What Do We Want in a Lightning Network Wallet?
What Bitcoin wallet developers must provide in order for Bitcoin to be successful
Choosing a cryptocurrency wallet is the most important decision the average HODLer can make, bar none. Sadly, most allow custodians such as crypto exchanges, e.g. Binance, Coinbase, etc. to have full control over their entire holdings. They get nothing in return except for promises that their coins will remain safe and available. Bitcoin’s promise from the beginning was to “be your own bank”. To this end, wallet developers have been marketing their version of what this means. In this article I seek to give you the criteria to accept or reject these promises.
This article should give the basis to weed out 90-95% of the available wallets on the Internet. Let’s start with the list of features a crypto wallet must have.
It is safe to say that future wallet development must include support for the Lightning Network. Bitcoin Core developers are spending most of their time adding features to the reference implementation (Bitcoin Core) for the sole purpose of supporting the Lightning Network’s expansion.
Starting with the refusal to raise the block size, then moving on to Segregated Witness, Taproot and Schnorr Signatures. All these features make it possible for the Lightning Network to exist and become more secure and easy to use. An argument can be made that mainnet did receive a benefit from these features as well, but this was not the main reason for taking the risk to change the consensus protocol.
With this in mind, new wallets must support mainnet and the Lightning Network payments. I would also argue that wallets should support other cryptocurrency payments as well. Best to give customers some currency competition and access to smart contract platforms and NFTs in a single interface. A case could be made for a wallet doing only one thing and doing it well, but in this case, I think it is best to have true currency competition. When I want to make a payment, my wallet should be able to figure out what currency, network or process is best for me. If I want to store my wealth in Bitcoin, but use Monero for payment processing, my wallet should be able to do this transparently.
Let’s get down to it, shall we? First imagine the ideal user experience. I am writing this in November, 2021, so this experience, for me, is all about my “phone”. My crypto wallet should be available on my phone. Also, it needs to be on iOS and Android. I personally use iOS, but I would say that Android is slightly more popular world-wide. I need to be able to download this wallet via the App Store or Play Store. I should not be expected to download the software out of band such as dealing with .app or .apk files.
Second, the wallet should be completely open source. Anyone and everyone should be able to read and build the source code themselves. We are dealing with people’s money here, so being open source is vital for security and transparency. The fact that there are wallets that are closed source is really bizarre to me.
Ok, so we have a wallet that is both open source and available via the App or Play store on my phone. The next thing is that this wallet is non-custodial. This means that you, and only you, have full control over sending payments. You should never ever ever ever (insert a million “evers” here), transfer your crypto to a wallet where others are claiming to “help” you protect your money. Not your keys, not your coins. Always remember this. Wallets may even trick you into believing that their wallet is non-custodial, but always read reviews and the fine print. A good rule of thumb is that a custodial wallet just won’t mention anything about where your keys are stored. If a wallet doesn’t prominently state, “we are non-custodial”, they are certainly custodial and should be avoided. Even if they make non-custodial claims, independently verify. I will post about how to do this in subsequent articles.
Next, I should say something about the limitations put on wallets in order to support the Lightning Network. For all the good things about the Lightning Network there are also things that make it much harder to make and receive payments.
First, there is the requirement of the Lightning Network to always be online or connected to the network for the most part. You can get away with being disconnected from the Internet in the cases where:
you completely trust the parties that you have payment channels to
the balance of the payment channel is such that you can’t be cheated by your payment channel partners
Of course, you can get away with brief outages, but depending on your negotiated time locks of your channels, you are going to want to be back online ASAP.
So, we need a wallet that lets you know about the risks involved given your situation, i.e. Internet connectivity, payment channel construction, etc. You can have other, non-Lightning Network-related risks as well such as mainnet fees increases rendering some of your coins, at least temporarily, un-spendable. Wallets must be incredibly smart and have as much data as possible at all times.
Wallets should never allow for the private keys, with the exception of a “paper” backup, to ever leave the device. This should be self-explanatory, but it needs to be said here. Private keys being leaked off the device means you are potentially not the only person who can spend your coins. This is the essence of a custodial wallet. Paper backups should be protected as well in a fire-proof, flood-proof, secure location.
Lastly, let’s discuss the final aspect in a wallet that is very important, but not technically a security issue. This is the wallet’s use of centralized services on the Internet to perform the full range of duties. You might hear the term “SPV” or “bridge” used in this context. Generally, using “SPV” wallets is perfectly fine in most cases. Simple Payment Verification (SPV), although it requires a subset of Bitcoin full nodes to function has been used for many years and requires no trust on your part. The worst that can happen is that there are no SPV nodes to connect to and you have a denial of service. Inconvenient yes, the end of the world, no. Bridges, on the other hand, can be a problem for you. Please watch for Lightning Network wallets that preferentially offer their own node relays. Even if you are non-custodial, you want a wallet that isn’t biased in its onramp to the Lightning Network. The wallet authors will claim that you can trust their chosen relay nodes to be reliable and provide adequate liquidity, but really they are just wanting to capture your data and sell it to make money for themselves. Of course, they also want to collect your relay fees.
We want a wallet that randomizes payment channel creation to node relays. This means that the wallet software should, effectively, choose its node relays without regard for anything but independent key performance indicators such as node longevity, total amount of outbound and inbound liquidity and connections to other relays. Additionally, the chosen node relay(s) ought not to the owned or affiliated with the wallet authors. The node relay should not ever know your name or real IP address. The wallet authors already have a ton of your personal data, so they should not have any additional information. The Lightning Network makes this possible, but it isn’t likely to happen unless wallet users are well-educated.
Finally, here is a bulleted list for your quick review:
must have support for Bitcoin mainnet, the Lightning Network and a range of other top cryptocurrencies such as ETH, ADA, Monero, Dash, Zcash, etc.
must have a mobile app available for download on in the App Store or Play Store
must be open source
must be non-custodial
must keep the list of centralized external services to a bare minimum to support the essential features
ideally, uses Tor to connect to P2P networks and Lightning Network relay nodes
chooses Lightning Network relay nodes at random and goes out its way to exclude relay nodes that the wallet authors have any affiliation to