進階
Private Channels 私有通道
了解閃電網路私有通道(Unannounced Channels)的運作原理、使用場景和隱私特性。
10 分鐘
什麼是私有通道?
私有通道(Private Channels 或 Unannounced Channels)是不廣播到閃電網路 gossip 協議的通道。 與公開通道不同,私有通道不會出現在網路圖中,其他節點無法知道它們的存在。 它們主要用於終端用戶錢包和需要隱私的場景。
術語說明: 「私有」並不意味著加密或特殊安全性。它只是表示通道不在網路中公開宣布。 通道本身的安全性與公開通道相同。
公開 vs 私有通道
Public/Announced Channels: After channel opens: 1. Send channel_announcement message 2. Send channel_update message 3. All nodes update routing graph Everyone knows: - Channel exists - Both node IDs - Channel capacity - Fee settings - Timelock requirements Use case: Routing nodes, public infrastructure --- Private/Unannounced Channels: After channel opens: 1. No channel_announcement sent 2. No public channel_update sent 3. Channel doesn't exist in network graph Only channel parties know: - Channel exists - Capacity and balance - Detailed settings External observers can only see: - On-chain funding TX (can't confirm it's LN channel) Use case: End-user wallets, privacy needs
如何創建私有通道
Creating Private Channels:
channel_flags in open_channel message:
channel_flags:
bit 0: announce_channel
0 = private (don't announce)
1 = public (announce)
LND Command:
lncli openchannel --private \
--node_key <peer_pubkey> \
--local_amt 1000000
CLN Command:
lightning-cli fundchannel \
<peer_id> 1000000 \
announce=false
Negotiation Flow:
1. Initiator sets channel_flags=0 in open_channel
2. Receiver agrees in accept_channel
3. Channel opens without broadcasting
4. Both parties maintain channel info locally 路由提示 (Route Hints)
Receiving Payments via Private Channels:
Problem: Sender doesn't know private channel exists. How to route?
Solution: Route Hints
Invoice includes private channel info:
lnbc100n1...
- payment_hash
- amount
- description
- r (route hints):
[{
"pubkey": "<LSP_node_id>",
"short_channel_id": "123x456x0",
"fee_base_msat": 1000,
"fee_proportional_millionths": 100,
"cltv_expiry_delta": 40
}]
Sender Path Calculation:
1. Sender receives invoice
2. Reads route hints
3. Routes to node in hints
4. Uses hint channel to reach receiver
Sender -> [Public Network] -> LSP -> [Private Channel] -> Receiver
^
route hint provided
Privacy Leakage:
- Sender knows private channel exists (from invoice)
- Sender knows capacity estimate (from fee limits)
- LSP knows payment source and destination 使用場景
移動錢包
手機錢包不需要被其他節點路由支付,使用私有通道與 LSP 連接可以減少隱私洩露。
商家錢包
商家可能不想公開自己的節點身份和通道信息。私有通道加上 Route Hints 足以接收支付。
隱私敏感用戶
不想讓別人知道自己有閃電節點或有多少資金鎖定在通道中。
企業內部
企業內部的閃電基礎設施可能不想對外公開,使用私有通道可以隱藏內部結構。
SCID Alias
SCID Alias (Short Channel ID Alias):
Problem:
- Traditional SCID format: block_height:tx_index:output_index
- Example: 700000:1234:0
- This leaks on-chain funding TX location!
SCID Alias Solution:
- Use randomly generated alias SCID
- Still 8-byte format, but doesn't map to real block
- Only channel parties know the mapping
Feature bit: option_scid_alias (bit 46/47)
Example:
Real SCID: 700000x1234x0 (not public)
Alias SCID: 0x00abcdef12345678 (used in route hints)
Benefits:
- Invoice doesn't leak funding TX location
- Supports Zero-Conf channels (no real SCID yet)
- Better privacy protection
Using alias in route hints:
{
"short_channel_id": "alias_scid",
...
} 隱私限制
鏈上可見性
資金交易仍然在鏈上可見。雖然無法確定是閃電通道, 但有經驗的分析者可能識別出 2-of-2 多簽模式。
Route Hints 洩露
發票中的 route hints 會告訴發送方私有通道的存在。 接收多次支付會逐漸洩露更多信息。
對手方知道
通道對手方(如 LSP)完全知道你的支付活動。 選擇可信任的對手方很重要。
探測攻擊
攻擊者可以通過發送失敗的支付來探測私有通道的存在和餘額。 見 探測與隱私。
與 Route Blinding 結合
Enhanced Privacy: Route Blinding + Private Channels
Route Hints Problem:
- Exposes private channel info to sender
- Sender knows receiver's connected node
Route Blinding Solution:
- Receiver creates blinded path
- Sender only knows entry node
- Doesn't know subsequent path or final destination
Combined Usage:
Sender -> Entry Node -> [Blinded Path] -> LSP -> [Private] -> You
^ ^
Route Blinding Private
|
Sender only knows this node
See: /tech/lightning/route-blinding 實現狀態
所有實現 完整支持
LND、CLN、Eclair、LDK 都完整支持私有通道和 route hints。 SCID Alias 也已被廣泛支持。
相關資源
下一步: 了解 探測與隱私 深入探討閃電網路的隱私威脅和保護措施。
已複製連結