STORY
ELI5: Why sharing channel balance data is bad for privacy?
AUTHOR
Joined 2022.09.20
PROJECT
DATE
VOTES
sats
COMMENTS

ELI5: Why sharing channel balance data is bad for privacy?

In my last PPP for lnproxy I mentioned the issue of balance sharing. @ed left a comment asking for a more thorough explanation. This issue has two sides, the pros and cons of balance sharing. Since I don't run a routing node, I'm not really well equipped to explain the pros but I can explain the cons.

Onchain privacy

When you pay someone with bitcoin onchain, the payee can look at a block explorer to see where the UTXO you paid with came from. Maybe you got it from an exchange wallet, or you got it from the ripple treasury, or you got it from an from a ransomware attack! Maybe you're just a merchant that accepts bitcoin and don't care where it came from, but now you're all mixed up some mess. What's worse, most onchain payments have change (since the UTXOs that you have don't usually match perfectly the amount you want to pay). This means that the payee can then keep an eye on the change to see what other UTXOs you own (when you combine UTXOs) or who you pay in the future (when you spend one of your linked UTXOs).

Lightning privacy

On lightning, everything is much better. When you pay someone on lightning, the payee learns which of their channels received the payment, and nothing else. An evil payee might try to get their channel counterparties to reveal the source of previous hop, but even then, the evil payee would have to keep asking nodes along the route to sell out your privacy. Even if everyone along the route was evil and sold you out, and the evil payee reached your node, you could just refuse to tell them anything. This would force them to wonder if you were the source of the payment or just an honest node standing in the way.

Balance sharing degrades Lightning privacy

Unfortunately, if a central entity has a real time feed of channel balances from lots of large nodes, then lightning payments are not as private. Consider a hypothetical worst-case scenario where everyone except for you is sharing an accurate realtime account of their channel balances with amboss.space. Then, amboss can see your payment as a shift in balances on the channels all along your route. This reveals everything an on-chain payment would reveal and more! Not only does amboss.space know who you paid they also know everyone you've ever paid from that node, and everyone that's paid you. They know where you buy your coffee and how much bitcoin you have on your node.

Obviously, that's an extreme scenario. I'm not sure what the relationship is between the amount of sharing and the degradation of privacy. Maybe everything is fine until most nodes are sharing their balances, or maybe just a few big nodes sharing good data is enough to noticeably degrade everyone's privacy. It's an empirical question that only the central entity with access to the balance data will be able to answer.