Bitcoin Q&A: How do payment channels work?


“Can you explain the Lightning Network and how
payment channels with ‘locked’ funds work?”
Yes. Let’s start with payment channels.
Payment channels are [opened from]…
transactions on the Bitcoin network that lock
funds in a 2-of-2 multi-signature address.
If I have a payment channel with Alice, that has [bitcoin]
locked [in a multi-sig with one key from each of us].
I commit an [amount] of funds to the balance
of the channel. Let’s say I put in one bitcoin.
Alice [also] puts in one bitcoin and we both
commit those [bitcoin] in a 2-of-2 multi-sig,
where both of us [must] sign to
[spend or] release these funds.
Once we have [opened a payment channel], we can sign
a [payment] that changes the balance [of the channel].
We [can] sign a [payment] whereby I reduce my
[share of the] balance in the channel to 0.9 bitcoin,
[while] I increase Alice’s [share of
the] balance to 1.1 bitcoin, by simply…
updating the multi-sig with a new signed transaction,
which updates the balance in the channel.
That is [called] a payment channel because we don’t
[broadcast] that transaction to [the Bitcoin network].
We hold on to it [until we need to update
again, or if we settle the channel on-chain].
Once we have locked funds in the payment channel,
we can write [smaller payments] to each other.
This is a real [payment using bitcoin],
which [updates the balance in the channel].
I [see that Alice and] I [each] used
to own one bitcoin in this channel.
But I will sign a transaction that Alice could “cash in”
(settle) in the future, which gives her 1.1 bitcoin…
and returns 0.9 bitcoin to me,
from this multi-sig address.
I will [then] give [the signed transaction] to Alice.
Alice could [also] sign it and [settle it on-chain],
at which point she gets 1.1 bitcoin and I get 0.9 bitcoin,
or hold on to it and wait [until after more payments].
If I want to do another [payment], I could sign another
transaction that reduces my balance to 0.8 bitcoin…
and increases Alice’s [share] to 1.2 bitcoin.
I sign it, give it to Alice, and now she has a new balance.
If she [settled] that transaction, she would get 1.2 bitcoin
[from the multi-sig] and I would get 0.8 bitcoin.
Effectively, we have transferred 0.2 bitcoin total to Alice.
But what if Alice wants to pay me back some money?
Alice writes a transaction that changes the [channel]
balance to 0.9 bitcoin for me, and 1.1 bitcoin for Alice.
Effectively, Alice has sent me 0.1 bitcoin,
[a payment] in the opposite direction.
I just hold on to it. [Over time], back and forth we go,
signing and sending each other these transactions.
Anytime we want, one of us or both of us collaboratively
could sign [a transaction to settle the channel balance],
which is the [most] accurate and up-to-date
balance of our tab, like how you keep track…
of when you are buying drinks at a bar and don’t
[use your] credit card until the end of the night.
That would effectively “close the channel”
when you [authorize] the transaction.
[When you] commit and update the balance, there
are a few complexities in there for security reasons.
Obviously, I want some protection so Alice can’t sign
an older transaction which gives her a better balance.
There are a couple of ways to [do that].
There is a built-in penalty mechanism where, if
Alice tries to cheat by signing an older transaction,
[older payments will have revealed] a script that
allows me to take all of the money from the channel.
Because [there is a] penalty for misuse,
she can’t sign it prematurely or [rebroadcast an old
channel state unilaterally] without my agreement.
I will penalize her by taking all the money in the channel.
That tit-for-tat mechanism, as it is called in game theory,
is one of the security [measures in Lightning channels].
There are other mechanisms which
could be used. One of them is called L2.
But that is the basic idea [of] payment channels.
[In summary]: we lock some funds into a
shared multi-sig address, and then exchange…
[a series of] signed transactions — which
we don’t [broadcast] to the Bitcoin network…
[until we want to settle on-chain] — updating the balance to reflect payments we are sending to each other.
When we are done sending payments to each other,
we can [both sign] the last transaction, [broadcast it
to the Bitcoin network], and close the channel.
That is one payment channel, but [it becomes more
interesting] when you can link [channels] together.
Lightning is [a network of linked]
bi-directional payment channels.
[I can have a bi-directional payment channel]
with Alice, [who also] has [a channel] with Carol.
I [can] make a commitment to pay Alice, only if Alice
[then] pays Carol. As a result, I pay Carol through Alice.
That is done through the exchange of a series of
transactions called hashed timelock contracts (HTLCs)
It is rather complicated, but basically we use
Alice as an [intermediate routing node], so that…
if I commit funds to Alice, Alice [must] commit [those]
funds to Carol, as if I committed to Carol [directly].
These channels can [continue for] quite a significant
length, [with] multiple hops of commitments.
As soon as Carol is satisfied that she has a
commitment from Alice, she can signal back to me;
I release my commitment to Alice, Alice releases
her commitment Carol, and everybody gets paid.
Most importantly, in all of [hops], the system
is designed so that no one can cheat.
Alice doesn’t get paid unless Carol has
[a commitment to be] paid [by Alice];
only once Alice has committed to Carol
is my commitment to Carol [released].
That way, we have security.
We don’t [need] to trust each other.
If anybody disappears from the network, we all get
refunds [for bitcoin] we locked in commitments.
Of course, this isn’t transmitted to the Bitcoin network,
even though it is [still] a bitcoin [payment].
The only times you use [an on-chain] bitcoin
transaction, is if [you want to cooperatively settle]…
or there is a dispute / breakdown in the channel,
whereby somebody disappears or tries to cheat.
[In that case] you [would] take the last valid transaction
you have and you send that to the Bitcoin network.
That way, you get your money back, or
punish the cheater, and close the channel.
You can’t be cheated, [as you are] effectively using
the [underlying] Bitcoin blockchain for security.
almost like a court [in an instance where] you [bring them] the contract if [someone has tried to break it].
You wouldn’t take every contract you ever made,
you only take a contract to court if there
has been an attempt to cheat you.
In the Lightning Network, the vast majority of
the hundreds of thousands of [payments]…
can happen without any problems.
Everybody knows that if they disappear or attempt to
cheat, or if anything [else] goes wrong in the channel,
any participant can take one of these already signed,
valid Bitcoin transactions, “cash it in” to the court…
of the Bitcoin blockchain, and become whole.
If you know someone can [settle the
balance] if you cheat, you don’t cheat,
especially if there is a penalty included in the
transaction that will cost you [all of your bitcoin].
That is how Lightning Network works.
There is another question: “Is the Lightning Network
a sidechain?” The answer is: No, it is not a sidechain.
Lightning is an overlay network [made of] a series of
smart contracts with bitcoin that [enable] you to do…
hundreds of thousands of [off-chain
payments between] you and other recipients
[The payments are] that are private and fast with very
low cost, as the capacity of the [on-chain] network…
is only used to open and close channels,
which does not need to happen very often.
Therefore, you can scale the Bitcoin
blockchain to a much greater degree.
It is only used as the “judge” [in settlement].
“Do these payment channels face scaling problems
if they [become] heavily loaded with [payments]?”
Not really. The amount of computation you
need to calculate a hashed timelock contract…
and route [through channels] is such that…
If you have two Lightning nodes on a well-connected
network, and exchange transactions between them…
as fast as possible, you [could] do hundreds
of thousands of [payments] per second.
Transactions are only seen by
[the nodes involved in a channel].
There could be another two nodes [nearby] doing
a hundred thousand [payments] per second.
There could be a hundred thousand nodes, each doing
a hundred thousand transactions to each other.
[Activity between two nodes in one channel]
doesn’t really affect the rest of the network,
so it decentralizes scaling.
The Lightning Network is not only much
more private, because these payments…
on payment channels are not seen by
anyone other than participating nodes,
but it is much harder to censor because you don’t
need a miner [to confirm them until settlement].
[Lightning is] also much faster and lower cost.
“In order to be Lightning compatible, each chain
must execute SegWit, correct?” Not really.
You could [make a Lightning implementation] without
SegWit, it would just be [a lot] more complicated…
because of the transaction malleability bug;
both chains [must] have a transaction malleability fix.
It doesn’t [need] to be SegWit, however.
It could be a different transaction malleability fix.
It is very difficult to implement Lightning securely on
a chain that has a transaction malleability problem.
SegWit fixed it on Bitcoin and Litecoin.
On another chain, you might have a different fix.
That would make Lightning possible.
“Is the Lightning Network also for
altcoins?” That is a great question.
Yes, the Lightning Network can run on any blockchain
system that has certain fundamental capabilities.
It must have the ability to do multi-
signature [schemes] and timelocks.
If it has the ability to do those two things,
[and has a transaction malleability fix],
you can probably [make a Lightning implementation]…
that is in compliance with the current Lightning Network
specifications: Basis of Lightning Technology (BOLT).
The BOLT specifications are not specific to Bitcoin;
the Lightning Network already operates on
both Bitcoin and Litecoin simultaneously.
Here is [what is] really amazing.
You can send a Lightning payment in bitcoin,
have an intermediate [routing] node exchange it…
[through payment channels in both bitcoin
and litecoin], and the recipient gets litecoin,
[even though] you sent bitcoin.
The Lightning Network is not just portable to [other]
blockchains, but it can run multiple currencies.
where even a single routed payment can
[be an exchange] for other cryptocurrencies.
“Who keeps Lightning nodes?” I am running a
Lightning node. You can run a Lightning node.
The requirements to run a
Lightning node are fairly light.
If you are already running a Bitcoin node,
adding a Lightning node to it is very easy.
It takes very few additional resources. [In terms of]
the incentives, if you decide to route payments,
you will earn a tiny fee for each payment.
If you run a Lightning node full-time, you
will probably [earn] a few cents per month.
It is very cheap, but it is also very easy
to run, and usable across the internet.
These lightning payments can be transmitted all around
the world; payment channels cross network boundaries.
There is no geographic limitation
as to where a Lightning node can be.
A payment can be routed globally in a
matter of seconds or even milliseconds.
At this stage, one of the fascinating things about
Lightning as we [are tracking and looking at its size]
[as it is] growing, as nodes are [joining], advertising
their presence and the channels they have opened,
[Nodes also] advertise how much
capacity [in bitcoin] their channels have.
Some nodes do not advertise their presence or channels
to anyone, other than [participants] of the channel.
You can have secret channels on Lightning.
The bigger the Lightning Network [becomes],
the harder it is for us to see how big it is.
It becomes more invisible. All [payments] are routed
using onion routing, where each node doesn’t know…
where the payment [came from] or where it is going.
The bigger Lightning grows,
the more private it [becomes],
the less we know about where payments are going
and how many payments are happening.
Gradually, it becomes harder
and harder to collect statistics.
Over time, we will have less visibility into Lightning.
We will know it is out there and lots of things are
happening on it, but the level of privacy is such…
that we will know less and less about it.

Leave a Reply

Your email address will not be published. Required fields are marked *