2 years ago
pLN is simply a caller wallet task that aims to marque it casual for users to travel the “happy path” of making bitcoin payments privately connected Lightning.
A mentation of this nonfiction was primitively published connected BC1984.
“Citadel Dispatch” occurrence 70, "Using Lightning Privately With Tony And @FuturePaul":
Tony:
“There's a good enactment betwixt educating and being doom and gloom. People request to beryllium educated that it's not cleanable and there's a batch of holes successful Lightning privateness and Bitcoin privateness arsenic well. It's not a mislaid cause. I similar to tow the enactment betwixt breaking privateness and fixing privacy. Breaking privateness to amended radical that it is benignant of breached and you request to beryllium careful. But past besides trying to amended and marque it amended astatine the aforesaid time. The crushed I bash this is truthful we tin get privateness to beryllium better.”
Matt:
“To hole problems you request to beryllium alert of problems first.”
pLN is simply a caller wallet task that Tony and @futurepaul are moving connected that aims to marque it casual for users to travel the “happy path” of making payments privately connected the Lightning Network.
It is inactive precise aboriginal connected successful the project, but the usage lawsuit is precise clear, considering each the pitfalls successful trying to walk bitcoin implicit Lightning successful a privacy-preserving way.
The main goals for the minimum-viable merchandise (MVP) motorboat of pLN are to alteration users to:
- Open Lightning channels via an on-chain deposit
- Make payments implicit Lightning
And, importantly, astatine slightest successful the archetypal version:
- Receiving Lightning payments volition beryllium disabled
- Each transmission volition beryllium opened connected its ain abstracted node
To recognize wherefore receiving payments volition beryllium disabled astatine the outset, it's important to recognize immoderate of the large pitfalls successful Lightning arsenic it exists currently:
- All invoices incorporate the transmission ID of the recipient
- The transmission ID leaks deterministic accusation astir the node/owner
However, if you usage the not-yet-widely-supported “Short Channel ID” instead, these person nary nexus to the chainstate, node proprietor oregon archetypal UTXOs utilized to money the channel.
The pLN app itself is being written utilizing Flutter, which means desktop and mobile (both for Android and iOS) versions volition beryllium made available.
Under The Hood
Under the hood, the app uses a “root node” and a fig of “channel nodes,” 1 for each channel. The app borrows heavy from John Cantrell's Sensei project, which is based on LDK.
The basal node takes attraction of the dense lifting: listening to gossip messages, gathering the web graph, computing routes and truthful on. The idiosyncratic transmission nodes lone way their ain transmission authorities and thing else.
The Bitcoin backend tin beryllium either a transportation to bitcoind oregon a idiosyncratic Electrum server. For mobile, Electrum would apt beryllium the champion prime arsenic it is designed for unafraid distant connections.
What If I Want To Pay My Friend Who's Also Using pLN?
Given that nonstop payments to transmission partners betray accusation astir your node and marque it wide that payments came from you, you should beryllium cautious astir making them, doing truthful sparingly astatine best.
The conception of plausible deniability comes into play with a greater fig of hops betwixt you and the last recipient. The much hops you marque on the way, the greater your anonymity set.
The app would yet let you to override the built-in protections and marque a outgo to a peer, but lone aft loud-and-clear warnings astir what this entails and what accusation you whitethorn beryllium leaking, if you take to proceed.
For example, you could take to marque a nonstop outgo to your person who's besides moving pLN if you wish. (Imagine you don't attraction oregon it doesn't substance if they cognize what channels you person open, since you're paying them successful idiosyncratic and you spot them.)
But the app would promote you to effort to marque a outgo with aggregate hops if astatine each possible. (Defaults would beryllium apt to opt for much than a mates hops astatine least, I assume.)
It would besides pass you if you effort to unfastened a transmission with a large nationalist hub (like successful ACINQ’s oregon Breez's nodes). Ideally, you should unfastened channels with unknown/smaller nodes whenever possible.
What About Large Payments?
Large payments tin beryllium made to look to beryllium partially-completed atomic multipath payments (AMP) payments (AMPs that are halfway done), with liquidity flowing retired from a fig of your idiosyncratic transmission nodes, arsenic needed. The sats each converge connected the last destination successful the end. Pretty cool!
Future Ideas For The App (TBD)
- Enable blinded paths erstwhile this is disposable successful LDK
- Continual CoinJoin with on-chain UTXOs successful the wallet connected the basal node
- Continual splice out/splice successful and CoinJoin with sats successful channels
- Timeout UX options: If your outgo is taking excessively agelong to route, the app whitethorn punctual you if you privation to effort different way with less hops
Closing Thoughts
- Privacy is simply a spectrum
- We person to equilibrium usability and idiosyncratic acquisition against anonymity sets (anonsets) and privateness portion trying to assistance forestall users shooting themselves successful the foot
I deliberation this is an breathtaking caller wallet and task that should assistance some with educating users astir privateness and allowing them to usage Lightning successful a straightforward manner.
This is simply a impermanent station by Adam Anderson. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.
English (US) 