The Lightning Network (LN) is a "second layer" protocol on top of Bitcoin and other blockchains that enables fast, secure, private, trustless and permissionless payments.
Users of the LN are able to route payments to each other at virtually no cost and in real time.
Users who transact on the LN do not need to wait for block confirmations for payments.
Once a payment on the LN has completed, it is final and cannot be reversed: like a Bitcoin transaction, a payment on the LN can only be refunded by the recipient.
While "on-chain" Bitcoin transactions are broadcast and verified by all nodes in the network, transactions routed on the LN are transmitted between pairs of nodes and not visible to everyone, resulting in much greater privacy.
The LN uses onion routing, similar to the protocol used by The Onion Router (TOR) privacy network, so that even the nodes involved in routing a transaction are only directly aware of their predecessor and successor in route.
The first response to Satoshi Nakamoto's initial publication of the Bitcoin whitepaper on the metzdowd cryptography mailing list discussed the issue of scaling.
While James A. Donald was probably referring to maintenance of the unspent transaction outputs (UTXOs) database, it quickly became clear that the need for all participants to verify and propagate all transactions in the network would become overly burdensome.
A key requirement for a second layer protocol such as Lightning (which will be described in greater depth later in this book) is the ability to sequence transactions external to the blockchain (for deferred settlement). In the first versions of Bitcoin, Satoshi Nakamoto recognized this and introduced a data field called `nSequence` into the input transaction data.
The `nSequence` field was intended to allow users to transmit updated versions of a transaction to the network, changing the outputs of a transaction, effectively creating a payment channel.
According to a mailing list post in 2013, by early Bitcoin developer Mike Hearn, Satoshi Nakamoto envisioned this construct for high frequency trading.footnote:HearnBitcoinDev[Mike Hearn on Bitcoin-dev - April 16th 2013 - Anti DoS for tx replacement http://web.archive.org/web/20190501234813/https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-April/002417.html.]
However, there were some weaknesses in this initial formulation that limited its potential. Firstly, the payment channel would only be open until the transaction was mined in a block, either limiting the duration of the payment channel or handing control of the payment channel to the miners. Secondly, there was no economic incentive for miners to respect the `nSequence` number, reducing the utility of this mechanism.
The Revocable Sequence Maturity Contracts (RSMC), which formed payment channels in the first version of the Lightning Network, reference in their name the fact that they fixed this weakness of the `nSequence` field.
This is achieved by creating an economic incentive via a penalty mechanism; otherwise, the most recent transaction or update in the payment channel is published to the Bitcoin network, and becomes enforceable in this way.
In July of 2011, on the bitcointalk.org forum, a pseudonymous user by the name of _hashcoin_ suggested using Timelocks via the `nLockTime` function of the Bitcoin network to solve the custody problem of exchanges.footnote:[Hashcoin on Bitcoin talk on July 4th 2011 - Instant TX for established business relationships (need replacements/nLockTime) http://web.archive.org/web/20190419103503/https://bitcointalk.org/index.php?topic=25786.0]
The goal was to build a conduit for quick trades, without the necessity to send bitcoins to an exchange in the first place.
What Hashcoin proposed would eventually be termed a unidirectional payment channel.
With this mechanism, user "Alice" could fund a multi-signature address between herself and another user, "Bob", together with a timelocked transaction that 'refunded' the bitcoin back to Alice.
In their scenario, Hashcoin imagined Bob to represent an exchange.
The transaction used to fund the multi-signature address, which is controlled by Bob's and Alice's keys, is naturally called the funding transaction.
Note that keeping it private is crucial. If Bob does not share the fully signed transaction with Alice, she does not have both signatures needed to spend funds from the multi-signature address. Except for the timelocked refund transaction, she can't send an outdated spend of the funding transaction to the Bitcoin network.
Bob, on the other hand, could do so, but he would have no interest in publishing an old channel state. The newer state would provide him with more bitcoin than the older state.
We can only speculate for reasons and guess that the overhead communication would have had to be standardized - as it is nowadays in the LN specification - which might have been too much overhead in the early days of Bitcoin.
Also as a payment channel this system was not too useful as the channel could only at total send the total amount of provided Bitcoin in the funding transaction.
Once the timelock was over or all Bitcoin were sent to B the channel would have to be closed.
The obvious idea of opening two channels one from A to B and one from B to A would not have helped as each of those channels would have to be closed and reestablished once it ran dry.
The core breakthrough for the LN to become a reality was the ability to create payment channels which technically can live forever and can send money back and forth as often as the peers wish to in combination with routing payments among several channels.
Technically speaking the unidirectional payment channel has all the important ingredients (funding transaction to a 2-2 multisignature wallet, a transaction spending from the wallet encoding the balance, a timelock to allow refunding if the other side becomes unresponsive, off chain communication and the fact that no additional trust other than the one in the bitcoin network) of modern payment channels which are used in the LN.
Despite being rather useless in today's world we will study the unidirectional payment channel in more depth in this book as it is an easy to understand educational example to approach the construction of today's payment channels.
During the first couple of years, the Bitcoin network was growing and the focus of many enthusiasts was on adoption, rather than the blocksize and scaling. However, in 2012 Gavin Andresen proposed the Ultra Transaction server on his blog.footnote:[Gavin Andresen's blog - July 4th 2012 - Off-the-chain transactions - http://web.archive.org/web/20190730234737/http://gavintech.blogspot.com/2012/07/off-chain-transactions.html]
The Ultra Transaction server was proposed to be a trusted partner of a 2-2 multisig wallet that could not steal funds but allowed signing transactions from a 2-2 multisig wallet.
Andresen observed that with such a mechanism, payments would effectively take place off chain, allowing the number of transactions which could be handled by the system to be increased.
Andresen noted that there might be a better construction which would require less trust in the Ultra Server, and while his proposal was a step in the right direction, a few issues remained to be solved before the design of fully trustless payment channels was complete.
Andresen's work led to many discussions on Bitcointalk forum, and later on the bitcoin-development mailing list. These discussions resulted in the first construction of the first unidirectional payment channels.
The next day, probably in response to Gavin's blogpost, Meni Rosenfeld started a discussion related to how these ideas could be combined.footnote:[Meni Rosenfeld on Bitcointalk - July 5th 2012 - Trustless, instant, off-the-chain Bitcoin payments http://web.archive.org/web/20190419103457/https://bitcointalk.org/index.php?topic=91732.0]
Without mentioning the term network or routing of payments the idea of connecting payment channels and being able to send funds from anyone to anyone else even if there was no direct channel was born.
It took us another 3 years until the LN whitepaper emerged which had solved all the bits and bolts necessary to get rid of the trust in Rosenfelds solution.
It was 2013 that Bitcoin developer Mike Hearn referred to Meni Rosenfelds proposal and suggesting to reactivate the `nSequence` field which Satoshi previously had deactivated.footnote:HearnBitcoinDev[]
Also Hearn referred to a section on the contracts article talking about the case of micropayment channels with the help of `nSequence`.
** Christian Decker, Roger Wattenhoffer - A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels https://tik-old.ee.ethz.ch/file/716b955c130e6c703fac336ea17b1670/duplex-micropayment-channels.pdf
John is a 9 year old boy from Australia, who wanted a game console just like his friends. However, his dad told him that in order to buy it, he had to earn the money by himself. Now John is an aspiring artist so he knows that while he is still learning, he can't charge much for his artwork. After learning about Bitcoin, he managed to setup a website to sell his drawings across the internet. By using the LN, John was able to charge as little as $1 for one of his drawings. By being able to set a fair price, which would normally be considered a micropayment and as such not possible with other payment methods, and by using a global currency such as Bitcoin, John was able to sell his art work to customers all over the world and in the end buy the game console he wanted so much.
In this section we will start by choosing the right software to demonstrate the LN and learn by example. We will examine the choices of two users who represent a common use-case for the LN. Alice, a coffee shop customer will be using a LN wallet on her mobile device to buy coffee from Bob's Cafe. Bob, a merchant, will be using a LN node and wallet to run a point-of-sale system at his cafe so he can accept payment over the LN.
==== Lightning Nodes
The Lightning Network is accessed via software applications that can speak the Lightning Network protocol. A _Lightning Network Node_ (or simply "node") is a software application that communicates on a peer-to-peer basis with other LN nodes, forming the Lightning _Network_ itself. Nodes also include "wallet" functionality, so they can send and receive payments over the LN and on the Bitcoin network.
Lightning network nodes also need access to the Bitcoin blockchain, or another blockchain such as Litecoin. Users have the highest degree of control by running their own authoritative Bitcoin node and LN node. However, LN nodes can also rely on Bitcoin nodes operated by a third party, by using a lightweight protocol such as _Simplified Payment Verification (SPV)_ or the _Neutrino_ protocol.
==== Lightning Wallets
A fully functional lightning wallet contains a LN node and communicates as a peer on the LN. However, some lightning wallets do not contain an LN node, but rely on an LN node operated by a third party. Furthermore, some "lightning wallets" are _custodial_, meaning that their funds are in the custody of a third party.
Every user must consider their own technical skills before deciding what type of lightning wallet to use. Those with strong technical skills should run their own LN node. Those with less technical skill but a desire to control their funds without any third party custody, should choose a _non-custodial_ lightning wallet which relies on a third-party LN node. Finally, those seeking simplicity and convenience, even at the expense of control and security, may choose a custodial lightning wallet.
Here are the three broad categories of lightning wallets and the relative degree of control they offer to the user:
Lightning wallets can be installed on a variety of devices, including laptops, servers and mobile devices. To run an LN node and an authoritative Bitcoin node you will need to use a server or desktop computer, as mobile devices and laptops are usually not powerful enough in terms of capacity, processing, battery life and connectivity. On a laptop or mobile device you can run a LN node that relies on a third-party Bitcoin node for access to the blockchain.
Here are some current examples of LN node and wallet applications for different types of devices: