The Lightning Network is often viewed as the holy grail when it comes to scaling Bitcoin to many more transactions per second, but questions remain as to how well the current version of this layer-two network can preserve or improve user privacy. During the Scaling Bitcoin workshop at Stanford University over the weekend, Zcash co-founder Ian Miers presented on the Lightning Network’s privacy issues and a potential solution to these problems.
Privacy Issues with the Lightning Network
At first, it may appear that the Lightning Network would provide improved financial privacy by default because transactions are mostly taken off of the public Bitcoin blockchain; however, Miers explained that the aggregate payment data is really all that matters to an observer. “It doesn’t matter I’m telling you that I’m paying a psychiatrist every week for $500; it matters if you know that I’m paying the psychiatrist regularly at all,” said Miers.
Miers added that the situation does get better in a payment channel network (as opposed to a simple payment channel between two parties) because then an observer can only see a user’s entry point to the network. Having said that, Miers also pointed out that problems still exist in payment channel networks such as the Lightning Network. In short, the payment hubs or colluding nodes on the network can learn about a specific user’s transaction activity. “If you have a path in the network and all of the peers on the path collude, they can identify you,” explained Miers. “They can do this via direct collusion, [or] they can do this via correlation after the fact. You don’t really get strong privacy from this model.”
A Centralized Lightning Network May Provide Less Privacy Than Bitcoin Itself
Miers went on to explain that the privacy problems found in the Lightning Network become much worse when the topology of the network is centralized. In this situation, collusion or coordination between nodes is not necessary because the centralized node already knows everything. The level of centralization that will be found in the Lightning Network has been subject to debate since the concept was first announced.
An article exploring this debate can be found over at Bitcoin Magazine. In Miers’s view, a centralized setup would provide a level of privacy lower than what is already available via traditional payment systems. In fact, Miers went as far as to say a centralized Lightning Network would provide worse privacy than the base Bitcoin blockchain. “The situation gets a little worse for Bitcoin because it’s not likely to be some regulated or vaguely regulated entity like Visa or financial institutions, which have (admittedly thin) rules on what they can do with your personal data, [that acts as a Lightning Network hub],” said Miers. “It’s going to be: insert your favorite sketchy exchange here.” Reasons for on-chain transactions being more private than a centralized Lightning Network provided by Miers included:
- The creation of multiple identities for on-chain transactions is free, while new identities on the Lightning Network require a user to lock up funds into escrow.
- To gain the fee-related benefits of the Lightning Network, identities must also be long-lived.
- Some Lightning Network hubs may also decide to implement policies related to Know Your Customer (KYC) and Anti Money Laundering (AML) regulations. This would mean a real-world identity is also attached to one of these long-lasting pseudonyms.
“Even if there’s not [KYC/AML], it’s a long-term pseudonym, and it’s quite easy to figure out and link these to your actual, real-world identity,” said Miers. “You use the payment channel network once to make a payment to Amazon and they ship you a product, well, now someone knows the linkage on this stuff if they collude.” Miers added that the privacy issues associated with payment channels are not even solved with something like Zcash because there are still long-term pseudonyms attached to the off-chain activity.
A Solution to These Privacy Issues
As one potential solution to the Lightning Network’s privacy issues, Miers pointed to a project called Bolt, which is based on a paper (PDF) he co-authored with fellow Zcash scientist and Johns Hopkins Associate Professor of Computer Science Matthew Green. With Bolt, Lightning Network-esque payments can be sent through intermediary nodes without revealing the participants in the transaction or their associated payment channel balances. These features are achieved through the use of zero-knowledge proofs.
“All you have to do is do a zero-knowledge proof that [says], ‘Look, this [valid signature] exists, I’m not going to tell you the balance, and here’s the new thing that differs by five dollars,’” explained Miers. According to Miers, everything about the off-chain transactions, including payment values and participants, is hidden from the blockchain. Miers added that Bolt could be added to Bitcoin or Zcash via a soft fork or hard fork through the addition of a new opcode. “The one caveat to this is that in Bitcoin you need to be able to anonymize the funding of the channel,” Miers clarified. Without an anonymous funding mechanism, the last payment associated with a particular channel can be linked to the original funding of the channel.