The Eye of Sauron Problem Privately Routing Payments Over a Mesh Network
Background
Although credit cards were first introduced in the 1950’s, it wasn’t until the 1980’s that these cards had magnetic strips which enabled computerized record-keeping of all payments. Computer scientists like David Chaum [1] recognized the danger that pervasive surveillance of financial transactions posed. The main worry these early pioneers shared was that once payment information is centralized, it can easily be used to scrutinize and control us. In 1985 Chaum wrote:
“The foundation is being laid for a dossier society, in which computers could be used to infer individuals’ life-styles, habits, whereabouts, and associations from data collected in ordinary consumer transactions. Uncertainty about whether data will remain secure against abuse by those maintaining or tapping it can have a “chilling effect,” causing people to alter their observable activities. As computerization becomes more pervasive, the potential for these problems will grow dramatically.”
In such a world, people will also naturally be reluctant to call attention to themselves and risk scrutinization of their dossier. Like in Tolkien’s “The Lord of the Rings” trilogy, the only way to protect yourself from becoming the focus of the all seeing eye of the Dark Lord Sauron is to avoid being noticed.
At around the same time, self styled crypto-anarchists such as Tim May proposed [2] using encryption technology, liberated from military export controls, as a way to avoid this fate. Alternative payment systems using cryptography with names like DigiCash, B-Money, Bitgold and Hashcash were proposed with varying success over the years, but none succeeded as a viable alternative to credit cards. New systems such as Paypal, Dwolla, Alipay, M-Pesa and similar have had more success, but include the same surveillance and censorship features of credit cards due to their centralized nature. Now, 40 years after Chaum articulated the problem, it is clear that his fears have become our reality.
Not until Bitcoin was released in 2009 has a truly decentralized system of transferring value between individuals gained traction. Bitcoin has successfully embodied the crypto-anarchist ideas for using modern cryptography to create a system of pseudonymous, cash-like payments. But instead of payments being anonymous in the same way as physical cash, Bitcoin transfers are recorded on a public ledger and revealed to anyone who wants to run a node on the network. This would be a dramatic step backwards versus credit cards, if not for the fact that payments are not directly tied to the personal identity of users as they would be for a bank or credit card payment. Instead transactions are recorded between pseudonymous accounts, like numbered swiss bank accounts [3]. This works well for those who are careful to not reveal the Bitcoin addresses they use, but it creates a risk of unknowingly leaking information that ties you to your payment history every time you make a purchase.
In 2015 a second layer protocol called the Bitcoin Lightning Network [4] was proposed as a way to make Bitcoin payments faster, cheaper and able to scale to a number of network wide payments per second comparable to credit cards. The implementers of the Lightning protocol also paid careful attention to maintaining transaction privacy [5]. They accomplished this with a system similar to the Tor [6] anonymous communication network. With this system, the path a payment takes between payer and payee are hidden from anyone monitoring the communication of nodes involved in forwarding the payment. This makes it much harder to prevent payments to particular destinations or record the history of who a person sends or receives payments from.
Lightning Over Mesh
Global Mesh Labs is working to adapt the Bitcoin Lightning Network protocol to the problem of incentivizing people to collaborate in a mesh communication network [7]. Mesh networks offers the possibility of not just more resilient communication, but also true peer-to-peer payments. But a radio based mesh network must consider different trade-offs than a protocol designed for the internet. One trade-off of radio based communication is that to achieve both long distance and low power communication, something essential for mobile devices, we must sacrifice bandwidth [8]. This means that our implementation of the Lightning protocol, which we call Lot49, must reduce the data exchanged between nodes to the bare minimum.
A payment made using the Lightning protocol is composed of two main pieces of data: i) information used to commit to the payment, the largest component here being digital signatures, and ii) routing information used to privately deliver a payment to its destination. Exchanging routing information and passing it along with each payment consumes by far the greatest amount of network bandwidth. Each payment currently includes 1366 bytes of encrypted routing data, known as an onion, compared to 84 bytes for the payment commitment itself.
The Lot49 protocol also sends message data along with the payment commitment and routing data used by Lightning. Because Lot49 is primarily concerned with incentivizing message delivery, we want to reduce the amount of data used to route and incentivize a message relative to the message data itself.
No Onions
Nodes on the Lightning network gossip amongst each other about the topology of the network so that any node originating a payment can pre-compute the entire route that payment will follow to reach a destination node. This is called “source routing”. A node that wants to send a payment encrypts the route data into a data structure called an onion blob. This onion is the 1366 bytes of routing information mentioned above.
One of the most significant changes Lot49 makes over the existing Lightning payment protocol is to not use a source-routed onion based system to route payments. This also means nodes do not gossip about the global topology of the network in the way Lightning nodes do now. Instead we are designing Lot49 to use a gradient routing approach where nodes only need to be aware of routes in their local neighborhood. This works in a similar way to how computers on the internet route traffic. Your local computer does not need to precompute the entire route to deliver a packet to google.com, but only needs to know that the ‘next hop’ to reach google.com is through your local router. The same process repeats at each hop until your data reaches one of the Google servers. This simplifies the process of delivering data and significantly reduces the amount of routing information that must be exchanged between nodes.
Routing Privacy
However, this kind of routing introduces a serious privacy problem on the Internet. Each packet includes the address of the sender and receiver so each node can properly route to the correct next hop. Because ISPs and mobile carriers record, for billing and other reasons, the actual person using each address at any given time, it is possible to record this “meta-data” about every packet sent or received, even if the actual data payload is encrypted. The “chilling effect” of this metadata being recorded and used by internal security forces in countries like China [9] demonstrates today the problem Chaum described in the 1980s.
However, over a mesh network each node’s global identifier (GID), the equivalent of an internet IP address, is not assigned by or known to a centralized ISP or mobile carrier, but only known and shared by each user themself. There are also no centralized data centers where all mesh communication traffic and its metadata can be monitored and stored, unlike the internet where almost all internet traffic eventually flows through a handful of large data centers. This allows our Lot49 protocol to efficiently route data over a mesh network, without suffering from the privacy consequences of incremental routing that would be seen if this technique were used on the internet. Although our system is primarily designed for delivering message data, not payments, keeping metadata private for both is critical.
Conclusion
The biggest hurdle to using the Bitcoin Lightning protocol to pay nodes to relay messages on a mesh network is the additional bandwidth and number of message round trips required. But using a gradient mesh routing protocol such as goTenna’s VINE protocol [10] for our Lot49 variant we can significantly reduce the bandwidth and round trips needed for routing, without the privacy loss that would be seen if this technique were used over the internet. By combining efficient pseudonymous routing and cryptocurrency payments we can create an important new tool for the privacy revolution.
Comments