[Education] Rendezvous Routing on the Lightning Network
110 sats \ 0 comments \ @JohnCantrell97 27 Jul 2022 bitcoin
Twitter thread
Lightning’s onion routing provides great privacy for both the sender and receiver in terms of what the nodes who help route the payment can learn. They have no idea who the sender or receiver are but can we do even better?
We can!
One issue is that the sender knows who the receiver is. While this isn’t a huge issue since you often know the person you are paying, there’s no reason you need to know which lightning node they’re running. Also, one might want to receive payment completely anonymously.
There are a couple ways we can go about hiding who the recipient is from the sender. The technique I’m going to explain in this thread is called Rendezvous Routing. This was proposed many years ago by Christian Decker (I think?).
As the name implies, rendezvous routing involves meeting a specified point in the network graph. The recipient of the payment picks a public node to use as the rendezvous point for the route and generates a route and onion from the rendezvous point to themselves.
The recipient shares the rendezvous point/node with the sender in the invoice. When the sender builds a path to pay the recipient they build a route/onion that routes the payment from them to the rendezvous point.
So in a normal payment, if Alice was paying Edward then she would construct the entire path to Edward like this: Alice => Bob => Charlie => Diane => Edward. To reiterate the problem, Alice learns what node Edward controls.
If Edward wanted to preserve his privacy he could pick some random node Ralph to act as the rendezvous point. He would build a path from Ralph to himself like this: Ralph => Susan => Thomas => Edward. He would then give this route to Alice as an encrypted onion in an invoice.
Alice generates a route to Ralph: Alice => Bob => Charlie => Ralph and prepends it to the encrypted onion that Edward gave her. There's a bit of info added to let Ralph know he’s being used as a rendezvous point and enable him to perform the forward correctly.
The final route looks like this: Alice => Bob => Charlie => Ralph => Susan => Thomas => Edward. However, from Alice’s perspective she never needs to learn what Edward’s node is as she only needs to route to Ralph. She also learns no info about the route from Ralph to Edward.
If this is such an old proposal then why isn’t this in use on the lightning network today? That’s a great question. I think the answer is a combination of there being much higher priority items to tackle and a potential better solution for recipient privacy emerged: Route Blinding.
I hope this helped you understand one potential solution for achieving recipient privacy on the lightning network. I’ll follow this up with a thread on Route Blinding so you can get a better sense for a technique that we will (hopefully) see in the spec relatively soon.
write
preview
related posts