The Lightning Network Privacy Big Picture: Don't Forget the NSA

One of the secondary benefits of how the Lightning Network works as a scaling solution is privacy. It’s by no means perfect or undefeatable privacy, but it is a better than naive use of the base layer blockchain itself. It’s also not perfectly balanced. The sender learns a good many details about the receiver, but the receiver learns nothing about the sender.

For casual payments it is a big improvement for consumers over on-chain payments. It does have one big problem though, something not unique to Lightning, but a problem for all onion routed systems.

Global Passive Adversaries. That means an actor who is able to passively monitor all the internet connections between everyone involved in a network like Lightning, or Tor. When a message crosses the network, the adversary can see a message move from one node to a second node, and also see that a message went from the second node to a third right after it received one from the first.

If a global adversary exists, then while they cannot see the specific details of a message across the network, they can see where it originated from and where it arrived. That is plenty enough information to deanonymize a payment system like Lightning, where the chief matter of importance is after all who is paying who.

This is the true fundamental shortcoming, Lightning can be very private for senders from their merchants, and soon with coming improvements for receivers from the person paying them, but it is very weak against a truly powerful global adversary.

This can be mitigated however. Payments stand out to a global adversary because that is the majority of traffic nodes will send, and the timing relationship from A to B to C to D, etc. These heuristics can be broken by nodes sending fake traffic to each other regularly.

Fake traffic could take the form of a constant barrage of fake packets, simply replacing fake ones with real messages when payments are routed. This would make it impossible to correlate anything. Other options would be to add decoy messages that continue on after the completion of a payment, or opportunistically make payments when such decoy messages reach you.

Different strategies would have different degrees of success in creating privacy, but something needs to be done. Multiple improvements have been made, or are coming down the pipeline, in the form of BOLT 12 and blinded path invoices, but the larger picture is still the same as it was: totally transparent to a powerful adversary.

Given the scale of importance Bitcoin has rapidly grown to, maybe it’s time to reconsider the larger picture of privacy and not just incremental local improvements. 

This article is a Take. Opinions expressed are entirely the author's and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.