ZK-gossip for lightning channel announcements

The original post introduces a novel method for incorporating zero-knowledge (ZK) proofs into Lightning Network (LN) implementations, enhancing privacy without significantly altering the existing framework. The approach involves using gossip messages and performing verification in a ZK environment to conceal sensitive information, specifically the bitcoin_key fields. This method relies on the creation of a Musig2 aggregate key by channel counterparties, followed by the introduction of a secret blinding value and a derived beta value from hashing the blinding value with the aggregate key. The resultant output key incorporates this beta value, allowing channel operations to proceed as usual but with an additional step of tweaking the key before signing.

This technique maintains compatibility with the gossip 1.75 proposal for channel announcements, with the primary distinction being that the output tapkey, once tweaked, does not appear on-chain. To address this, a ZK proof is attached to confirm the presence of the tweaked version in the UTXO set, thus preserving privacy while ensuring transparency where necessary.

An implementation demonstrating this method can be found at this GitHub repository, showcasing a significant reduction in proving time—down to 16-22 seconds on standard laptop hardware, attributable to the process requiring only two elliptic curve multiplications. This innovation presents a streamlined, privacy-focused enhancement to LN protocols, promising improved efficiency and security for users.