What is ‘Onion Routing’?

Onion routing is a network model that helps users achieve near-impregnable privacy and anonymity on the Internet by applying anonymous communication techniques which conceal both the source and the destination of data. Day-to-day use of the Internet comes with major privacy concerns. These concerns include spying and snooping on web users’ activities, location tracking, data breaches, and identity theft. Internet Service Providers (ISPs), government authorities, tech companies, and cyber criminals invade users’ privacy for various reasons—mostly unethical and malicious reasons. ISPs could sell records of users’ web browsing activities for profit; these web browsing behaviors could be used for improper Ad targeting. An infamous example of online privacy invasion is the Cambridge Analytica-Facebook data scandal.

A poll centered on online users' privacy conducted by market research and consulting firm Ipsos in early 2022 reveals that “an overwhelming majority (84%) say that they are at least somewhat concerned about the safety and privacy of the personal data that they provide on the internet.”

Authorities often hold big tech companies accountable for users’ privacy and data breaches, sometimes passing laws to improve the privacy compliance of firms. The European Union(EU), in May 2018, introduced the General Data Protection Regulation (GDPR). GDPR governs how the personal data of individuals in the EU may be processed and transferred.

Authorities who enact these data protection and privacy laws are sometimes the ones guilty of unwarranted spying on and tracking of users’ activities, especially financial transactions. Remember the National Security Agency (NSA) whistleblower Edward Snowden’s leaks and disclosures of global surveillance programs run by the NSA, telcos, and other government agencies?

One of the proven ways to circumvent these mass surveillance and privacy invasions is by the use of time-tested communication techniques or protocols that are based on privacy-centric technology.

Software and network systems like The Onion Router (TOR) offer multi-layer encryption. TOR uses the onion routing method to send and receive data packets. A volunteer network of nodes (servers) all over the world makes up the TOR onion-routed overlay network. Using Onion Routing these nodes “hop” encrypted data packets around in a way that evades detection.

Onion routing enables encrypted communication by building a successive layer of encryption. The encrypted packets are layered like the layers of an onion bulb. Each layer of encryption can only be read by one node. The nodes between the sender and recipient of data are known as intermediary nodes. Each intermediary node “peels off” the layer that pertains to it. The encrypted layers move among intermediary nodes till the data gets to the destination node which “peels off” the innermost layer of encryption. Intermediary nodes have no clue about the destination or length of the sent data. Each layer of encryption “peeled off” by intermediary nodes only contains information about the previous hop (predecessor node) and the next hop (successor node).

Source: Wikimedia Commons

Some useful surveillance-evading tools that use onion routing are OnionShare – an open-source tool for sharing files of any size anonymously on the Internet and TOR Browser – a tool for browsing the web privately, without leaving “fingerprints.”

Onion routing was first developed as a communication security protocol by US Navy researchers to protect intelligence communications online.

Onion routing communication tools are used widely by journalists, activists, law enforcement, and malicious actors alike for secure communications online.

Blockchain and Privacy

Privacy concerns are also present in Web3 and Bitcoin. Though bitcoin transactions are pseudonymous (uses aliases such as keys and hashes to keep records, instead of real identity information), it is increasingly becoming possible to match transactions and their records to actual individuals who initiated them.

Financial transactions need to be private. Imagine if any Internet user could see and trace the funds in your JP Morgan bank account just by knowing your bank account number or social security number; that would be disastrous.

Building Bitcoin Privacy on Lightning Network

Layer-2 networks such as the Bitcoin Lightning Network (LN) offer some amount of privacy as they are built as a layer on top of the main blockchain. Although LN was developed to primarily add a layer of scalability to Bitcoin, some of its inherent features add an extra layer of privacy to Bitcoin.

LN gives users the ability to choose between a public channel or a private channel for transactions. LN transaction records are typically not written directly on the blockchain as they are carried out via LN channels rather on the blockchain itself; however, to carry out a peer-to-peer transaction on LN, two on-chain transactions need to be recorded—the transaction to open an LN channel, and the transaction to close an LN channel. These two transactions are permanently recorded on the blockchain; like any other on-chain transaction, the LN open-channel and close-channel transactions are visible and can be analyzed and traced.

Onion Routed Micropayments for Lightning Network

Protocol implementations are built to follow the specifications of the Lightning Network. The specifications that describe the rules and standards of LN are known as Basis of Lightning Technology (BOLT). Following this set standard allows the various protocol-based improvements and implementations of LN to integrate.

The onion routing implementation of LN utilizes a Sphinx-based messaging format. allows the secure and private routing of Hash Time Locked Contracts (HTLCs) within the network. HTLC is a transactional agreement in which a time-based escrow is created between parties (sender and beneficiary) which requires the beneficiary to acknowledge the receipt of payment before a preset deadline. Spending of funds is restricted until a cryptographic proof of receipt of funds is disclosed.

LN’s combination of source routing and onion routing maintains scalability and improves privacy. Just like TOR’s method of hopping data packets among nodes, LN’s implementation of onion routing obfuscates the origin and destination information between intermediary nodes to ensure that a network-level attacker cannot associate packets belonging to the same route.

The origin node constructs the route to be taken by the data packet using the public keys of each intermediate node and the final node. Using the public key information of the intermediary and final nodes, the origin node creates a shared secret using Elliptic-Curve Diffie-Helman (ECDH) – an anonymous key agreement scheme – for each intermediate node and the final node. The shared secret is then used to generate a pseudo-random stream of bytes.

Lightning Network in its official GitHub repository states: “In line with Bitcoin's spirit of decentralization and censorship resistance, we employ an onion routing scheme within the Lightning protocol to prevent the ability of participants on the network to easily censor payments, as the participants are not aware of the final destination of any given payment. Additionally, by encoding payment routes within a mix-net like packet, we are able to achieve the following security and privacy features: Participants in a route don't know their exact position within the route. Participants within a route don't know the source of the payment, nor the ultimate destination of the payment. Participants within a route aren't aware exactly how many other participants were involved in the payment route. Each new payment route is computationally indistinguishable from any other payment route.”

To learn more about Bitcoin, visit our Investing in Bitcoin Guide.

To learn more about Lightning Network, visit our Lightning Network Guide.