security – Are LN's lightweight portfolios vulnerable to the retention of transactions?

There is without substitute in terms of security and confidence to run a complete node.

There are different concepts of "thin client". Some of them are…

BIP37 (flowering filter):

  • [minus] With the current false positives rates used, peers can learn all the wallet addresses
  • [minus] In general, it is carried out on an unencrypted channel (p2p 8333), ISP, etc. Also learn all your addresses
  • [plus] the client can validate if the transactions are in a block (merkleblock)
  • [plus] customers maintain a chain of blocks with headers can only at least verify PoW
  • [plus] use only small bandwidth
  • [minus] It is possible to hide transactions
  • [plus]"Impossible" to falsify a transaction

Neutrino (compact block filters BIP158):

  • [plus] Less privacy implications than BIP37 since filtering is done locally
  • [minus] greater bandwidth consumption because the complete blocks must be downloaded (instead of Merkle "blocks" in BIP37)
  • [minus] It is still possible to hide the transactions (although it is more complicated) because the block filters are not committed to the blocks (it would require a soft fork). The means are not compromised, the partners can falsify filters and cause them to lose the relevant transactions (can be [partially] mitigated by the comparison of filters of different pairs)
  • [minus] There is no solution for mempool filtering (reliable "inbound transactions" can not be displayed)
  • [plus] "Impossible" to falsify a transaction

Centralized validation (Bitpay, Samourai, etc.)

  • [minus] Total trust in the company / server (they know all their addresses)
  • [minus] You can hide overdue transactions
  • [minus] You can create transactions artificially
  • [plus] Minimum bandwidth consumption

If you want to see the chain of blocks without trusted third parties, you can must run a complete node (It could be removed with a space requirement of <10 GB, but Lightning implementations are not yet fully supported).

If and only if) BIP158 get block filters committed (Even if it's a soft fork, hash in base blocks of similar ones), it would no longer be possible to hide transactions through pairs, provide filters.