[Lightning-dev] Lightning network user identification

Joao Joyce joao.joyce at netcabo.pt
Mon Jan 28 01:13:14 UTC 2019


Hi ZmnSCPxj,

Thank you for your thoughtfull input.

Let me just clarify that I share the same concerns regarding user privacy. I do value all the work that’s being done to keep the LN private, trustless and permissionless.

My intention is not to violate user privacy but to give an option for a user to opt-in on keeping and proving a single identity across multiple payments for the same store (different stores would have different IDs, kind of like what happens in SQRL).

This would not be something that would happen by default or on most LN payment, but on specific payments.

The wallet would always make the user aware of it. You could probably even opt-in/out of this feature on the moment the payment is made.

In certain cases I believe this could enable a higher level of privacy and a smooth transition to better authentication practices.

For instance, I’ve implement a simple PoC service, where a user can go to an ebook store and pay a LN invoice to buy an ebook directly on the ereader device (https://youtu.be/b1w-W6oMb_M).

But then I was thinking that I eventually would need to have a way to let the user prove that he had already bought a book in order to redownload it. Authenticating the user and keeping a user account immediately comes to mind. Users are used to it.

But now I would have to make the user go through a create account/login flow, eventually asking more personal info like emails and passwords, keeping that data safe, etc...I don’t want none of that private data!

Also I would have to write more code...

Eventually I could use something like SQRL or BitID which enable some level of anonymity. But now the user would have to keep an app for login and another for payments. He is expected to have both apps to use the service and keep both private keys secure. Both would use QR codes which makes for a lot of confusion and a terrible user experience. Of course I would have to eventually code the email/password anyway as a fall back.

Contrast this scenario with this one which is basically identical to the one in the video:
1 - User goes to the ebook store.
2 - User selects the book he wants and scan a LN invoice.
3 - Wallet shows payment info and asks if user wants to provide his identity.
4 - User confirms payment and identity in the same action.

There was no need for the user to create an account or to log in to the service. And no need for the store to keep any private data, just a unique userID that is only valid for that particular store.

On the larger picture I was thinking that the standardization of such a payment/auth flow could enable services to easily transition from email/password flows to a more anonymous and secure method of private and public keys and that all those capabilities would come for free for every LN user and every LN store.

Also new use cases like the ones described in the previous email would become possible.

Simple LN payments would coexist with this method. Private, anonymous, non-tracking and perfect as they are.

Thanks,
João Joyce
________________________________
De: ZmnSCPxj <ZmnSCPxj at protonmail.com>
Enviado: 27 de janeiro de 2019 16:13:12
Para: Joao Joyce
Cc: lightning-dev at lists.linuxfoundation.org
Assunto: Re: [Lightning-dev] Lightning network user identification

Good morning Joao,

Currently no.
Also, why would you want to violate user privacy in exchange for a service?
You should authorize usage depending on secrets the user knows, not depending on their "identity".

This is precisely why LN is set up to use zero-knowledge contingent payments.
You release a secret in exchange for money.
Then, you authorize the service (streaming data, discount, etc) if someone is able to present proof that they know that secret.

I admit the current proof-of-payment is limited, especially since the secret is sent to each intermediate node.
However, use of payment points and scalars (instead of hashes and preimages) will eventually be deployed, which would hide the secret being paid for from the intermediate nodes.
In addition, proof of knowledge of a secret is simply a signature algorithm (points are public keys, scalars are secret keys).

From this point of view, your "user" is simply someone who knows the secret that you released when you were paid for your service.
Physical instances of humanity should be allowed to share a single "user", or have multiple "users"; you will be paid according to your service anyway.

Regards,
ZmnSCPxj


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, January 27, 2019 5:09 AM, Joao Joyce <joao.joyce at netcabo.pt> wrote:

> Hi all,
>
> I was wondering if there is a way to identify a user across multiple LN requests or even authenticate the user in a single step using a LN wallet.
>
> Some use cases.
>
> -   A companyadvertising a pay-per-view event could make billboards/posters with LN QR-codes. By scanning the code on the billboard the user would buy the right to see the event later that night. This would happen in just one step, no need for login, just like a regular LN payment.
> -   A music-streaming company could print QR-codes on posters. By scanning the code the user would imediately get the album on the music-streaming app on his phone.
> -   A user could anonymously get frequent-user discounts or reward points on vending machines or similar services.
> -   An arcade game like this one (https://www.youtube.com/watch?v=U0KUNbjFZdk) could identify the user across multiple plays and different machines and provide the user with high-scores and user performance statistics.
> -   Arcade games could provide multi player gaming keeping user identity, scores, in-game items, etc...
>
> Is this currently possible?
>
> Thank you,
> João Joyce


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190128/280d88b2/attachment.html>


More information about the Lightning-dev mailing list