One of the secondary benefits of how the Lightning Network works as a scaling solution is privacy. It’s not perfect or insurmountable privacy by any means, but it’s better than naive use of the underlying blockchain layer itself. It’s also not perfectly balanced. The sender learns many details about the receiver, but the receiver knows nothing about the sender.
For off-chain payments, this is a huge improvement for consumers over on-chain payments. However, it has one big problem, one that is not unique to Lightning, but is a problem for all onion-oriented systems.
Global negative adversaries. This means an actor capable of passively monitoring all Internet communications between all participants in a network such as Lightning or Tor. When a message crosses the network, an adversary can see the message going from one node to a second node, and also see that the message went from the second node to the third node immediately after receiving one from the first node.
In the case of a global adversary, while they cannot see the specific details of the message across the network, they can see where it came from and where it arrived. That’s enough information to de-identify a payment system like Lightning, where what ultimately matters is who pays whom.
This is the real fundamental flaw, Lightning can be very private to senders from merchants, and soon with improvements coming to recipients from the person paying them, but it is very weak against a really strong global opponent.
However, this can be mitigated. Payments stand out against a global adversary because that is what the majority of traffic nodes will send, the timing relationship from A to B to C to D, etc. These heuristics can be broken by nodes that regularly send bogus traffic to each other.
Fake traffic can take the form of a constant barrage of fake packets, simply by replacing the fake packets with real messages when payments are routed. This would make it impossible to link anything. Other options are to add scams that persist after payment is completed, or opportunistically make payments when you receive these scams.
Different strategies may have different degrees of success in creating privacy, but something needs to be done. Multiple improvements have been made, or are on their way to being implemented, in the form of BOLT 12 and encrypted route billing, but the bigger picture remains the same: completely transparent to a powerful adversary.
Given how quickly Bitcoin has grown in importance, perhaps it’s time to reconsider the bigger picture of privacy and not just incremental local improvements.
This article is a takes. The opinions expressed are entirely those of the author and do not necessarily reflect the opinions of BTC Inc or Bitcoin Magazine.