Latency and Privacy in Lightning

In the realm of enhancing privacy and security within network communications, several strategies have been proposed and discussed among experts. One such discussion emphasizes the importance of incorporating randomness into the timing of message deliveries. Specifically, the adoption of receiver-side random delays, sender-side random delay on retries, small randomized batching intervals at intermediate nodes, and random message padding or cover traffic are suggested. These measures are not exclusively for performance improvement but also serve to introduce noise into relay latency, thereby complicating the task for potential adversaries attempting to analyze traffic patterns.

The dialogue further touches on the nuanced opinion that sender-side retry delays might be unnecessary if the message does not traverse the exact same route upon retry. This perspective finds some support in the practices of certain implementations like LND, which selectively gives nodes a "second chance" based on specific failure codes. However, the conversation acknowledges an area of uncertainty regarding the effectiveness of intermediate forwarding delays for privacy, even when random message padding and cover traffic are employed. The necessity of these delays for privacy enhancement, despite the presence of other obfuscation techniques, remains unclear to some participants, prompting a call for further insights from experts in the field.

Moreover, the discussion references an attack outlined in the Revelio paper, which exploits packet size differences through a heuristic approach. This attack method relies on correlating different observations of the so-called HTLC dance by utilizing timing information, thus allowing adversaries to link multiple observations across the network and deduce that they pertain to the same payment. This exemplifies how timing information can be exploited by adversaries with sufficient network vantage points, underscoring the importance of introducing variability and noise into the network's forwarding processes. The overarching goal of these discussions and proposals is to significantly increase the difficulty for adversaries to develop reliable models for analyzing and compromising privacy through network traffic, highlighting a collective effort towards maximizing uncertainty rather than focusing solely on increasing net delay.