Improving Anonymity of the Lightning Network using Multiple Path Segment Routing

Abstract

The Lightning Network (LN) is a second-layer solution built on top of the Bitcoin protocol, allowing faster and cheaper transactions without compromising on decentralization. LN is also designed to be more anonymous, since less information has to be shared with the entire network. This should, in theory, improve privacy as well. However, recent works have shown that this is not quite true: due to the deterministic nature of contemporary routing protocols, an adversarial node on a payment path is able to uniquely identify at least one sender or recipient for about 70% of observed transactions. To combat this breach of anonymity, we propose a new routing algorithm that makes use of multiple path segments. By splitting the routing problem into multiple routing sub-problems and forming the final route by joining these sub-routes together, we introduce a degree of randomness which nullifies this kind of adversarial attack. Even when designing a counterattack, we still get a substantial improvement in anonymity, roughly tripling the number of source/destination pairs per attack. However, the protocol is also very costly, doubling the average fee and increasing the average hop count by more than 60%. This shows that the proposed protocol is not strictly superior to the current implementation, meaning that other (less drastic) protocol proposals are likely to give better cost/anonymity trade-offs.