Re: [Lightning-dev] Questions on lightning chan closure privacy
Good morning LL and Lee, > Hi Lee, > > You are touching on some very relevant privacy challenges for lightning. To > your questions: > > 1. Is it possible to identify which node funded a lightning channel? (this > tells you who owns the change output) > 2. Is it possible to identify who owns which channel close output? > > I think that the answer to both these questions hinges on whether you > exclusively use private channels. If you fund private and public channels > with the same wallet then it may be possible to identify your private > channels and the owner of the channel and channel close outputs[1]. It is helpful to avoid the terminology "public / private" and use instead "published / unpublished", precisely because unpublished channels are not necessarily an improvement in privacy (but are a degradation in usability for the rest of the network). If a node has a mix of published and unpublished channels, then it is usually possible to look at a closed unpublished node and determine which output belongs to that node. And because channels are composed of two participants, by simple elimination, the other output obviously belongs to the counterparty. Now, a node that only has unpublished channels has to (in the current network) be connected to a node with *mixed* published and unpublished channels. Otherwise, it would not be able to find a route to *any* other payee via that channel, and thus the channel capacity is wasted. When that channel is closed, with non-negligible probability it is possible to determine which output goes to the "mixed" node and which one goes to the "unpublished-only" node. That can then be tracked as well. Thus, a node which has only unpublished channels does not really have a much improved privacy over one which uses only published channels, or has a mix of channels. -- On the other hand, I have written before about "CoinSwapper", which is basically: * Use some onchain funds to create a channel to some random well-connected node. * Pay to an offchain-to-onchain swap and withdraw all your coins onchain. * Close the previous channel and blacklist your output from the mutual close (i.e. throw away the key and destroy all evidence that you used that channel). This allows some privacy, as long as you never use the output from the mutual close. This is a clunky way you can achieve CoinSwap in practice today without waiting for specific CoinSwap software. Regards, ZmnSCPxj ___ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
Re: [Lightning-dev] Questions on lightning chan closure privacy
Hi Lee, You are touching on some very relevant privacy challenges for lightning. To your questions: 1. Is it possible to identify which node funded a lightning channel? (this tells you who owns the change output) 2. Is it possible to identify who owns which channel close output? I think that the answer to both these questions hinges on whether you exclusively use private channels. If you fund private and public channels with the same wallet then it may be possible to identify your private channels and the owner of the channel and channel close outputs[1]. I've recently tried to describe what I think needs to happen to turn lightning into an effective layer-1 privacy tool in the "Removing cross-layer links" problem on bitcoin-problems.github.io[2]. Cheers LL [1] https://arxiv.org/pdf/2003.12470.pdf (section 3.2).[2] https://bitcoin-problems.github.io/problems/removing-cross-layer-links.html [2] https://bitcoin-problems.github.io/problems/removing-cross-layer-links.html On Sat, 17 Apr 2021 at 12:22, Mr. Lee Chiffre wrote: > > > Two, if the balances of each side of a > > channel are different when closing vs. opening, can someone determine > > which output from the 2 of 2 multisig belongs to who? > > > A thought to add to my last email. In theory it could be determined if the > output belonging to a certain node later uses that as an input for a non > private chan opening right? But that would also look the same if it was > also the same user opening a new chan to that node? > > This brings to another question. Not just chan closure but on chan opening > is it possible to determine which input came from who? > > ___ > Lightning-dev mailing list > Lightning-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev > ___ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
Re: [Lightning-dev] Questions on lightning chan closure privacy
> Two, if the balances of each side of a > channel are different when closing vs. opening, can someone determine > which output from the 2 of 2 multisig belongs to who? A thought to add to my last email. In theory it could be determined if the output belonging to a certain node later uses that as an input for a non private chan opening right? But that would also look the same if it was also the same user opening a new chan to that node? This brings to another question. Not just chan closure but on chan opening is it possible to determine which input came from who? ___ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
[Lightning-dev] Questions on lightning chan closure privacy
When opening and closing channels on lightning it involves 2 of 2 multisig bitcoin addresses. I have two questions. One, if it is a private lightning channel can someone who is analyzing the transaction details of the 2 of 2 multisig address when the chan is being opened or closed, determine what lightning node it belongs to? Two, if the balances of each side of a channel are different when closing vs. opening, can someone determine which output from the 2 of 2 multisig belongs to who? Random people connect to my lightning node with private channels frequently including myself. Does a few transactions then closes the channel. Somestimes I even open a chan to the lightning network and make payments to myself to one of my my other chans (sometimes private, sometimes not) before closing. Depending on the answer to my questions, lightning be used sort of like a fancy payjoin network by mixing the cluster of my coin history with users of my nodes along with that of the nodes I open and close chans to? Could someone mix their bitcoin by such activity of opening and closing private chans to random nodes after sending some amount to their other chans (or maybe reverse submarine swap) before closing? Please CC me when replying so I get a copy. -- lee.chif...@secmail.pro PGP 97F0C3AE985A191DA0556BCAA82529E2025BDE35 ___ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev