Can blockchain micropayments be fast, decentralized and private?
That question arguably forms the core of a new white paper penned by researchers at Johns Hopkins University that explores methods for bringing greater anonymity to off-blockchain micropayment networks.
In the paper, researchers Matthew Green and Ian Miers explore privacy in the context of micropayment channels and outline a new scheme for blind off-chain lightweight transactions, or Bolt, which they believe will provide "private, instantaneous [and] anonymous payments".
The proposal comes at a time when privacy efforts are mainly being directed toward on-blockchain payments, as opposed to those that would be carried out on top-level architecture. This, the paper argues, means privacy concerns related to proposed projects (such as bitcoin's Lightning Network) have received less attention, despite the belief these networks will prove key to extending cryptocurrencies to more users.
Miers, who also worked on the anonymous cryptocurrency Zcash and Zerocoin (the protocol on which its based), told CoinDesk:
"The question is: Can you build something like Lightning that actually does provide privacy? That was the motivation."
In Miers' eyes, cryptocurrencies face three main issues: scalability (or the ability to support more users), the slow speed at which transactions are confirmed (around 10 minutes for bitcoin and two-and-a-half minutes for Zcash) and transaction privacy.
Micropayment channel networks, such as the in-progress Lightning Network or Thunder Network, solve the first two problems by moving transactions to a new layer. Instead of recording every transaction on the blockchain, users open up channels, perhaps someday by clicking in an app, settling transactions on the blockchain only when necessary.
Proponents argue this solves the scalability issue and allows for many more transactions while still not requiring trust in any third party.
Finally, there's the issue of privacy, which has been partially addressed by Zerocoin and the much-anticipated Zcash, the release of which was delayed last week.
This anonymous cryptocurrency, the researchers say, could guard channel openings and closures from revealing information about the customer and merchant. However, the paper suggests that it would do little to hide information on micropayment channels.
A new Bolt blog post explains why this might be a problem:
"These IOUs form a unique identifier which can be used to track Alice much like a cookie. Anyone who observes these (eg the Tor exit node) will not a priori know who the identifier belongs to – her actual identity is still protected by the anonymity service – but they can still observe page views and patterns because multiple payments on a payment channel are inherently linkable."
This is enough information to potentially reveal the person's identity or other information about his or her online activity, the researchers argue.
Bolt chips away at the remaining problem privacy problem by making payments within the channel unlinkable.
"You accomplish paying them, but you haven't revealed who you are," Miers explained.
It anonymizes the "IOUs" in the micropayment channel by using two long-established cryptography techniques called commitments (which hide the value of a payment) and blind signatures (which allow someone to sign a transaction without revealing what's being signed).
Bolt works with bi-directional micropayment channels where parties connect directly to each other and update payments each way, but for now, there's one key limitation. Bolt can only support one intermediary hop, meaning it is perhaps not as decentralized as desired by developers.
Miers argues there's still a risk payment channels could become centralized, and that multi-hop micropayments, such as those offered by Lightning's proposals, could fail to materialize.
In the case of this future, he argues Bolt will protect user information.
"If Lightning takes off it might be concentrated in the hands of a few players – you'll end up with an analog of Visa or Mastercard where you don't have to trust them with your money, but they're going to be able to see all of these transactions," he said, adding:
"Bolt is a nice way of making sure they don't see anything at all."
According to the researchers, Bolt can work with any cryptocurrency as long as it supports the necessary cryptography primitives.
Bitcoin can support it right now, but "at the cost of using hash-based commitments and generic circuit-based multiparty computation (MPC) for blind signing with ECDSA," as the blog post explains.
However, Miers said that it works much better when paired with an anonymous currency like Zcash. Payments on the same micropayment channel will be unlinkable when using Bolt, but the part where you establish the channel on the blockchain won't be.
All in all, Miers sees Bolt and micropayment channels solving key problems that bitcoin and other cryptocurrencies have faced so far.
Further, the researchers plan to release a prototype in the near future. Incorporating it into a cryptocurrency, they said, will take more time.
Hands on a keyboard image via Shutterstock