An Analysis of Privacy in the Lightning Network

Lightning generally has very good privacy for senders. Someone would have to actively control multiple nodes along a route and surveil their traffic to correlate payment hashes and attempt to doxx payment flows. Even then, it’s difficult to prove where the payment originated.

However, your lightning service provider knows a lot about the payments you make.

For example, if you pay an invoice using strike, strike knows your account paid this invoice. It knows the destination of the funds for that invoice, and if the invoice has any identifying information in the memo field then strike can make a guess as to what the invoice was for (e.x. $100 Amazon gift card — Bitrefill, etc.)

So for best privacy, use your own LN node.

If your node only has one public channel to Bitrefill (for example) Bitrefill can be pretty confident that any payments they received from your channel or any routes that included your channel were destined/originated from your node. Simply because you have no other public channels it could have come from.

So for best privacy, either use unannounced channels exclusively, or if you must have public channels, use multiple public channels so you have plausible deniability that a payment originated from your node.

It’s way easier for a receiver to try and doxx senders in other ways. Like, what IP address did they use when they requested an invoice, etc.

As for the onchain footprint, if someone is watching your addresses, they will see that your funds were used to open a channel with another node. They will also see the name of the node you opened the channel to. When you close the channel, two outputs are created. Each node gets an output. One output is usually larger than the other simply because channels rarely close in a perfectly balanced state.

From an onchain perspective, it only appears that you paid your channel peer some sats. There is no single permanent record of the LN payments or routes you made while that channel was opened. Those records exist in the databases of all the nodes that forwarded the payments. It’s ephemeral and distributed data that’s difficult to collect.

So for best privacy, try to keep your channels open for as long as possible. If you must close a channel, try to do it with all the sats on your side. That way it appears onchain like the channel was unused since it closed in the balance as it was opened and the net value transfer from your node to the channel peer is small.

Remember those two outputs that were created at channel close? Well, if we keep watching the chain, it’s possible to determine which output was paid to which node.

Suppose I open a 1M sat channel and send 0.9M sats thru it. Then I close the channel. I received 0.1M sats and my channel peer received 0.9M onchain. However, anyone watching the chain isn’t sure which node received the 0.1 and which one got the 0.9. This is great for privacy! However, most nodes will just reopen more channels using the outputs from channel close transactions. Therefore, if we wait long enough, the odds are high that my node will use the 0.1 output to create another channel. Once my node does this, I’ve essentially doxxed that my node was the one who received that 0.1M output, and therefore the 0.9M output went to my peer. This is simply due to the common input ownership heuristic and the fact that LN channels are broadcast publicly. This is bad for privacy. Especially since only one node in the channel needs to reuse this output in order to doxx both node’s balance.

The solution, is to track your outputs and CoinJoin them immediately after closing. Alternatively, use a tool like Nolooking to create channels from a batch PayJoin transaction.

So in short, using LN casually does not “mix” your funds. Every channel closure will leave a record of ownership and reusing those outputs in future channel opening txns may doxx your balances. Using LN however does obfuscate the destination of payments. You could have a channel with a regulated exchange and use that channel as the first hop to pay invoices from anyone on the network. The only onchain record is that you paid the exchange via a LN channel closing tx.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments (