The Lightning Network
How Bitcoin becomes a medium of exchange and so much more
Bitcoin proclaims itself an "Electronic Cash System" yet no one reasonably pays bitcoin for their coffee. It's not a good currency for coffee because of its relatively high transaction fees and slow speed.
But the Lightning Network is here to address this problem. It uses the Bitcoin network in a new way to enable fast, inexpensive, secure payments. This is how bitcoin becomes a medium of exchange.
Lightning is a layer 2 technology, but in a different way than many other layer 2 blockchains. There’s no additional token.
"The Lightning Network is changing the way people exchange value online, and it's one of the most exciting advancements to happen in Bitcoin's history... We're only beginning to see the opportunities the Lightning Network provides to Bitcoin, including improved privacy, speed, and scale." - Mastering the Lightning Network
In this post I'll walk through the excitement:
Shortcomings of Bitcoin
How Lightning works
Routing and Pathfinding
Current uses of Lightning
What comes next
Before diving in, I want to note that this article is me learning in public. It's my analysis from studying Mastering the Lightning Network and resources online. It has not been peer reviewed. That said, I rely on those primary sources as much as possible.
Also heads up this ballooned into one of my longest posts yet. It was a fun deep dive.
Let's get to it.
Shortcomings of Bitcoin
Let's begin at the beginning, with the introduction to the Bitcoin Whitepaper. The bold section highlights a current shortcoming of the network.
"Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions."
It's the goal of Bitcoin to solve this problem, however it falls short today. Firstly, Bitcoin fees are currently around $4 USD. Secondly, transactions are added only every 10 minutes, and best practices is to verify after 6 blocks which is about an hour. Paying $4 and waiting an hour does not provide a casual payment experience.
One solution for this shortcoming is to create payment channels, which we'll cover shortly. The history of payment channel discussions dates back to Satoshi, and has extended to at least six proposals with varying techniques. This article will discuss the Poon-Dryja payment channels introduced in the increasingly popular Lightning Network, and you can read about the others at this link.
How Lightning Works
Lightning is a different way of using the Bitcoin system.
It took me a few reads and re-reads to understand it, but the following quote from Mastering the Lightning Network is a good start that will become clearer as we go deeper:
"The purpose of the Lightning Network is to enable off-chain transactions that are trusted just the same as on-chain transactions because no one can cheat. The reason no one can cheat is because at any time, any of the participants can take their off-chain transactions on-chain. Each off-chain transaction is ready to be submitted to the Bitcoin blockchain at any time. Thus, the Bitcoin blockchain acts as a dispute-resolution and final settlement mechanism if necessary.
The mere fact that any transaction can be taken on-chain at any time is precisely the reason that all those transactions can be kept off-chain. If you know you have recourse, you can continue to cooperate with the other participants and avoid the need for on-chain settlement and extra fees."
Now we're going to get a bit technical to explain how this works. The system relies on multisig, timelocks, hashes, and revocation keys.
One note on terminology: Bitcoin uses words like accounts and transactions whereas Lightning uses payments and invoices. Payments are also sometimes called commitments.
Lightning uses off-chain Bitcoin transactions with a novel incentive structure that enables transfer of value without settling each transaction on the Bitcoin blockchain. An analogy is like a bar tab: you open a tab, make many transactions, then settle at the end. It's also like how much of traditional finance works, where banks trade throughout the day and send one net settlement at the end of the day. However, Lightning channels do not need to settle until the participants decide.
The textbook explains: "Historically, Bitcoin transactions are broadcast to everyone and recorded on the Bitcoin blockchain to be considered valid. As we will see, however, if someone holds a presigned Bitcoin transaction that spends a 2-of-2 multisig output that gives them the exclusive ability to spend that Bitcoin, they effectively own that Bitcoin even if they don’t broadcast the transaction."
These presigned Bitcoin transactions are exchanged back and forth as payments. The transactions include a payout output to each party for the amount they're owed, which is updated with newer transactions that have different payout amounts. The transactions can be settled to the Bitcoin network at any time, which would close the payment channel. However there are transaction fees to settle to Bitcoin, so it's in their interest to keep the channel open as the trades continue.
Let's explain these transactions and outputs.
The transactions are 2-of-2 multisig, with each party as one signer. By signing a transaction and sending it to your counterparty, they can broadcast to Bitcoin at any time to settle the payment.
One reason for this design is to ensure the funds are available from the sender. So, taking a step back, the first action is to create the payment channel with a funding transaction on Bitcoin. Bitcoin is deposited into this account and requires both the two signatures to transact from it. Given the funding is by one party, they would also create a refund transaction that the counterparty signs so that the funding party can get their money back if the counterparty becomes irresponsive. Here’s an example of what the channel states and commitments could look like:
The next question arises, if you're sending payments back and forth, but transactions never expire, then how do you prevent the counterparty from broadcasting an old transaction that would give them a higher balance than the current one? This is achieved through a penalty mechanism using a revocation key. The mechanism gets technical, but essentially, every presigned transaction includes two conditions 1) a timelock that delays the cash-out payment to the party that broadcasted the Bitcoin transaction and 2) if the counterparty provides a revocation key, they can claim all the funds in the account.
Let me explain this picture as it's the centerpiece to every payment. Alice is sending a new commitment. It's 2-of-2 multi-sig (shown on the left), with two outputs (shown on the right.) The outputs dictate the payouts if the transaction is broadcast to Bitcoin. The first output is for 70,000 satoshis (100 millionth of a bitcoin.) The destination for that amount is based on the conditions that follow. to_remote sends funds to the counterparty, and to_self sends funds to the submitting party. So, those 70,000 sats go to_remote if the revocation key is submitted. This is the penalty for submitting old transactions. Meanwhile, as you see next, there is a 432 blocks delay which is the time delay to give the counterparty time to catch an old transaction and submit the revocation key to punish them. If there's no key provided after the 432 blocks, then the payment goes to_self. The second output, also 70,000 sats, is paid immediately to_remote.
When a new payment is sent, and the presigned transaction is delivered, the counterparty responds by sending the revoke message related to the prior transaction so that the counterparty can punish them if they broadcast an old transaction. As shown above, the timelock gives a period of time for the parties to monitor and discover these situations. This way the counterparty can be confident the most recent payment has been accepted.
The net scenario is that to send a payment is to send a presigned Bitcoin transaction that the counterparty can broadcast and settle on Bitcoin. There is a penalty mechanism that dissuades submitting old transactions for a payout. The mechanism uses a timelock delay period where their counterparty has an opportunity to penalize them if this is not the most recent transaction. They achieve this by submitting the revocation key which claims all the funds in the account. The counterparty does not have the revocation key to the most recent transaction because the key is only shared for past payments, after a newer payment is sent.
In sum, there is confidence in the most recent payment state.
Routing and Pathfinding
So far we've covered how two parties exchange value using off-chain Bitcoin transactions. However, how do you send payments to people you do not have direct payment channel with? This is through routing and pathfinding.
Routing is like when you want to pay your friend's friend on Venmo. You pay your friend, whose number you have. And then they pay their friend, whose number they have. Each hop is always between two parties, and depending how far you're going, there will be any number of hops to get to your destination.
Pathfinding, as Mastering the Lightning Network says, "is the process of finding and choosing a continuous path made of payment channels that connects sender A to recipient B. The Sender of a payment does the pathfinding by examining the channel graph that they have assembled from channel announcements gossiped by other nodes." So, they create a path through payment channel hops to their destination. They notify each hop of the next hop for them to follow.
The questions arises here, how do you ensure each hop participant will not steal the payment or renege on their obligation to pass along the payment?
Here's the textbook's explanation which I'll breakdown: "The recipient of a payment generates a random secret number and calculates its hash. The hash becomes the condition of payment, and once the secret is revealed, all the participants can redeem their incoming payments." The mechanism for this is called a hash time-locked contract (HTLC).
First, to ensure the payment won't be stolen by the intermediary routers, the payment is protected by a password that is generated by the final recipient, Dina. To begin the payment process, the sender, Alice, requests what's called an invoice from the recipient. This invoice includes a hash of a secret, which is called a preimage. The hash is a one-way math function where you can validate the result with the secret, but you cannot reverse engineer the secret. Thus, providing the hash is like providing a lock that only you have the key to unlock. This prevents anyone else from stealing the payment along the routing hops.
Each routing participant is paid fees to pass along the payment. These fees are also locked with that same hash lock.
Once the final recipient gets the payment, they reveal the secret to unlock the funds. Then, the secret is sent backwards along the route for each participant to unlock their fee payments from the hop before them.
In practice, there are a few more layers to execute this, but this incentive structure is how fairness is manifested without intermediaries.
Current Uses of Lightning
Lightning opens the door for a fast, cheap, global payment system. There are a few companies showcasing the early use cases for such a system.
Zion is showcasing micropayments and tipping
With Lightning, micropayments in the amount of cents or fractions of a cent are now possible without transaction fees that would make such a payment unreasonable. It opens new models of paying for content online. You can tip a creator for funny video, a writer for a useful article, or pay for access to content. Zion is creating a community platform, similar to twitter, where you can post a feed of content, and with Lightning integration you can enable payments. In this example below, you can listen to a new song for 100 sats, which is $0.0263 USD.
Lightspark is showcasing enterprise payments
Lightspark is working with banks and crypto platforms to enable Lightning as a new cost-saving payment rail. They provide the tools and infrastructure to make Lightning easier to use with enterprise-grade performance and capital efficiency. Interestingly, their CEO and co-founder is David Marcus, previous lead of payments and crypto at Meta/Facebook and before that founded a mobile payments company acquired by PayPal in 2011.
El Salvador is showcasing merchant point-of-sale and consumers payments
El Salvador declared bitcoin legal tender and merchants accept Lightning payments. There are many stories of international travelers in El Salvador able to make payments on lightning without having the challenge of currency conversion fees or credit card fees. Here's one example from a Forbes article: "I experienced the remarkable convenience of Lightning Network transactions firsthand. From procuring street-side tamales to hailing taxis or reserving accommodations."
So yes, people there are buying coffee with bitcoin!
What Comes Next
One of the most exciting developments with Lightning is that it can innovate faster than Bitcoin. It can evolve without consensus of the Bitcoin layer, which will rapidly expand possibilities for the network.
One significant work stream in development is adding new asset types to Lightning, so that payments can occur in more currencies than just bitcoin. The protocol is called Taproot Assets, and the first asset seems to be a USD stablecoin. This would allow Lightning to be used with the benefits of the stability of the dollar.
The docs further explain that "Taproot Assets lets you issue all kinds of assets on bitcoin, both unique and fungible. There are no technical limits to what these assets can represent, including stablecoins, shares, tickets, ownership rights or art."
What's yet to be seen is which types of assets have demand to be included in Lightning. Will it remain a payments platform for bitcoin and fiat currencies, or will it expand to NFTs and financial instruments? The exciting part is that it's now possible to experiment and test these applications.
That said, I'm most excited for the developments in the primary use case: cheap, immediate, global payments. Or said another way, here is Elizabeth Stark, CEO of Lightning Labs:
“If I were Visa, I’d be scared, because there are a lot of people out there that have mobile phones, but now don’t need to tap into the traditional system, and then the merchants don’t need to pay the 3% fee plus 30 cents [for a transaction]. You can have fees that are dramatically lower than the legacy system.”