL PAYMENT.“
Tor-Style Onion Routing is Definitely Coming to the Lightning Network
One of the main concerns that most Bitcoin users always have over new proposals that could help scale Bitcoin or bring more privacy to the payment system is that something will inevitably go wrong and the concept will never be implemented. This has, perhaps, been an even bigger issue with companies in the industry that provide nothing but empty promises to their customers.
Having said that, Russell and Laolu are convinced onion routing on the Lightning Network is a development that will definitely take place — in due time. Laolu explained:
“AS RUSTY SAID, THIS IS DEFINITELY GOING TO HAPPEN! AT THIS POINT, IT MAY BE A BIT EARLY TO CONCRETELY ASSERT WHAT THE FINAL PRODUCTION SYSTEM WILL LOOK LIKE, BUT IT SEEMS THAT THE PRIMARY PRIMITIVES HAVE BEEN AGREED UPON.”