Author

Topic: Anonymous UTXO consolidation through LN (Read 336 times)

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
March 14, 2022, 10:55:40 AM
#15
More channels just add more linked addresses per channel.
This is a wrong understanding. Each channel is independent from another and they are not linked. When you route a payment from one channel to another, the blockchain never sees that.
I didn't mean that addresses of multiple channels are all linked together, I should've stated this more accurately.

The idea to mix UTXOs - if you were not to use a submarine swap provider - would be:
1) For each UTXO open one channel. This channel will be between the device holding this UTXO and one 'collector node' such as one another computer or a mobile wallet.
2) Send all funds to the secondary LN wallet through Lightning (non traceable).
  2a) It will receive the payments through different off-chain routes and end up with one channel with a high balance.
  2b) The 'sender channels' will be empty and can be closed. The blockchain just sees one transaction each, crediting some hub or intermediary on one random route between sender and receiver nodes with the full amount.
3) By then closing the phone wallet's single channel, it will be a single on-chain transaction crediting the phone wallet's address a certain amount that is roughly equal to whatever you locked up on-chain in all the different LN channels earlier. But there won't be any way to tell for certain, other than maybe the similar amount.
I think I got this part in my understanding earlier, too, but didn't express it. OK, I get the idea of the procedure which would be pretty difficult to follow with some confidence.
a) You can't necessarily link the UTXOs for the multiple channels, unless you made some major privacy errors in front which linked all UTXOs to one entity.
b) When funds are on LN they become somewhat stealth in terms of visability of third parties, i.e. Bitcoin flow analysts or whoever is interested to watch.
c) You can put an arbitrary delay of moving funds, closing the channels and cashing out from the destination LN wallet which should make linking the coin flow very hard. Time is not necessarily linked, there might only be a clue by similar amounts (minus on-chain and LN forwarding fees). You could even cash out the destination LN wallet before you close the initial sending channels.
d) Usage of loop-out or boltz.exchange would allow to break apart the total of transported funds which would make linking the coins even more difficult if not nealy impossible.

OK, thanks for enLighting.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 13, 2022, 10:32:51 AM
#14
First: I've never used boltz.exchange, partially because I can't easily confirm the non-custodial part by myself.

Quick maths would suggest it's 0.5%, right? That's not bad.. Centralized exchanges charge between 0.1% (but require withdrawal fee) and 1% (but no fees - if I remember correctly) and are obviously completely non-private.
The cheapest exchange I know to convert on-chain Bitcoin to Bitcoin LN is CoinPlaza.it. They charge 0.1% for this transaction, without further fees. But they charge much more from LN to on-chain.
They require an account though, although without KYC for small amounts (<€500/month). FixedFloat.com would do the same without account, although I'm not sure if they'll demand KYC for higher transactions. Depending on your needs it can pay off to check rates at different instant exchangers.

1) Send each UTXO in full (full value) to your Lightning wallet
If you're going to do this, it might be worth doing it before you need to consolidate your small UTXOs. So whenever you send a transaction that will create a small change amount, send it elsewhere to instantly swap it to LN.

A concern of mine is that boltz.exchange would know about your transactions.
That would be another reason to use different exchangers, so none of them has all your data. This might also prevent one exchange from consolidating all your small inputs at once into their own wallet. Depending on how many transactions they process and how many transactions you sent within a small time frame, that might still link your transactions (a bit).
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
March 12, 2022, 07:01:15 PM
#13
I can't quite follow your claim of LN being kind of a mixer where you can gain or maintain anonymity. When you open a channel you have an on-chain funding transaction with a publicly visible receiving address that with non-Schnorr signature looks a bit different than normal Bitcoin transactions (the script is different and recognizable to my knowledge).
Now when you close that channel you receive your part of the channel's balance via this funding address. As far as I understand it all addresses are somewhat linked together (UTXOs used to fund the channel, channel funding address, channel close via funding address to an UTXO in your wallet). I don't see any magic involved to link all those addresses together. More channels just add more linked addresses per channel.
The blockchain will see your funding transaction with an address and the funds it puts into the channel and the closing transaction with the final balance awarded to that same address (usually).
However, it doesn't see to whom you sent how much and when, and from whom you received how much and when.
Quote
UTXOs used to fund the channel, channel funding address, channel close via funding address to an UTXO in your wallet
It's correct that if you try opening a channel and funding it from multiple UTXOs, they are going to be linked just like in any other transaction, so that should be avoided if they're in different disjunct anonymity sets.

Quote
More channels just add more linked addresses per channel.
This is a wrong understanding. Each channel is independent from another and they are not linked. When you route a payment from one channel to another, the blockchain never sees that.

The idea to mix UTXOs - if you were not to use a submarine swap provider - would be:
1) For each UTXO open one channel. This channel will be between the device holding this UTXO and one 'collector node' such as one another computer or a mobile wallet.
2) Send all funds to the secondary LN wallet through Lightning (non traceable).
  2a) It will receive the payments through different off-chain routes and end up with one channel with a high balance.
  2b) The 'sender channels' will be empty and can be closed. The blockchain just sees one transaction each, crediting some hub or intermediary on one random route between sender and receiver nodes with the full amount.
3) By then closing the phone wallet's single channel, it will be a single on-chain transaction crediting the phone wallet's address a certain amount that is roughly equal to whatever you locked up on-chain in all the different LN channels earlier. But there won't be any way to tell for certain, other than maybe the similar amount.
copper member
Activity: 821
Merit: 1992
March 12, 2022, 04:11:06 PM
#12
Quote
Now when you close that channel you receive your part of the channel's balance via this funding address.
But there could be no such "your part of the channel's balance" if you sent your coins somewhere else. Then, you can withdraw them from some completely different channel. You cannot assume that two people opening the channel are the same two people that will get some coins out of it. Of course, their keys will be used to do that, but it is quite likely that coins will be sent to someone else.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
March 12, 2022, 02:49:15 PM
#11
Quote
What do you guys think about this idea for consolidating UTXOs while retaining privacy?
I think the Lightning Network is one of the best mixers I know about. You can open some channel with any stranger, send your coins inside that network, and transfer them back to the main network. If you do that correctly, you will get completely different coins. It is far better than trusting any centralized mixer, because you always have some transaction that can be used to close your channel in case another party will stop cooperating.

So, in LN you can consolidate, split, and mix your coins in any way you need. Then you can move them back to the main chain and you will see your outputs coming from many different places, so linking all of them will be quite difficult.
I can't quite follow your claim of LN being kind of a mixer where you can gain or maintain anonymity. When you open a channel you have an on-chain funding transaction with a publicly visible receiving address that with non-Schnorr signature looks a bit different than normal Bitcoin transactions (the script is different and recognizable to my knowledge).
Now when you close that channel you receive your part of the channel's balance via this funding address. As far as I understand it all addresses are somewhat linked together (UTXOs used to fund the channel, channel funding address, channel close via funding address to an UTXO in your wallet). I don't see any magic involved to link all those addresses together. More channels just add more linked addresses per channel.
I haven't used Submarine Swaps so far, as I find them quite expensive. But if you can introduce new on-chain addresses with them, then I see the potential to break "normal coin flow" an a LN channel.

So, in LN you can consolidate, split, and mix your coins in any way you need. Then you can move them back to the main chain and you will see your outputs coming from many different places, so linking all of them will be quite difficult.
I won't claim to understand LN to great extend, I'd consider my LN knowledge as around basic, maybe more than basic, but that's subjective and not quantitative at all.
Say with normal channel handling, how to you explain your "outputs coming from many different places"? I don't get it at all. Or do you include Submarine Swaps or similar with LOOP implicitly?
legendary
Activity: 2212
Merit: 7064
February 21, 2022, 09:27:32 AM
#10
Quick maths would suggest it's 0.5%, right? That's not bad.. Centralized exchanges charge between 0.1% (but require withdrawal fee) and 1% (but no fees - if I remember correctly) and are obviously completely non-private.
That looks like fine fees to me but question is if there is enough liquidity or it's only meant for transacting smaller amount of coins.
I won't talk in abstract terms about Boltz until I test it myself.

Chainalysis isn't small company, they should have cost to run thousand LN node with various IP range to evade the ban.
It's not so much important how big or small this company is when they are working with governments that have unlimited fiat money printer machines.
Same thing is with Tor nodes, there are many suspicious nodes that only exist for tracking and deanonymizing users.
full member
Activity: 206
Merit: 447
February 21, 2022, 08:15:29 AM
#9
Currently LN is a bit limited in terms of privacy. The biggest showstopper is that a single payment preimage is used for all participating nodes. Hence injecting few tens of thousands spying nodes would map coin flows with very high probability.

This would eventually be resolved with taproot using PTLC (instead of the current HTLC) https://bitcoinops.org/en/topics/ptlc/
Until then I tend consider LN without any privacy.

IP bans would do nothing. All spy nodes could live on TOR, and additionally connect to each other in other ways. Public key bans would do nothing as well - the coins can be transferred to new "clean" public keys using LN itself.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
February 21, 2022, 04:55:55 AM
#8
What do you guys think about this idea for consolidating UTXOs while retaining privacy?
I think that some people used LN in similar way like this for improving privacy, but maybe you don't know that Chainalysis launched support for Lightning Network in December of last year.
I don't know how exactly this tracking works and how effective it is, but I am sure governments are paying them a lot and they noticed LN can be used like this.
https://blog.chainalysis.com/reports/lightning-network-support/
That's true, but I don't really believe they can meaningfully track off-chain transactions. If it turns out that they try, it can and will be mitigated e.g. by banning nodes sending suspicious 'probe' payments and such.

Boltz looks like a interesting non custodial exchange for privacy, and it's better if you use Tor onion service, but I never used it myself.
How much fees they are charging?
I used it a few times, through Breez and natively, and I remember fees weren't too high; but I can't recall how much they were.

3) Submarine swap the whole amount out into a new on-chain address using the same service as in step 1.
This would be unnecessary. If all the transactions were sent to a single channel, you could simply close the channel.
That's also true, yes, but if you receive money through LN, the payment is usually split up and received via multiple of your open channels. To get all the funds out, you would need to close all the channels (since you can't control how much you get on which channel) and then reopen them all; at that point it's cheaper to use submarine swaps.

A concern of mine is that boltz.exchange would know about your transactions. It is possible Chainalysis could ask about a transaction and there is no guarantee they would not provide information.
How would they know that? Boltz is just going to receive sats through a channel they have with someone (they can't look further past that last 'hop') or actually multiple channels, as explained above, and will send the full amount to an on-chain address. Boltz does not know who the sender is.

How much fees they are charging?
They haven't addressed that properly in their FAQ section. It only says that the user needs to pay the on-chain mining fees for the Submarine Swaps. But there is an additional undisclosed fee based on a percentage of the traded amount. And they don't mention what percentage, only that this is the fee their profits originate from. 

The mining fees as they stand now are 0.00000582 BTC, for example.
So if you wanted to swap 0.1 BTC for LN BTC, you would get 0.09949418 BTC.
Quick maths would suggest it's 0.5%, right? That's not bad.. Centralized exchanges charge between 0.1% (but require withdrawal fee) and 1% (but no fees - if I remember correctly) and are obviously completely non-private.

Quote
So if you wanted to swap 0.1 BTC for LN BTC, you would get 0.09949418 BTC.
What? Over 50k sats? That's the problem with LN fees in typical wallets: if you have small amounts, then on-chain fees (for example Phoenix wallet that charge 3k sats) will eat that amount.
You pay that fee to Phoenix just once though; then you can send and receive over that channel however much you want; I sometimes believe people don't really 'get' LN yet because they're still stuck in 'on-chain' mindset where you only do large transactions and don't do them often, to save transaction fees. LN is different in that it encourages doing many, many transactions (receiving and sending) so that the channel creations make sense.

But if you have big amounts, then percentage fees of even 0.1% will eat more coins than people would pay on-chain. If you have even 0.1% fees, that means for each 1 BTC you have to pay 100k sats! So, I guess nothing changed and running LN node is still the cheapest option to use LN.
You could say that any service costs money (unless you're the product) and doing stuff yourself is the cheapest. That doesn't factor in your time - not only to create and close channels in this case, but also time for learning about state channels, how they work and how to apply it in practice.
I'd still say for 99% of people it makes sense to just use Boltz exchange to anonymize their sats quickly, effortlessly, and privately without putting in too much time.

That means coin consolidation is possible in LN, but still quite expensive, when you can reach deniability by making some on-chain transactions to yourself. I guess in typical scenario it will cost much less than over 50k sats for 0.1 BTC.
You suggest sending your own coins to yourself to get deniability? That's terrible advice in my opinion. At least use ChipMixer or CoinJoin. However, all of these 'on-chain' methods don't solve the problem of consolidation (maybe CoinJoin) - the main thing I'm addressing is not anonymizing coins, but consolidating various UTXOs without linking them together.
copper member
Activity: 901
Merit: 2244
February 21, 2022, 04:41:43 AM
#7
Quote
So if you wanted to swap 0.1 BTC for LN BTC, you would get 0.09949418 BTC.
What? Over 50k sats? That's the problem with LN fees in typical wallets: if you have small amounts, then on-chain fees (for example Phoenix wallet that charge 3k sats) will eat that amount. But if you have big amounts, then percentage fees of even 0.1% will eat more coins than people would pay on-chain. If you have even 0.1% fees, that means for each 1 BTC you have to pay 100k sats! So, I guess nothing changed and running LN node is still the cheapest option to use LN.

That means coin consolidation is possible in LN, but still quite expensive, when you can reach deniability by making some on-chain transactions to yourself. I guess in typical scenario it will cost much less than over 50k sats for 0.1 BTC.
legendary
Activity: 2730
Merit: 7065
February 21, 2022, 03:28:01 AM
#6
How much fees they are charging?
They haven't addressed that properly in their FAQ section. It only says that the user needs to pay the on-chain mining fees for the Submarine Swaps. But there is an additional undisclosed fee based on a percentage of the traded amount. And they don't mention what percentage, only that this is the fee their profits originate from. 

The mining fees as they stand now are 0.00000582 BTC, for example.
So if you wanted to swap 0.1 BTC for LN BTC, you would get 0.09949418 BTC.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
February 20, 2022, 05:11:00 PM
#5
What do you guys think about this idea for consolidating UTXOs while retaining privacy?
I think that some people used LN in similar way like this for improving privacy, but maybe you don't know that Chainalysis launched support for Lightning Network in December of last year.
I don't know how exactly this tracking works and how effective it is, but I am sure governments are paying them a lot and they noticed LN can be used like this.
https://blog.chainalysis.com/reports/lightning-network-support/
In theory, you should be able to use LN for small amounts and not be tracked by Chainalysis (or similar). The term "small amounts" is in relation to your total channel sizes and the total capacity of the LN network.

I am not sure how Chainalysis plans on monitoring LN transactions. However, I am willing to bet it has something to do with "pinging" various nodes to see if they can send a transaction of a certain size to a 3rd node. It may also involve sending small amounts to various nodes via various routes.


3) Submarine swap the whole amount out into a new on-chain address using the same service as in step 1.
This would be unnecessary. If all the transactions were sent to a single channel, you could simply close the channel.

A concern of mine is that boltz.exchange would know about your transactions. It is possible Chainalysis could ask about a transaction and there is no guarantee they would not provide information.
legendary
Activity: 2212
Merit: 7064
February 20, 2022, 04:04:04 PM
#4
What do you guys think about this idea for consolidating UTXOs while retaining privacy?
I think that some people used LN in similar way like this for improving privacy, but maybe you don't know that Chainalysis launched support for Lightning Network in December of last year.
I don't know how exactly this tracking works and how effective it is, but I am sure governments are paying them a lot and they noticed LN can be used like this.
https://blog.chainalysis.com/reports/lightning-network-support/

Boltz looks like a interesting non custodial exchange for privacy, and it's better if you use Tor onion service, but I never used it myself.
How much fees they are charging?
copper member
Activity: 821
Merit: 1992
February 20, 2022, 03:34:42 PM
#3
Quote
What do you guys think about this idea for consolidating UTXOs while retaining privacy?
I think the Lightning Network is one of the best mixers I know about. You can open some channel with any stranger, send your coins inside that network, and transfer them back to the main network. If you do that correctly, you will get completely different coins. It is far better than trusting any centralized mixer, because you always have some transaction that can be used to close your channel in case another party will stop cooperating.

So, in LN you can consolidate, split, and mix your coins in any way you need. Then you can move them back to the main chain and you will see your outputs coming from many different places, so linking all of them will be quite difficult.
member
Activity: 82
Merit: 52
February 20, 2022, 03:33:39 PM
#2
Would love to hear an input from a more technical user on this! I've always thought of it like a ghetto coinjoin. Just a quick easy way to enhance forward moving privacy instead of withdrawing straight to cold storage.

Process could look something like:

Cash app > Phoenix > Breez > Muun > Cold storage
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
February 20, 2022, 10:35:31 AM
#1
What do you guys think about this idea for consolidating UTXOs while retaining privacy?

1) Send each UTXO in full (full value) to your Lightning wallet via the BTC wallet's coin control feature by using submarine swaps (e.g. using https://boltz.exchange/). Some LN wallets also have a submarine swap feature built-in to them (I believe Breez uses Boltz under the hood).
2) Do one such swap per UTXO and in the process, collect the whole amount in your LN wallet. => everything's consolidated
3) Submarine swap the whole amount out into a new on-chain address using the same service as in step 1.
Jump to: