Published on: 2018-02-24T00:11:52+00:00
The discussion revolves around the privacy concerns surrounding signed invoices and proof-of-payment mechanisms on the Lightning network. It is clarified that this feature is optional, and either party can choose to skip the proof-of-payment scheme if desired. The concept of proof-of-payment is defined as a piece of data known to the payee that allows them to prove that payment was made to them and in exchange, they agreed to transfer ownership or provide services.The requirements for proof-of-payment include that it must be available to the payer who has the burden of proof, must prove agreement between both parties, and must mention specific obligations and identity. While the current invoice protocol meets most of these requirements, there are still privacy concerns that arise, such as the requirement for the payer to learn the payee's identity and vice versa.In a discussion about proof-of-payment, it is suggested that removing destination awareness can greatly reduce privacy issues. Proof-of-payment is defined as a piece of data allowing the payee to prove payment was made and ownership or services were transferred in exchange. The burden of proof lies with the payer, and the proof must indicate agreement, specific obligation, and identity of the parties involved.While it may not be necessary for the proof itself to mention identity, it is important for the payer to know the identity of the parties to verify agreement. The current invoice protocol meets many of these requirements, including the optional inclusion of the payer's node ID and free-format fields for multiple obligations and payment hashes. However, there are still privacy concerns regarding the need for payers and payees to learn each other's identities and cryptographic proof of consent. Additionally, the issue of distinguishing between multiple identical transactions with the same proof-of-payment remains unsolved.The privacy focus of payment has been on the payer more than on the recipient. To address this, there could be an ability to provide a pre-cooked onion that would allow payment to an anonymous destination directly or via a middleman who has that pre-cooked onion. However, it is not currently possible as shared secrets required for decoding error replies allow decryption of the entire onion. It is suggested that errors from the final destination are needed to reflect them. A simple tweak to use the SHA256() of the secrets for shared secret used to encrypt the error replies would allow providing those error secrets along with the onion.ZmnSCPxj has suggested a way to anonymously donate money to a node without leaving proof of the payer's identity. This can be achieved by hiding the payment in fees and removing proof-of-payment selectively. The process involves routing from oneself to the payee node, then back to oneself while paying oneself the minimum HTLC forwarding amount and leaving a hefty fee to the payee node. The payee cannot prove that it received payment from the payer as it was just a payment forwarding. Similarly, the payer cannot prove that it paid the payee as anyone on the route other than the payee could have been the source of the payment. However, this method assumes that the payer does not control the entire route.The writer expresses concern over the privacy implications of signed invoices and proof-of-payment mechanisms on the Lightning network. While such evidence could be useful for dispute settlement, sensitive transactions should also be possible without negative consequences. Node IDs can act as pseudonyms, but creating a new node for every transaction would be impractical. Additionally, some transactions are inherently tied to physical identity, making it difficult to maintain anonymity.The writer suggests having multiple nodes - one tied to physical ID and one or more virtual identities - to transfer funds between them without outsiders receiving payment information. The writer asks whether proof of payment should be optional, whether its strength should be reduced, and whether bi-directional routing is useful. Overall, the writer believes that privacy concerns must be taken into account in the design of the Lightning network.
Updated on: 2023-07-31T19:47:14.883308+00:00