Lightning Network Overhaul Could Strengthen Bitcoin Privacy – But Many 'Ifs' Remain

Research is being conducted. Experiments are brewing. Behind the scenes, Lightning Network developers are planning to (eventually) completely rewrite an important part of bitcoin.

Known as Bitcoin's second layer because most of the action takes place off the blockchain, Lightning is being built out for faster, cheaper and more scalable bitcoin payments. The network is functional today, but it turns out it might make sense to strip out an important part and replace it with new technology to strengthen privacy.

Hashed Timelock Contracts (HTLCs) are an integral piece of the Lightning Network, making it possible to send payments without trusting anyone. Now, developers are exploring replacing them with Point Timelock Contracts (otherwise known as "payment points" or PTLCs), which can do the same thing, they say, but better. 

The idea was first proposed by pseudonymous Lightning developer ZmnSCPxj, whose open-source development work is sponsored by Square Crypto, an R&D arm of the Silicon Valley payments unicorn.

Read more: Square Crypto Bankrolls Star Lightning Developer Known as ‘ZmnSCPxj’

At the forefront of exploring this enhancement is Suredbits developer Nadav Kohen, who started looking into the idea because he was interested in the possibilities of bitcoin smart contracts, which describe more complex conditions required before a payment can be made, such as requiring a certain date to have passed, or requiring that the temperature somewhere be above, say, 90 degrees.

"I've spent a lot more time digging into what can be done using PTLCs that can't be done with HTLCs and it turns out you can do some pretty complicated ... contracts without losing the privacy and speed provided by the Lightning Network," Kohen said. "And furthermore, many existing Lightning-related proposals can become even more powerful and improved when using PTLCs."

While the Lightning Network is still relatively young, developers are finding new, better ways of constructing it from the ground up. For example, Eltoo, if implemented, will also be a fundamental change to the network.

The Lightning Network is a global payments system made up of at least 12,000 nodes.

When someone sends a payment, under the hood it hops from one node to another until it reaches the destination. All this most likely occurs in a fraction of a second. The way payments move across the system without trusting the nodes that the user is passing their bitcoin through is by way of HTLCs.

HTLCs are so named because each node in a payment path receives a "hash," a random-looking string of letters and numbers, which hides the secret that can be used to retrieve the bitcoin.

Read more: A New Twist On Lightning Tech Could Be Coming Soon to Bitcoin

One problem with HTLCs is that all intermediaries in the path get the same hash, which can be a problem from a privacy point of view because it gives snoops a little better idea of where a payment is coming from or where it's going.

"If I was trying to do surveillance of payment activity on the Lightning Network, I could set up a bunch of routing nodes and if I route two payments in two different places that have the same hash, I can be sure that these two payments were on the same route which narrows the possible senders and receivers of this payment considerably," Kohen said.

PTLC, on the other hand, can add a "random tweak" at each hop, Kohen said, making it harder to tell that they are part of the same payment path. (Those interested in the technical bits can read Kohen's series of technical explanations.)

This is the reason Kohen believes the change is "necessary" for Lightning.

Developers have been trying to improve Lightning's privacy as much as possible. Bitcoin is quite transparent because every transaction is recorded in a public repository. The Lightning Network's "off-chain" transactions might show promise in changing this, since payments are not indelibly imprinted in the Bitcoin blockchain.

Read more: Bitcoin’s Future: Exactly How a Coming Upgrade Could Improve Privacy and Scaling

As a bonus, PTLCs open up some other possibilities too. They build in some protections against "wormhole attacks," used by malicious actors to sneakily pilfer fees that are supposed to be paid to intermediary nodes, Nadav explained in his post.

And useful information can be stored in a PTLC, making it a possible tool for more complex smart contracts.

"Specifically, there is very little useful information in a hash, while there is significant information that can be stored in a point," Kohen said. 

In this way, PTLCs could be used for escrow, for example, or for "oracles," long a hot topic in cryptocurrency, where payments depend on data incoming from the outside world.

Kohen and others are actively researching the change and its potential impact, but it will take some time before developers can make the shift.

Technically, the change could be added to Lightning now. At a virtual Lightning hackathon last month, Kohen, Blockstream engineer Jonas Nick, and others created a proof of concept over Elliptic Curve Digital Signature Algorithm (ECDSA). 

Read more: Bitcoiners Sprint to Improve Lightning Network in 2-Day Virtual Hackathon

Kohen argued the change is "the best" if it's built on top of Schnorr/Taproot, a likely upgrade that hasn't made its way into bitcoin just yet. Schnorr/Taproot offers a new way to "sign" transactions in bitcoin, which is how a user cryptographically proves that they own bitcoin and are allowed to transfer it to someone else. Schnorr/Taproot offers advantages over bitcoin's current signature scheme ECDSA.

Without Schnorr ready yet, Kohen and others only plan to use the ECDSA version to experiment with PTLCs in a sandbox so that once Schnorr rolls around they'll be ready.

"Aside from theory, there is finally a way to do experimentation now. I'm really looking forward to seeing all of these proposals which have only been on paper come to life finally," Kohen said, adding:

"I don't intend the current coding work that has been done using ECDSA adaptor signatures to end up in any Lightning implementation's actual production, but rather I intend to use ECDSA adaptor signatures to test out the large set of proposals that require PTLCs, as well as try to hit the pain points that are not specific to ECDSA-based PTLCs, so that we can have as much of a headstart as we can before Schnorr arrives and it is time to commit to a way of doing PTLCs on lightning."

But the steps don't end there. Once Schnorr is through, the change will require quite a bit of coordination.

The good news is Lightning developers Kohen has talked to agree the change should be made. So far, there's only been debate about implementation details.

"I have yet to talk to a single person who does not believe that someday ... Lightning will for sure move to using PTLCs instead of HTLCs. I have met people who disagree about various implementation details but I've never met anyone who doesn't think that PTLCs are inherently superior to HTLCs without any real downside," Kohen told CoinDesk.

But even with agreement that the change will improve the lightning network, it is a huge change that will take time. 

"Rather than a 'few changes,' this would to date be the largest network-level update undertaken to the Lightning Network thus far," said Lightning Labs CTO Olaoluwa Osuntokun in an email discussing the change with other developers.

"I'd caution against underestimating how long all of this will take in practice, and the degree of synchronization required to pull it all off properly," he added.