Payment Splitting And Switching: Improving Privacy And Payment Success Simultaneously
One of the fundamental limitations of the Lightning protocol is how payment routing is handled and accomplished. It is entirely source routed, meaning that the sender of a payment is the one who constructs the entire route from themselves to the receiver in order to facilitate the payment. This presents an issue when it comes to the changing balances of channels over time as they are routing payments between numerous different users across the network, once a sender “locks in” and decides on a specific route, that route cannot be changed until a failure message makes it way back to the sender, allowing them to construct an entirely new route going around the point where the initial attempt failed.
This necessitates either dealing with a cumbersome and annoying UX, or the use of payment probing, intentionally crafting payments you will fail on purpose just to see if the route you want to use will work before attempting again with the actual payment. The former is just a bad user experience and not what you want when trying to craft something to be a viable payment solution for people at scale, and the latter puts an undue burden on the network as a whole as routing nodes must deal with the network traffic and liquidity complications of constant payments made with no intent to finalize just to test the viability of a route.
The ultimate cause of these problems is the inability of a route to change mid-payment without the involvement of the sender. Because the entire payment route is onion encrypted, this is not really possible to do. Each hop is only aware of the hop before it, and the hop after it, they have no knowledge of the ultimate destination to enable them to construct an alternate route from them to the receiver.
Now, while this does present a huge barrier to shifting away from source-based routing, it doesn’t entirely prevent it. As an intermediary node, while you can’t completely reconstruct a new route from you to the destination, you can reroute the payment from yourself to the next hop defined in the path picked by the sender. So if Bob receives a payment that he is supposed to route to Carol, and the channel he is supposed to route it through doesn’t have the capacity needed to forward it, he can send what he can through that channel and route the rest of the payment amount through other routes he can find from himself to Carol.
Last month Gijs van Dam wrote a proof of concept plugin for CLN (available here) that does exactly that, building on multi-path payments that allow a payment to split up and take multiple routes to the receiver. If Bob and Carol are both running the plugin they can, in the appropriate situations, communicate to each other that a payment being forwarded along one channel is actually being partially rerouted so that Carol doesn’t immediately drop it when she sees what she is being sent is less than what she is expected to forward. This way if alternate routes are available between Bob and Carol when the sender-decided route isn’t viable, they can simply reroute the needed amount and the payment can succeed without having to completely fail, propagate back to the sender, and be rerouted by them.
If widely adopted as a standardized behavior on the network this could have a huge positive impact in the success rate of payments, drastically improving the UX of Lightning users looking for a simple payment mechanism that just works. It’s an incredibly simple and logical behavior that could significantly improve a well known shortcoming. That’s not all it can do though.
One of the big reasons that Gijs van Dam became interested in addressing this issue actually has nothing to do with simply improving the payment success rate and UX for users, it was actually because of a privacy shortcoming. One of the well known privacy issues that Lightning is vulnerable to is channel probing, this is the problem Gijs was concerned with.
As I mentioned above it is used by some wallets to ensure a payment will succeed before actually attempting the real payment, but this technique can also be used in order to ascertain the distribution of funds across both sides of a channel. Done repeatedly and with carefully chosen amounts, the success and failure of each probing attempt can deduce how funds are split across each side of the channel. Taken even further and done systematically across numerous channels on a regular basis, this technique can even deanonymize payments by watching in effectively real time as balances change across channels.
Lightning is constantly framed as a privacy tool for transactional use, but the reality is given techniques like channel probing the privacy in many cases can be tenuous at best without a user being sophisticated in how they interact with the network. One of the interesting side effects of payment splitting and switching is that it undermines probing attacks. The reason a probing attack works is because you can keep probing with different amounts until a payment fails. If done correctly, this gives you a very tiny range between the last successful payment attempt and the failed one that is the balance distribution of the channel.
In a world where Lightning nodes can on the fly reroute parts payments that would otherwise fail so they succeed, it completely breaks the inherent assumption that channel balance probing relies on. That your payment attempt will fail when the specific channel you decided to route through doesn’t have the liquidity to forward it. With payment splitting and switching that assumption is no longer true, and the more nodes on the network support switching the more error prone it makes that assumption (by up to 62% according to a simulation using real-world Lightning network data by Gijs).
So not only is this proposal relatively simple, not only does it provide a path to improving the success rate of payment attempts, it also helps address one of the largest privacy shortcomings of the Lightning Network. I think especially in the wake of the recent Lightning vulnerability, this proposal shows that while Lightning is not without its share of problems, they are not impossible to solve or mitigate. It will even be very common for solutions to one problem to help with another problem.
Rome wasn’t built in a day, and solutions that actually preserve Bitcoin’s core properties in a scalable and sustainable way won’t be either.
25 October 2023 16:41