📅 Original date posted:2018-02-21
📝 Original message:
Hi,
I am a bit concerned with the privacy implications of having either a
signed invoice + pre-image, or possibly a more powerful proof-of-payment
mechanism. In particular, I am concerned that it might provide
cryptographic evidence to the buyer that a certain seller performed the
transaction, and/or evidence to the seller that a certain buyer
performed the transaction.
In many cases, providing this evidence would be a feature rather than a
bug, allowing third-party dispute settlement (e.g. the legal system).
However, in my opinion, the Lightning network should also (or
especially) be suitable for more "sensitive" transactions. Even when
transactions are not illegal, I believe people still have a need to keep
some transaction information private. You don't want it to be possible
that your transaction history is stored on some company/person's server
for years, and then leaks out when that server gets hacked. Also, in my
opinion, we should *not* create a two-tier system of "sensitive" and
"nothing-to-hide" transactions: that would make the "sensitive"
transactions automatically suspicious, partially negating the whole
objective of being able to do sensitive transactions without
experiencing negative consequences.
To some degree, node IDs can act as pseudonyms, without evidence that
ties them to physical identities. However, I consider them to be
relatively poor pseudonyms: unlike, for instance, Bitcoin addresses,
creating a new node for every new transaction would have a serious
scalability impact, and defeat the whole purpose of Lightning. I think a
typical person would frequently perform transactions that are inherently
tied to their physical identity, e.g. receiving salary. This could give
the counterparty (the employer) a link between physical ID and node ID;
it might be forced to share this e.g. with authorities, further
increasing the odds of leak-out and/or abuse of data.
Maybe the solution is to have multiple nodes: one tied to your physical
ID, and one or more virtual identities? You could then transfer funds
between these nodes, and make sure no outsiders receive any
proof-of-payment info about these transfers. It sounds like an expensive
solution though, since you'd have to operate more channels to give each
node good connectivity.
What are your ideas on this? Should proof of payment be optional? Should
its strength (optionally) be reduced, so that it can only be used in
front of some previously-agreed-on dispute resolution party (is that
even possible)? Should the idea of proof of payment be abandoned
altogether? Is bi-directional routing(*) useful in this?
CJP
(*) Payee first finds a route from a rendezvous node to himself,
onion-encrypts that route, passes it to payer (together with rendezvous
node ID), and payer adds to that route the onion route from payer to
rendezvous point. This way, payer knows the rendezvous node ID, but not
the payee node ID. Payee knows the rendezvous node ID, but doesn't know
payer node ID either. Rendezvous node only knows that it's forwarding a
transaction, not from-where-to-where, or the purpose of the transaction.
Corné Plooy [ARCHIVE] /
npub1ly…cdx6n
2023-06-09 12:49:11
in reply to nevent1q…7xza
Author Public Key
npub1ly5vrg5ylhdkxrkj824jhlnfsy2z8fvlg8wcc0jqc4aezma6majsycdx6nPublished at
2023-06-09 12:49:11Event JSON
{
"id": "34780aa0e4f031524f52547aac63727eeb265845222d1a851ced01e9e70523c8",
"pubkey": "f928c1a284fddb630ed23aab2bfe69811423a59f41dd8c3e40c57b916fbadf65",
"created_at": 1686314951,
"kind": 1,
"tags": [
[
"e",
"16b61f0ab222252050310ae91858d7a1fb5016038f520e088915c7faef90c1f7",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2018-02-21\n📝 Original message:\nHi,\n\n\nI am a bit concerned with the privacy implications of having either a\nsigned invoice + pre-image, or possibly a more powerful proof-of-payment\nmechanism. In particular, I am concerned that it might provide\ncryptographic evidence to the buyer that a certain seller performed the\ntransaction, and/or evidence to the seller that a certain buyer\nperformed the transaction.\n\n\nIn many cases, providing this evidence would be a feature rather than a\nbug, allowing third-party dispute settlement (e.g. the legal system).\nHowever, in my opinion, the Lightning network should also (or\nespecially) be suitable for more \"sensitive\" transactions. Even when\ntransactions are not illegal, I believe people still have a need to keep\nsome transaction information private. You don't want it to be possible\nthat your transaction history is stored on some company/person's server\nfor years, and then leaks out when that server gets hacked. Also, in my\nopinion, we should *not* create a two-tier system of \"sensitive\" and\n\"nothing-to-hide\" transactions: that would make the \"sensitive\"\ntransactions automatically suspicious, partially negating the whole\nobjective of being able to do sensitive transactions without\nexperiencing negative consequences.\n\n\nTo some degree, node IDs can act as pseudonyms, without evidence that\nties them to physical identities. However, I consider them to be\nrelatively poor pseudonyms: unlike, for instance, Bitcoin addresses,\ncreating a new node for every new transaction would have a serious\nscalability impact, and defeat the whole purpose of Lightning. I think a\ntypical person would frequently perform transactions that are inherently\ntied to their physical identity, e.g. receiving salary. This could give\nthe counterparty (the employer) a link between physical ID and node ID;\nit might be forced to share this e.g. with authorities, further\nincreasing the odds of leak-out and/or abuse of data.\n\n\nMaybe the solution is to have multiple nodes: one tied to your physical\nID, and one or more virtual identities? You could then transfer funds\nbetween these nodes, and make sure no outsiders receive any\nproof-of-payment info about these transfers. It sounds like an expensive\nsolution though, since you'd have to operate more channels to give each\nnode good connectivity.\n\n\nWhat are your ideas on this? Should proof of payment be optional? Should\nits strength (optionally) be reduced, so that it can only be used in\nfront of some previously-agreed-on dispute resolution party (is that\neven possible)? Should the idea of proof of payment be abandoned\naltogether? Is bi-directional routing(*) useful in this?\n\n\nCJP\n\n\n(*) Payee first finds a route from a rendezvous node to himself,\nonion-encrypts that route, passes it to payer (together with rendezvous\nnode ID), and payer adds to that route the onion route from payer to\nrendezvous point. This way, payer knows the rendezvous node ID, but not\nthe payee node ID. Payee knows the rendezvous node ID, but doesn't know\npayer node ID either. Rendezvous node only knows that it's forwarding a\ntransaction, not from-where-to-where, or the purpose of the transaction.",
"sig": "4b29e5296ffe7ea6b90caf6d142963cc1351ce42bda828dfdf43ee6a96b33667c19e01ff6d064dbdde4ded8eda7f4e0ed0d8d2e194810fc813c2bba1330ad02e"
}