Blockchain-based cryptocurrencies like Bitcoin have privacy, scalability and latency problems that limit their use as a medium of exchange. Payment channel protocols such as the Lightning Network address these scalability and latency issues by using the blockchain to escrow funds and resolve disputes while moving the bulk of transactions “off-chain.”
The growth of the Lightning Network over the last year has been truly remarkable. Even though the software is in beta, the network boasts over 8,000 nodes and 38,000 active payment channels with a capacity of more than 1,060 BTC (or $5.5M). However, payment channels on the Lightning network are not private by default: repeated payments on short paths leak information about payees. Moreover, channel opening and closure leave a record identifying the users and the initial and final split of funds.
Matthew Green and Ian Miers conceived of a protocol that addresses the privacy limitations of Lightning: Blind Off-chain Lightweight Transactions (or BOLT). The Bolt protocol offers a strong privacy solution while preserving the efficiency of off-chain payments. They wrote an academic paper on the initial design and we developed a proof of concept of the protocol in 2018.
What is BOLT? Bolt eliminates the linkage between payments within a channel, using well-studied cryptographic techniques such as commitments, blind signatures, and zero-knowledge proofs. This protocol ensures that a customer’s payments are hidden within the set of all payments made to a merchant and that hubs (i.e., intermediate parties) learn nothing about the payers and payees they support.
While the original academic paper proposes that payment channels are opened with anonymous funds via cryptocurrencies like Zcash, the Bolt architecture is independent of the underlying currency and is applicable to support Ethereum, Bitcoin, and Litecoin as well. Unlike other approaches, our zero-knowledge proof techniques off-chain do not require a trusted setup and are based on standard assumptions. Therefore, our approach allows Bolt to serve as an anonymity layer on top of private and non-private currencies alike.
Why privacy matters for L2? We envision a future where second layer protocols like Lightning are a core building block for new payment gateways and privacy is a fundamental requirement to prevent transaction censorship. For cryptocurrencies to be usable as a medium of instant exchange, we need strong and efficient censorship resistant techniques to be baked in at the protocol layer. Bolt is a system of techniques to achieve these required properties.
Why is this work important? We are working towards scalable, fast and private payment networks that are pervasive and rival traditional payment networks such as Visa. This work will enable all kinds of applications, accommodate different network topologies (hub and spoke or distributed), and fuel new technologies as we seek to deploy on top of Zcash and other currencies. Although Bolt inherits some of the limitations of Lightning in terms of liveness requirements and capital lockup, we believe there is an opportunity for value-added services like watchtowers and liquid marketplaces in the ecosystem to minimize these drawbacks.
What are the use cases for Bolt? Building an interoperable and chain-agnostic Bolt protocol provides an opportunity to integrate our techniques into payment networks where strong privacy solutions are needed as an option for users. Specifically, these include the Interledger protocol (ILP), Lightning and the Raiden Network. In addition, we will be able to enable cross-chain trading of crypto assets and build a bridge between centralized and decentralized exchange platforms. We are excited about the potential use cases for Bolt and the network effects resulting from successful integrations.
How does Bolt payment channels compare to Lightning? Similar to Lightning, Bolt offers two kinds of basic payment channels: direct channels and indirect channels.
Direct channels are either uni- or bi-directional. Unidirectional channels are non-interactive and allow fixed value payments in one direction, Bidirectional channels are interactive and allow payments to flow in either direction with arbitrary values (positive or negative) between a sender and receiver. With direct channels, the sender retains the anonymity but the receiver is pseudonymous. Indirect channels allow payments to flow through intermediaries or routing nodes when there is no direct channel between the parties. With Bolt, a single routing node does not learn the participants involved in the payment or how much they transferred.
Why Zcash? Zcash offers the strongest way to achieve anonymity for opening and closing channels while preserving the identity of the participants via shielded transactions. If a channel is not funded anonymously, an intermediary can abort in the middle of a payment and observe which party attempts to close the channel. With other currencies like Bitcoin or Ethereum, we may be able to leverage techniques like CoinJoin or similar techniques to minimize the risk of aborts.
When will Bolt be available for testnet? We will be releasing an initial Bolt node reference implementation on top of a fork of Zcash running on a public testnet in the coming weeks. If you would like to learn more about Bolt and possible extensions that we are working on, please reach out to us at email@example.com.