Avatar
Super Testnet 8mo ago

I did not notice it, but now I've read it. I think they are wrong.

They claim that when paying a bolt11 invoice, Acinq "learns the amount and destination of BOLT 11 payments" because they are the ones who calculate the route. But I think they are overestimating what they learn -- bolt11 has built in privacy protections that I don't think they are considering, including these:

- a bolt11 does not tell you the recipient's ip address unless they are a routing node -- it just tells you a random pubkey that is only used for communication and never holds any money

- a bolt11 does not tell you what bitcoin address the money ends up in (i.e. the 2 of 2 channel whose state gets updated. It also doesn't tell you the address of the off-chain htlc that temporarily holds the money until the payment resolves)

- the pubkey listed in a bolt11 might not even belong to the "real" recipient -- invoice wrapping is a thing supported by several services now including voltage, lnproxy, and robosats, and Phoenix cannot know if an invoice is wrapped or not

- the pubkey listed in a bolt11 might simply belong to another routing node and Phoenix would have no clue -- they are just "assuming" the pubkey belongs to the recipient (and thus that they know the destination) but it might belong to a routing node and screw up their assumptions

- so Phoenix might *think* they learn info about the destination from a bolt11, but I don't think they really do

- and btw, that tells them nothing about the sender -- the person who *seems* like the sender might be a routing node too and Phoenix would have no idea

They also claim: "ACINQ doesn't know the origin node [when you receive a payment[. It knows the destination Phoenix node and the amount."

I think they are wrong again. They might *think* they know the destination because they assume they are forwarding it to you and it stops there. But *you* might be a routing node forwarding it to someone else and they would have no idea about this.

> In the case of Phoenix->Phoenix payments, ACINQ will always know the origin and destination node, and the amount, even with BOLT 12

I think they are wrong again. A phoenix->phoenix payment inherits the same uncertainties as every other payment: they don't know if the person who *seems* like the sender is the *real* sender or just another routing node; they don't know if the person who *seems* like the recipient is the *real* recipient or just another routing node; they *think* they learn all this info but I don't think they are considering the privacy protections built into bolt11 and as well as optionally available through invoice wrapping services (some of which are automatic)

Bolt11 is more private than you might realize! I certainly think it's more private than Phoenix realizes.

Reply to this note

Please Login to reply.

Discussion

Avatar
Cody 8mo ago

Very compelling! I hope you're right, can't wait to hear other lightning heavy hitters weigh in.

Avatar
calle 8mo ago

He's wrong

Avatar
Super Testnet 8mo ago

I'm right and I know how to prove it

Time to build LSP Blinder: a tool that lets you trick an LSP into thinking *one* wallet is the sender or recipient when the *real* sender or recipient was some other wallet -- potentially one the LSP doesn't even know exists

Avatar
calle 8mo ago

I'm not talking about what could exist in a potential world but what does exist in the today.

Avatar
Super Testnet 8mo ago

well then give me a few days and I'll try to change the world

Avatar
calle 8mo ago

That's the spirit

Avatar
Super Testnet 8mo ago

I outline the protocol here: https://github.com/supertestnet/lsp_blinder

Avatar
calle 8mo ago

Ok cool, but just to make this clear to anyone else, what you said above in this post is still wrong and misleading, i.e. acinq can see all payments, privacy of Phoenix wallet is as bad as it gets for non-custodial lightning.

Avatar
Super Testnet 8mo ago

LSP Blinder is undetectable so who knows if it's already in use? No one! Since LSP Blinder ruins LSP heuristics and no one knows if it's in use, LSPs can't know if their heuristics work. They can't know who the sender or the recipient is.

Avatar
Super Testnet 8mo ago

I issued a public challenge to Phoenix Wallet here: https://x.com/SuperTestnet/status/1916838692259299818

They claim they can trace bolt11 payments to their destination if the sender uses their software. Let's see them trace mine!

Avatar
aljaz 8mo ago

in the best case (all of your statements being true) you are still describing a hypothetically possible scenario assuming everything you assumed works out (which it doesnt since phoenix can't route to state the obvious)

the reality is that all architectures have their pros and cons, and in cases of full ties to an LSP like phoenix example you sacrifice some privacy. claiming otherwise and trying to construct a potentially plausible way of minimizing the sacrifice is just trolling at this point