Sphinx Payments

This is a very cool feature which is being added to LND.  It allows sending payments on LN without requiring an invoice.  You can send payments to the node public key and ip address.

Did you know that there was once a similar feature in Bitcoin called pay to IP?  It was removed in 2010, after Satoshi Nakamoto left the project.  Actually, one of the last things Satoshi did before he disappeared was to make this feature optional.

Why was pay-to-IP removed from Bitcoin?

The original pay to IP feature was a way to send Bitcoin to an IP address.  The way it worked was that instead of a user entering a regular Bitcoin Address, they entered an IP.  The client would ping the IP, and if it found a running bitcoin node, would request a BTC address to send a payment to.  The Bitcoin was then sent to that address.

You can see the last version of this code still on the Bitcoin Core github, which was code written by Satoshi Nakamoto:  https://github.com/bitcoin/bitcoin/blob/172f006020965ae8763a0610845c051ed1e3b522/ui.cpp#L1946 

The problem with this feature was that it was vulnerable to a Man in the Middle (MITM) attack.  An attacker could intercept the internet routing to that IP, and respond with their own BTC address which would steal the payment.  Satoshi was clear that this was a problem.  You can see what he says about it here: https://bitcointalk.org/index.php?topic=1048.msg13219#msg13219

Satoshi Nakamoto:
Probably best to disable receiving by IP unless you specifically intend to use it.  This is a lot of surface area that nobody uses that doesn't need to be open by default.
In storefront cases, you would typically only want customers to send payments through your automated system that only hands out bitcoin addresses associated with particular orders and accounts.  Random unidentified payments volunteered to the server's IP address would be unhelpful.
In general, sending by IP has limited useful cases.  If connecting directly without a proxy, the man-in-the-middle risk may be tolerable, but no privacy.  If you use a privacy proxy, man-in-the-middle risk is unacceptably high.  If we went to all the work of implementing SSL, only large storefronts usually go to the trouble of getting a CA cert, but most of those cases would still be better off to use bitcoin addresses.
I uploaded this change to SVN rev 156.  The switch to enable is "-allowreceivebyip".
Senders with this version will get the error "Recipient is not accepting transactions sent by IP address".  Older version senders will get "Transfer was not accepted".
I used a different name for the switch because "-allowiptransactions" sounds like it includes sending.  If there's a better name for the switch, we can change it again.
So - it boils down to being able to verify the recipient is actually who you want to send BTC to.
It's a feature that Satoshi wanted to have in bitcoin, but he realized you needed some SSL or other cryptographic certificate to validate the receiver.

After Satoshi left, the developers removed the feature entirely.  See https://bitcointalk.org/index.php?topic=9334.0 for that discussion, and also https://github.com/bitcoin/bitcoin/pull/253

You can see that Greg Maxwell was a bit disappointed to lose this.

The fix

With sphinx on LN, you can ensure that the payment is cryptographic-ally proven to be the recipient you intended through their node pub key. While the pay to IP feature was vulnerable since the BTC address was generated on request, it is easy to validate that a payment is being sent to the owner of that node public key.

This was not easy to do in BTC, since for privacy in BTC, on-chain transactions would be to a new address every time - so a new address would be required for each payment to preserve privacy. However, since LN has onion routed payments, both privacy can be preserved and the recipient validated to provide the same general feature pay to IP provided.

This is quite remarkable.  LN now brings back a feature which Satoshi originally created and was removed.