When an opportunity arises to increase Bitcoin’s privacy by an order of magnitude, I pay attention. Privacy is the Achilles’ heel of Bitcoin; Hal Finney himself attempts to solve this problem days after Bitcoin’s launch. Six years later, Joinmarket launches on Bitcoin’s mainnet, and becomes the first robust solution to blur Bitcoin’s transaction graph. But Joinmarket and other coinjoin implementations are only used by the privacy-conscious, which inherently caps the size of their anonymity set. Fortunately, in 2018, engineers deploy the Lightning Network, and make the second breakthrough in Bitcoin privacy. Crucially, the Lightning Network improves the privacy of the average Bitcoin user. As a result, people who have strong privacy requirements can use Bitcoin just like the regular Bitcoiner would, and hide in a much, much bigger crowd.
Today, we are on the verge of another massive increase in Bitcoin privacy. Musig2 Taproot channels can make the Lightning Network’s onchain footprint completely invisible; the mutual close of an unannounced Musig2 Taproot channel is indistinguishable from the typical 1-input 2- output Bitcoin transaction. With enough adoption, these channels largely break down any assumptions made from one of the most common Bitcoin transactions, and further blur the distinction between the dissident, and the average Alice.
I propose to bring Musig2 Taproot channels to the Lightning Dev Kit. First, I will coordinate, and if needed implement, the “option_simple_close” protocol for the mutual close of a Lightning channel, as this is a requirement to Taproot channels per Roasbeef’s specification.
Second, I will add to LDK the ability to customize the inputs and outputs of Lightning onchain transactions. Applications currently in development that build on top of Lightning require this feature, and as the most modular and extensible Lightning implementation, LDK should be at the forefront of enabling these use cases.
I will then leverage this interface to ship unannounced Musig2 Taproot channels in LDK. For this milestone, we will need a production Musig2 implementation, which I expect to be released very soon in the secp256k1 cryptography library; the PR is undergoing active review as I write these words.
Finally, I will implement the ability to announce Musig2 Taproot channels to the Lightning Network, so that they can be used to route payments. I will certainly use Elle’s current proposal as a reference, and I would also like to research how Waxwing’s recent work on privacy-preserving proof of assets could be used to avoid announcing the exact UTXO of the channel.
Further work beyond this grant will certainly include PTLCs, and multisig Lightning based on Frost and ChillDKG.
“The future is already here – it’s just not evenly distributed.” I cannot wait to get started.