Skip to main content

Blinded Paths | Bitcoin Glossary | Mapping Bitcoin

Blinded Paths

Lightning

Also known as: blinded routes, route blinding

Mecanismo de privacidade na Lightning Network que oculta a identidade do destinatário ao criar rotas criptograficamente ofuscadas para o pagamento.

Overview

Blinded paths are a privacy enhancement for the Lightning Network that allow a payment recipient to receive funds without revealing their node's public key or position in the network graph to the sender. In standard Lightning payments, the sender must know the recipient's node identity and compute a full route to it, which inherently exposes the recipient's network location. Blinded paths solve this by letting the recipient construct an encrypted partial route from an introduction point to themselves, which the sender can use without being able to decrypt it.

This technique is closely related to onion routing and extends the same layered encryption principles. While traditional onion routing protects the sender from intermediary nodes, blinded paths protect the recipient from the sender. Together, they create a system where neither party needs to know the other's node identity to complete a payment.

How It Works

The recipient selects a path from a public "introduction node" to themselves and encrypts each hop's routing information so that only the respective forwarding node can decrypt its own instructions. The sender receives this blinded path as an opaque blob that they append to their own route.

Without blinded paths:
  Sender knows: Recipient = Node D at position X

  Sender ──► A ──► B ──► C ──► D (Recipient)
  Sender constructs full onion for A → B → C → D

With blinded paths:
  Sender knows: "Introduction node = B, then 2 encrypted hops"
  Sender does NOT know who the final recipient is

  Sender ──► A ──► B ──► ??? ──► ???
                   │
                   └─ Introduction point
                      B decrypts its hop → forwards to C
                      C decrypts its hop → forwards to D (Recipient)

  Sender only sees:  A ──► B ──► [encrypted] ──► [encrypted]
  Sender cannot determine that D is the recipient

Cryptographic Construction

The recipient constructs a blinded path by performing a Diffie-Hellman key exchange with each node along the path from the introduction point. Each node receives an encrypted payload that it can decrypt with its private key, revealing the next hop and a blinding factor for the next node. The sender cannot decrypt any of these payloads because they do not possess the intermediate nodes' private keys.

Recipient constructs blinded path:

  Introduction Node (B)
    Encrypted payload: {next: C, blinding_key: k1}
        │
        ▼
  Blinded Node (C)
    Encrypted payload: {next: D, blinding_key: k2}
        │
        ▼
  Recipient (D)
    Encrypted payload: {this is the final hop}

Sender receives: [B_pubkey, encrypted_B, encrypted_C, encrypted_D]
Sender appends this to their route after computing path to B

Privacy Properties

  • Recipient anonymity from sender: The sender cannot determine the recipient's node ID or how many hops exist after the introduction point
  • Recipient anonymity from introduction node: The introduction node knows it is the start of a blinded path but does not know the final destination
  • Path unlinkability: Different blinded paths can use different introduction nodes, preventing correlation across payments
  • Combined with sender privacy: When used alongside standard onion routing, neither sender nor recipient needs to know the other's node identity

Use in BOLT12

Blinded paths are a core component of BOLT12 offers. When a recipient creates an offer, they can embed one or more blinded paths, enabling payments from anyone without revealing their node identity. This is a significant privacy improvement over BOLT11 invoices, which always include the recipient's node public key in plaintext.

Limitations

Blinded paths add additional hops to the payment route, which increases the total routing fees and may slightly reduce payment reliability. The introduction node is a potential point of failure — if it goes offline, payments using that blinded path will fail. Recipients can mitigate this by including multiple blinded paths with different introduction nodes. Additionally, the sender still learns the introduction node's identity, which may provide partial information about the recipient's general network neighborhood.

  • Onion Routing — the layered encryption scheme that blinded paths extend for receiver privacy
  • Lightning Network — the Layer 2 network where blinded paths operate
  • BOLT12 — the offer specification that relies on blinded paths for recipient privacy
  • Routing — the payment path-finding process that incorporates blinded path segments

Termos Relacionados

Roteamento CebolaLightning

Técnica de privacidade da Lightning Network onde pagamentos são criptografados em camadas, impedindo que nós intermediários conheçam o caminho completo.

Rede LightningLightning

Protocolo de Camada 2 do Bitcoin para pagamentos instantâneos e baratos via canais bidirecionais, liquidando na blockchain apenas na abertura e fechamento.

BOLT12Lightning

Especificação da próxima geração para ofertas e faturas na Lightning Network, permitindo pagamentos recorrentes, reembolsos e maior privacidade do destinatário.

Roteamento (Lightning)Lightning

Processo de localizar caminho nos canais Lightning para entregar pagamentos ao destinatário, com nós intermediários cobrando taxas pelo serviço prestado.