Description
When closing a channel with a peer, is it complicated to be able to intercept the transaction broadcast to control where the transaction is broadcast from, so it would be useful if LND allowed a cooperative close where there was no broadcast by the LND node itself and instead the raw cooperative close transaction would be provided for the caller to broadcast on their own.
Problem
It can be considered good privacy practice to try to avoid broadcasting transactions in a way where relay triangulation can identify which node is the source of the transaction. There are many nodes on the network that are working to triangulate the broadcast source of transactions to correlate disparate coins for chain analysis purposes.
Beyond the normal rationales for the value of privacy, avoiding scenarios where someone can identify the chain node you are using can help to avoid eclipse attacks which can be especially problematic in a Lightning context.
Solution
A potential solution would be done in two parts:
- The close channel API could take an argument similar to the open channel argument that directs LND not to broadcast
- The pending channels API response could return a new field that includes the raw signed transaction
The flow for a caller who wanted to control their own cooperative channel broadcast would then be to signal "no broadcast" when closing and then fetch the raw transaction from the pending channel entry and then do their own broadcast from there
Obviously there are other vectors for compromising the privacy of a cooperative close transaction, so this is just one privacy optimization towards that greater goal.
Workaround
Since chain backends are typically under the control of the node operator, they can be directed to not relay a transaction to the network through the use of a proxy or a feature on the chain backend.