Casa Blog - Bitcoin Security Made Easy

In addition to helping bitcoin scale to millions of users, the Lightning Network is a major step forward in improving the privacy of everyday bitcoin transactions. In this article, we’ll discuss several key Lightning features and how they impact your individual privacy.

⚡️ What is Lightning?

First introduced in January 2016, Lightning is a second-layer payment channel network optimized for fast and cheap bitcoin microtransactions, down to the smallest unit of millisatoshis. A payment channel is simply a financial connection between two nodes where bitcoin can flow (back and forth, if it is bi-directional). The network is formed via a constellation of these relationships between an ever-growing number of nodes.

In short, Lightning still relies on the underlying security and consensus of the bitcoin blockchain, but since payments are done “off-chain,” the main privacy benefit is that much of the analysis/surveillance must become active rather than passive. Imagine active surveillance as a wildlife camera that will send immediate alerts to rangers when it spots particular animals they are interested in, but does not store footage long-term, whereas a passive surveillance camera would send no alerts but would capture and store hours or days of footage that the rangers can retrieve and look through later.

To understand what is going on in Lightning, one must be studying the movement of information/funds in real time (and even participate in it), rather than retroactively searching through transaction history, as you can do with on-chain data on block explorers.

Furthermore, just like with on-chain bitcoin, it is ideal for you to control the keys in your Lightning wallet. Not your keys, not your coins!

Lightning payments are usually relayed through multiple parties with limited knowledge.

🔀 Routing

Lightning sends payments from your wallet/node to the recipient using onion routing, similar to the Tor network. In short, imagine a relay race where your payment is the baton, and each participant in the relay (nodes) can only see two people in the race: the person who hands them the baton and the next person to whom they hand the baton.

Only the person who initiates the race and the person who receives the baton at the finish line know where the baton will end up – the other participants don’t know what position they have in the relay. Maybe the person who passes them the baton (payment) is the original sender, and maybe the person they pass it to is the final recipient, but they can’t be sure because of onion routing. The details of the whole route are encrypted in layers, like an onion being peeled. Each passing of the baton (payment) only reveals the next destination in the route. Routing nodes do not know the sender and recipient of Lightning payments.

In practice, however, there are many caveats. Lightning actually protects the privacy of the sender a bit better than the receiver because of what the receiver discloses about their node(s) and payment channels when generating an invoice, especially if a memo is included (referred to in the documentation as the ‘d’ field). Invoices are generated by the recipient of a payment and specify the amount to be paid. Memos are optional messages where additional information about the payment can be conveyed.

You should avoid sharing invoices publicly, e.g. on social media or personal websites. As with sharing regular bitcoin addresses, use private messaging.

💃🕺 Opening and closing channels

Using the Lightning Network involves opening, funding, and closing these payment channels, which require on-chain transactions.

Once you open a channel with another party, you can announce it to the rest of the network. Announcements and other information about available routing paths is shared over what is called a gossip protocol, a peer-to-peer way of disseminating information in a computer network.

How does this work? Imagine that the Lightning Network is a private dance club where everyone is masked once you’re inside. The on-chain transactions for funding channels are like footprints left in the dirt outside the club’s entrance.

Someone looking to spy on the club won’t be able to know who is inside or how they are dancing (making and routing payments) without going in themselves and interacting directly with people. However, they could at least get a good idea of how many people are inside the club by examining and counting the footprints they left (on-chain multisig transactions). Even if there are extra private sections of the club (private channels) that are much harder to find and enter, people who have entered those sections are still leaving footprints outside.

If you wish to withdraw your bitcoin from Lightning, you must close a channel. A cooperative close, as opposed to an uncooperative or unilateral close, is where both parties in a payment channel mutually agree to settle the channel on-chain and receive their portions of the balance.

👀 Private channels

Unless your Lightning node (a regular bitcoin node plus a Lightning compatible client) uses Tor, then certain metadata such as your node’s IP address will be widely shared for it to function in the network. You can avoid this somewhat by only using so-called “private channels.”

There is a misconception here, however, as private channels are not private in the sense that they are any more confidential than public channels. Rather they are channels that have not been “announced” to the rest of the network, so they do not become “known” as an avenue for routing others’ payments. If they become known, however, others can use them for routing.

🛠 Future upgrades

Upgrades are taking place that will further enhance Lightning privacy. In November 2021, the Taproot soft-fork upgrade was activated on bitcoin. As explained here, the use of Taproot in opening Lightning payment channels will make it harder to distinguish between them and other multisig transactions from regular single-signature transactions on-chain unless they spend the funds using their ‘uncooperative/recovery’ spending conditions.

Additional resources for learning about Lightning

🔑 Enhance your bitcoin security

With multiple keys, you can protect your bitcoin with best-in-class security against hacks, accidents, and theft. Casa makes it easy to use multiple keys with one smooth app. Learn more here.