[ZcF-general] Dec/Jan update on implementing anonymous payment channels

[J. Ayo Akinyele]

J. Ayo Akinyele

Progress as of January 31, 2019


Dear All,


Over the last few months, we’ve been working on understanding the different
approaches for implementing Bolt payment channels on top of Zcash and the
changes necessary in Zcash to support the privacy goals in Bolt. This has
been joint work with Colleen Swanson, Ian Miers, and Matthew Green.


We have been working on an initial specification on the different
approaches to implementing Bolt on top of Zcash and setting up the private
testnet infrastructure for node development on AWS:


*Summary of the initial specification.* It defines three general approaches
which can be categorized as follows:


(1) *T-addr and Bitcoin-style scripts.* This approach follows the baseline
solution described in the original Bolt paper. This approach exposes the
initial and final balances but potentially interoperates with LN. Requires
a few opcodes to be added to Zcash: OP_CSV (for relative locktime),
OP_BOLT* (for opening and closing channels) and a way to ensure transaction
non-malleability for the funding transaction on the channel opening.


(2) *Z-addr & T-addr with Bitcoin-style scripts.* This approach allows us
to hide the initial/final balance of each party in the channel. Relies on
multi-sig address with T-addrs, and requires OP_CSV/OP_BOLT* opcodes for
channel ops. Also may require a way to ensure transaction non-malleability.


(3) *Z-addr and scriptless scripts.* Simplifies the implementation and
provides maximal privacy. Bolt channel operations will be hidden from the
network and would not require any special opcodes. That is, the Bolt
conditions will be encoded in the signatures attached to the funding
transaction and closing transaction. This approach is currently under
specified and remains a work-in-progress.


For private multi-hop payments, we are evaluating multiple approaches: (1)
HTLCs via LN with Bolt used at the first and last hop of the path, (2)
Increased privacy for hops in the middle using multi-hop locks as described
here, and (3) Interledger approach via packetized payments. Each approach
has its pros and cons in terms of possible attacks and risks to end users.


*Private Testnet for Bolt development.* Setting up a public/private testnet
on AWS for Bolt development. And forked current version of Zcash to
prototype the necessary changes for Zcash.


Now currently working on the initial proof of concept Bolt node
implementation (approach #2 in spec) using libbolt that provides direct
channels on a private testnet. This version will initially implement
unilateral closing by the customer and provide mutual closing via specified
channel durations.

Best,
Ayo