Bitcoin right now is not really anonymous. Monitoring of the unencrypted peer-to-peer network and analysis of the public blockchain, combined with Know Your Customer (KYC) policies and Anti-Money Laundering (AML) regulation, can reveal a lot about who is using Bitcoin and for what.
This is not great from a privacy perspective. For example, Bitcoin users might not necessarily want the world to know where they spend their money, what they earn or how much they own; similarly, businesses may not want to leak transaction details to competitors.
And the fact that the transaction history of each bitcoin is traceable puts the fungibility of all bitcoins at risk. “Tainted” bitcoins may be valued less than other bitcoins, possibly even calling into question bitcoin's value proposition as money.
But this can be improved. Perhaps one of the most promising solutions is designed to be an integral part of one of Bitcoin’s highly anticipated scaling layers: the lightningnetwork. Utilizing the “Sphinx” protocol, lightning payments will be routed over a Tor-like anonymity network to offer privacy and protect fungibility.
Payment Channels and the Lightning Network: A Brief Recap
The lightning network essentially consists of bi-directional payment channels, creating a peer-to-peer network.
Bi-directional payment channels increase privacy even without the lightning network. Two users — let’s say Alice and Bob — can open a bi-directional payment channel and transact over this channel through a private medium. Only once they are finished transacting will they broadcast the final state of the channel to the blockchain. This public transaction reveals how much money Alice sent to Bob — or the other way around. But there is no way to tell whether this was through ten transactions, a hundred small transactions, or maybe even a thousand transactions back and forth. This ambiguity is a boon for privacy.
Unfortunately, a disadvantage is introduced when these bi-directional payment channels are all linked to create a peer-to-peer network. If Alice pays a third user — Carol — through Bob, Bob will know that Alice paid Carol, and how much. While Alice and Carol still have relative privacy in relation to the rest of the world, they do not have privacy in relation to Bob. And if there are two or more intermediaries — not only Bob but also Dan — both Bob and Dan learn about the transaction between Alice and Carol.
The current lightning network specification includes a solution to mask routing data from all intermediaries, based on Sphinx.
Designed by academic researchers, George Danezis and Ian Goldberg, Sphinx is a protocol to relay anonymized messages over a peer-to-peer network. The solution was first proposed in May 2009, and had nothing to do with the lightning network or even Bitcoin. It was Lightning Labs’ Olaoluwa Osuntokun who realized Sphinx could be utilized and, in collaboration with Blockstream’s Christian Decker, modified the protocol to better fit the lightning network.
Sphinx shares similarities with the well-known anonymizing communication tool, Tor (the Onion Router). As with Tor, any data package sent with Sphinx — including the receiving IP address – is encrypted. This encrypted package is then itself encrypted a couple times over until it consists of several “layers” of encryption (hence the “onion” metaphor for Tor).
Using clever cryptographic tricks, all these layers of encryption are applied so that each intermediary along a route toward the final destination of the package can unwrap only one layer. This layer reveals to each intermediary where the package must be forwarded to, but nothing else. (Compared to Tor, Sphinx uses improved cryptographic algorithms and creates a constant-size data package to better obfuscate a node’s position in the route.)
On lightning, the payer determines a path over the peer-to-peer network and wraps a payment package in layers of encryption. And, apart from just relay information, each intermediary also unpacks some additional data. This includes amounts, fees and more, along with allowing all intermediaries to set up a step in the payment chain. (In a future version of the lightning network, this may be extended with a protocol called “Hornet” to further streamline the whole process — but this is not strictly needed for the lightning network to function.)
Importantly, all intermediaries only learn from which channel they receive bitcoins, and to which channel they must forward the payment. The intermediaries have no idea whether they are the first step in the chain, the last step, a step somewhere in the middle, or perhaps even the only step. Whoever originally sent the transaction, and the one who ultimately receives it, remain known to only the sender and the receiver.
Whenever channels close, the advantages offered by bi-directional payments channels are clear — on steroids. While everyone gets to see how many bitcoins Alice sent to Bob over the duration of the channel, again, it remains unknown whether these were ten transactions, a hundred small transactions, or maybe even a thousand transactions back and forth. Moreover, Alice may not even have sent much of the money to Bob at all: perhaps most payments from Alice to Bob were actually routed to Carol, or to someone else, anywhere on the network.
For technical details on lightning routing, see part four of the lightning network specification as explained by Blockstream’s Rusty Russell, or Olaoluwa Osuntokun’s presentation at Scaling Bitcoin Milan.