š
Original date posted:2023-07-25
šļø Summary of this message: Blinded paths in the Lightning Network can have a downside for privacy and decentralization, as they can enforce that only "compliant" nodes can reach a destination. This could lead to routing only through large regulated hubs, hurting payment reliability and sender side privacy. There is concern that lightning "chain analysis" companies could pressure businesses into implementing this.
š Original message:
Hi list,
This is an idea I had the other week about a potential downside of blinded paths that people should be aware of.
Blinded paths work by encrypting specific paths to reach the destination node, and each of these paths have an introduction point.
This has big privacy benefits for the receiving node as they can hide among an anon set of anyone within X hops of the introduction node (X being the size of the blinded path).
However, this can have a potential downside for privacy and decentralization on the network as a whole.
With blinded paths since you do not know the destination node the only way to pay them is through one of the given paths.
Because of this, they can be used to enforce that "compliant" nodes are the only ways to reach a given destination.
In my experience today you can get away with telling your compliance officer you will only open channels with people you trust, and we see this with some regulated businesses today (Cash App & River only open to sepcific peers).
However with blinded paths we could have a world where not only do they only open channels to specific peers but they enforce that when paying them, the payment must go through at least N "compliant" nodes first.
This would make it so the pleb routing nodes of today would be completely circumvented and users would be forced to route only through large regulated hubs.
The receiver would be hurting their payment reliability as they are removing potential paths they can receive from, but this is already the case for all blinded paths.
This could hurt sender side privacy as well, since payment reliability rapidly falls off the more hops that are needed it is likely the sender would need to be very closely connected the introduction node or any of the nodes along the blinded path, and if all these compliant nodes are data sharing they'll be able to track a payment as it happens through the network just through basic timing analysis.
My concern is lightning "chain analysis" companies could strong arm businesses into doing things like this under the guise of making sure you don't receieve OFAC coins. However, I am not sure if this is a "fixable" problem and just a trade off we'll have to make to get receiver privacy in lightning but wanted to put out there for people's opinions/awareness.
Best,
benthecarman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20230725/368cd2ad/attachment-0001.html>;
Ben Carman [ARCHIVE] /
npub17lā¦c7hwm
2023-07-27 00:22:35
in reply to nevent1qā¦686d
Author Public Key
npub17lts233cksw942zaqq8kkkgrc8hn9pfzgdyrce28nrf2vx49q7wq3c7hwmPublished at
2023-07-27 00:22:35Event JSON
{
"id": "0b04a0596103cf33de49515b2d2b8b6da7815e209cdd9674bee578c40815d512",
"pubkey": "f7d7054638b41c5aa85d000f6b5903c1ef32852243483c654798d2a61aa5079c",
"created_at": 1690417355,
"kind": 1,
"tags": [
[
"e",
"72d9c830ac3071ea1b00924c06fa0283dd04ffc6fdd69774076cf93374fc61cc",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "š
Original date posted:2023-07-25\nšļø Summary of this message: Blinded paths in the Lightning Network can have a downside for privacy and decentralization, as they can enforce that only \"compliant\" nodes can reach a destination. This could lead to routing only through large regulated hubs, hurting payment reliability and sender side privacy. There is concern that lightning \"chain analysis\" companies could pressure businesses into implementing this.\nš Original message:\nHi list,\n\nThis is an idea I had the other week about a potential downside of blinded paths that people should be aware of.\n\nBlinded paths work by encrypting specific paths to reach the destination node, and each of these paths have an introduction point.\nThis has big privacy benefits for the receiving node as they can hide among an anon set of anyone within X hops of the introduction node (X being the size of the blinded path).\n\nHowever, this can have a potential downside for privacy and decentralization on the network as a whole.\nWith blinded paths since you do not know the destination node the only way to pay them is through one of the given paths.\nBecause of this, they can be used to enforce that \"compliant\" nodes are the only ways to reach a given destination.\n\nIn my experience today you can get away with telling your compliance officer you will only open channels with people you trust, and we see this with some regulated businesses today (Cash App \u0026 River only open to sepcific peers).\nHowever with blinded paths we could have a world where not only do they only open channels to specific peers but they enforce that when paying them, the payment must go through at least N \"compliant\" nodes first.\nThis would make it so the pleb routing nodes of today would be completely circumvented and users would be forced to route only through large regulated hubs.\nThe receiver would be hurting their payment reliability as they are removing potential paths they can receive from, but this is already the case for all blinded paths.\n\nThis could hurt sender side privacy as well, since payment reliability rapidly falls off the more hops that are needed it is likely the sender would need to be very closely connected the introduction node or any of the nodes along the blinded path, and if all these compliant nodes are data sharing they'll be able to track a payment as it happens through the network just through basic timing analysis.\n\nMy concern is lightning \"chain analysis\" companies could strong arm businesses into doing things like this under the guise of making sure you don't receieve OFAC coins. However, I am not sure if this is a \"fixable\" problem and just a trade off we'll have to make to get receiver privacy in lightning but wanted to put out there for people's opinions/awareness.\n\nBest,\n\nbenthecarman\n\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20230725/368cd2ad/attachment-0001.html\u003e",
"sig": "94d9b786998cd99da9eb538b7d1f833662addff48eafa0d9d0db4b58f26529f6188e5ff4b7b4456250d29e87a452d453ebd8c9ad664c445503b6e85ff4bcabe9"
}