[2018-02-24] Will Lightning Help or Hurt Bitcoin Privacy?

[cybersofts]

Will Lightning Help or Hurt Bitcoin Privacy?




Faster, cheaper bitcoin transactions? Check. But at what cost?

For bitcoin users, many of whom were drawn to cryptocurrency for its promise of financial sovereignty, bitcoin is still synonymous with privacy. But the gap between the vision and the reality, in which user transactions today must be published to a globally distributed ledger, has long been one of the technology's biggest points of controversy.

"Bitcoin is Twitter for your bank account. Everything is public to everyone," Ian Miers, the co-founder of the privacy-centric cryptocurrency zcash, told CoinDesk.

Compounding matters, however, is that as bitcoin users get closer to gaining a whole new way to send transactions, powered by an innovation called the Lighting Network, concerns are spreading that privacy could degrade from its already imperfect state.

On the surface, the idea might seem promising - because Lightning payments occur "off-chain," the information isn't included in the blockchain that all nodes store.

But while there is no Lightning ledger so to speak, payments in the scheme are still broadcast across nodes within the network. Essentially, to ensure routing is always available, those using Lightning channels need to trust other network users to help relay transactions.

Conceptually, this means that participants within the system could pry on a transaction, or even potentially sell that information to governments or advertisers. This is a risk that's worsened if the network becomes centralized into a "hub-and-spoke" type structure, where hubs are large, well-known and often-used entities.

"Lightning likely won't improve privacy, it may make it much worse from an average consumer's perspective," Miers added.

And like many, more speculative concerns surrounding the upcoming tech, the risk to user privacy may not be obvious until the network is deployed - an uncertainty that, combined with a wave of efforts on behalf of Lightning developers to include privacy features, has led to mixed sentiments as to what the future of private bitcoin transactions might be.

According to privacy researcher Kristov Atlas, in a worst-case scenario, privacy attackers could "thrive" on hubs "vampirically feeding off" the data as he wrote in a blog post.

However, the upcoming Lightning release does have some privacy features embedded, and there's reason to believe that developers are at least making advances on the problem.


Onion-routing

To date, the most advanced privacy feature included within Lightning is called "onion routing," and it's part of the Basics of Lightning Technology (BOLT), a series of protocols that ensure the multiple iterations of Lightning can interoperate.

In onion routing, payments are passed through multiple channels, and only the minimum of information about that payment is exposed.

For instance, upon receiving an encrypted payment, a node can only know where that payment came from and to what node that payment should be relayed.

According to Olaoluwa Osuntokun, a leading figure in Lightning development who first suggested the scheme on the developer mailing list, the importance of this is that nodes can't be selective when it comes to what payments they're willing to take.

"Nodes shouldn't be able to arbitrarily censor certain payments, or blacklist certain destinations within the channel graph," Osuntokun explained.

Often compared to the Tor network for its use of onion routing, Lightning has occasionally been celebrated as a darknet for bitcoin payments - however, it's comparatively untested, and could face some of the problems native to Tor as well.

"Similar to Tor, there exist known possibilities of timing leaks, and also unknown active attacks that may be viable," Osuntokun said.

And according to some, there's ways that onion-routing could be manipulated, leading to the loss of privacy, especially in an early Lightning network.

For example, the last node within a route, as well as whoever sent that payment, will know the transaction information, and theoretically, nodes could collude to break privacy, piecing together each layer of the payment in order to create a complete picture.

On top of this, there's the risk of a "global adversary which is able to instantaneous monitor all channels on the network," something that the current privacy protocol doesn't address, Osuntokun continued.


Fixed identifiers

And there's further defects to privacy on Lightning today as well.

For example, Lightning payments are currently given a fixed identifier that is repeated throughout the entire route. "This means that if an adversary has two non-contiguous nodes on the route, then they can trivially link a payment flow," Osuntokun said.

That said, Osuntokun assured that there's ways to correct this in future.

For example, if Schnorr signatures, a scaling method that works by aggregating public keys, are adopted into bitcoin, it could correct this issue in a "simple and attractive" way, Osuntokun said.

Plus, there's other, "more heavy weight solutions" such as using zero-knowledge to encrypt payments. However, because this encryption device is heavy, it will "significantly increase the amount of data one needs to send in order to complete a payment," Osuntokun said.

According to Osuntokun, the "lowest hanging fruit" is to obscure this payment identifier with random numbers as the payments pass through the network.


Hub and spoke

Even more speculative risks exist as well, but according to Miers, it's all highly contingent on the structure that the Lightning network will take.

"Some people think the amount of money you need to lock up in a channel and the costs of running nodes will inevitably lead to centralization," Miers said. "And then there's clearly no privacy."

Because onion routing works by passing payments through multiple nodes, in the case of a highly centralized network, active nodes could have perfect visibility of the payments.

However, Blocksteam engineer Christian Decker told CoinDesk that the development teams are creating "counter measures" against this risk of centralization.

Programming the system to open channels at random, Lightning "tries to avoid having hubs that can observe traffic," Decker explained, which has the added benefit of "strengthen[ing] the network as a whole against single points of failure."

Decker said that this randomness could be extended to how routes are formed on the network, making payment paths less predictable but potentiality increasing fees.

Other researchers maintain the risk involved in maintaining a node with high throughput will stave off the formation of centralized hubs.

Miers concluded:

    "We will see which one actually ends up happening."


Source: https://www.coindesk.com/will-lightning-help-hurt-bitcoin-privacy/

[DooMAD]

If Lightning is so transparent and damaging to privacy, can anyone tell me the number of mainnet Lightning transactions that have been sent so far in the short time it's been running?  Not the number of channels open, but the number of transactions sent.  Shouldn't take long if it's that easy.  2 merits to the first person who can tell me.

No?  I didn't think so.  Because the truth is we have absolutely no idea.  Number of on-chain transactions in ~9 years?  Well that's easy.  We just passed 300 million of those.  It's there for all to see on the blockchain.  Number of Lightning transactions in ~9 weeks?  No one can keep track.  Total mystery.

Clearly there's a different trust model involved with Lightning, but it's one of those things where it's not going to be perfect straight out of the box.  There are plenty of people out there who care about privacy and possess the knowledge and ability required to improve the privacy aspects in Lightning over time.  People should obviously be aware of the differences between Lightning and regular Bitcoin transactions, but none of this is a show-stopper.

[odolvlobo]

In summary, in order for LN to hurt privacy, the network would have to be very centralized and nodes would have to collude.