Skip to main content

Onion Routing | Bitcoin Glossary | Mapping Bitcoin

Onion Routing

Lightning

Also known as: sphinx routing

A privacy technique used by the Lightning Network (and Tor) where payment information is encrypted in layers, with each routing node only able to decrypt the layer addressed to it. This prevents intermediary nodes from knowing the full payment path.

Overview

Onion routing is a privacy technique used in the Lightning Network to protect payment sender and receiver information from intermediary routing nodes. Each routing node in the payment path only learns the identity of the immediately previous and next node — never the full route, the original sender, or the final recipient.

How Onion Routing Works

The sender constructs an "onion" packet — a nested set of encrypted layers, one for each hop in the route. Each node decrypts its outer layer to reveal forwarding instructions and the inner onion for the next hop.

Sender constructs:
┌──────────────────────────────────────┐
│ Layer 3 (encrypted for Node C)       │
│ ┌──────────────────────────────────┐ │
│ │ Layer 2 (encrypted for Node B)   │ │
│ │ ┌──────────────────────────────┐ │ │
│ │ │ Layer 1 (encrypted for Node A)│ │ │
│ │ │  "Forward to B, here's the   │ │ │
│ │ │   inner onion"               │ │ │
│ │ └──────────────────────────────┘ │ │
│ └──────────────────────────────────┘ │
└──────────────────────────────────────┘

Node A sees: "I got this from Sender, forward to B"
Node B sees: "I got this from A, forward to C"
Node C sees: "I got this from B, this is for me (recipient)"

No node sees the complete path.

Sphinx Packet Construction

The Lightning Network uses Sphinx packet construction, which ensures that:

  • All onion packets are the same size at every hop (preventing nodes from guessing their position in the route by packet size)
  • Each node can only decrypt its own layer
  • Packets cannot be replayed or modified without detection

Privacy Properties

  • Sender privacy: Intermediary nodes do not know who initiated the payment
  • Receiver privacy: Intermediary nodes do not know the final destination
  • Path privacy: No single node (except the sender) knows the complete route
  • Amount privacy: Each node only sees the amount for its hop (which includes routing fees for downstream nodes)

Common Misconceptions

Onion routing in Lightning is not identical to Tor, though both use layered encryption. Lightning's implementation is optimized for fixed-length payment routes rather than arbitrary data streams. Also, onion routing protects against surveillance by routing nodes, but the sender necessarily knows the full path since they construct the onion.

Related Terms

Routing (Lightning)Lightning

The process of finding a path through the Lightning Network's graph of payment channels to deliver a payment from sender to recipient. Routing nodes forward payments and can earn small fees for providing this service.

TorSecurity

The Onion Router, an anonymity network that encrypts and routes internet traffic through multiple relays to hide a user's IP address. Many Bitcoin and Lightning nodes use Tor to protect network privacy and resist censorship.

Lightning NetworkLightning

A Layer 2 payment protocol built on top of Bitcoin that enables instant, low-cost transactions through a network of bidirectional payment channels. Payments are routed through multiple channels using HTLCs, settling on the Bitcoin blockchain only when channels are opened or closed.

Multi-hop PaymentLightning

A Lightning Network payment that traverses multiple channels to reach the recipient when no direct channel exists between sender and receiver. Multi-hop payments use onion routing and HTLCs to maintain privacy and trustlessness across intermediary nodes.