[Lightning-dev] Questions on lightning chan closure privacy
ZmnSCPxj at protonmail.com
Tue May 18 08:19:47 UTC 2021
Good morning LL and Lee,
> Hi Lee,
> You are touching on some very relevant privacy challenges for lightning. To your questions:
> 1. Is it possible to identify which node funded a lightning channel? (this tells you who owns the change output)
> 2. Is it possible to identify who owns which channel close output?
> I think that the answer to both these questions hinges on whether you exclusively use private channels. If you fund private and public channels with the same wallet then it may be possible to identify your private channels and the owner of the channel and channel close outputs.
It is helpful to avoid the terminology "public / private" and use instead "published / unpublished", precisely because unpublished channels are not necessarily an improvement in privacy (but are a degradation in usability for the rest of the network).
If a node has a mix of published and unpublished channels, then it is usually possible to look at a closed unpublished node and determine which output belongs to that node.
And because channels are composed of two participants, by simple elimination, the other output obviously belongs to the counterparty.
Now, a node that only has unpublished channels has to (in the current network) be connected to a node with *mixed* published and unpublished channels.
Otherwise, it would not be able to find a route to *any* other payee via that channel, and thus the channel capacity is wasted.
When that channel is closed, with non-negligible probability it is possible to determine which output goes to the "mixed" node and which one goes to the "unpublished-only" node.
That can then be tracked as well.
Thus, a node which has only unpublished channels does not really have a much improved privacy over one which uses only published channels, or has a mix of channels.
On the other hand, I have written before about "CoinSwapper", which is basically:
* Use some onchain funds to create a channel to some random well-connected node.
* Pay to an offchain-to-onchain swap and withdraw all your coins onchain.
* Close the previous channel and blacklist your output from the mutual close (i.e. throw away the key and destroy all evidence that you used that channel).
This allows some privacy, as long as you never use the output from the mutual close.
This is a clunky way you can achieve CoinSwap in practice today without waiting for specific CoinSwap software.
More information about the Lightning-dev