Advanced Techniques for LN Privacy: A Guide to Trampoline Payments and Blinded Paths

Photo by Traxer on Unsplash

Advanced Techniques for LN Privacy: A Guide to Trampoline Payments and Blinded Paths

The Lightning Network (LN) offers a revolutionary path towards faster and cheaper Bitcoin transactions. However, its reliance on intermediary nodes raises concerns about user privacy. Unlike the (pseudo)anonymous nature of on-chain Bitcoin transactions, LN transactions can reveal a user's financial activity.

This article will explore the functionalities of trampoline payments and blinded routes, explaining how they conceal information about the sender, receiver, and payment path. We will also discuss the technical aspects, advantages, and limitations of these techniques. Finally, we'll look towards the future of LN privacy and how these techniques can contribute to a more secure and anonymous payment experience.

Onion Source Routing

Currently, the LN utilizes Onion Routing (OR), which creates a layered encryption scheme similar to an onion. The sender selects the payment path and builds the entire onion for that path. As the data travels through the network, each intermediary node decrypts a single layer, revealing only the next destination and the amount to be forwarded. This effectively hides the complete path and the sender's and receiver's identities.

However, implementing OR comes with its own set of challenges. Here's a breakdown of two key limitations:

  1. Source Routing Burden: OR requires the sender to compute the entire route. This necessitates the sender maintaining a comprehensive and up-to-date map of the entire network. Managing such a large map can be resource-intensive as the network grows, especially for mobile devices with limited storage and processing power.

  2. Network Gossip and Privacy Trade-off: For OR to function effectively, nodes need to exchange information about their channels with each other. This "gossip" protocol allows nodes to build a network topology and discover potential routes. Nodes announce their channels to the network, revealing the UTXOs (unspent transaction outputs) that open those channels. This, in turn, can be linked to the node's public key, which is readily available from any invoice generated by that node.

Though not deal-breakers, these limitations highlight the need for alternative approaches when building privacy-focused features within the Lightning Network (LN). Such techniques include trampoline payments and blinded paths, which aim to enhance user privacy in LN while addressing the shortcomings of traditional Onion Routing.

  1. Blinded Paths

    Using this technique, a portion of the payment path remains hidden from public view. The receiver employs Elliptic Curve Diffie-Hellman encryption with each node to establish shared secrets, forming a blinded path. These shared secrets generate "blinded" node IDs for each node, obscuring their actual IDs and enabling the receiver to conceal the payment path. Additionally, encrypted data is created for each node in the blinded path, facilitating each node's ability to "unblind" the subsequent node.

    The recipient shares the introduction point's node ID with the sender to establish the payment path until that node. Additionally, the recipient provides the sender with a list of "blinded" node IDs, derived from shared secrets, along with encrypted data for each node in the blinded path and the first "ephemeral blinded key." Armed with this information, the sender constructs the payment path up to the introduction point as it would for a regular payment. Upon reaching the introduction point, the node "peels" its onion layer to reveal the first ephemeral blinded key and encrypted data. This information is then used to "unblind" the first node in the blinded path and calculate the ephemeral key required for the subsequent node, enabling the payment to be routed accordingly.

  2. Trampoline Payments

    Trampoline payments offer a streamlined approach to routing payments, which is particularly beneficial for mobile and resource-constrained devices. With trampoline payments, specialized nodes handle the pathfinding process. Thus, senders can offload this complexity, simplifying the payment process. Sending Lightning Nodes no longer need to maintain the entire network structure; instead, they only need to connect with specialized trampoline nodes offering pathfinding services.

    While trampoline payments are convenient, they often come with higher fees than traditional source-based route payments. Nodes capable of handling trampoline payments advertise their services to the network and may charge additional fees for pathfinding. Senders select trampoline-compatible routing nodes and create a "trampoline onion" containing full IDs of target nodes. This onion routing method streamlines the payment process by leveraging trampoline nodes to bridge gaps between non-directly connected nodes.