なぜlightningはnoise protocolなのか

noise protocol自体は、tlsみたいな暗号化でもできそうなものだけれど、なにが違うのか。TLSは、基本的にサーバーとクライアント間の暗号であるのに対して、noise はend to end暗号化だから通信の二者間でしか問題が発生しないことが最大の理由だと思う。

あと、lightningのアドレスはbitcoin addressライクな文字列だけれど、noiseのアドレスのstatic ephemeralが形式が近いので、それもありそう。まあざっくりした理解。下記に、noise protocolが他の暗号化protocolと比較された文章があるので、抜粋しておく。

Encrypted handshake: The TLS handshake is in the clear, which leaks the parties' identities. Aside from ephemeral public keys, the Noise handshake is encrypted.

Low latency handshake: TLS specifies 2 round trips before clients can start sending data. Noise requires 1 round trip.

Forward secrecy: Even when TLS is used with ephemeral Diffie-Hellman, its forward secrecy is limited: compromise of an endpoint to an active connection will compromise previous traffic sent or received by that endpoint. In contrast, whenever the Noise ChaCha20/Poly1305 ciphersuites send or receive ciphertext they destroy the keys for that ciphertext.

Simplicity: Noise is simpler than TLS. Noise omits many features that have resulted in TLS security flaws (version and ciphersuite negotiation, compression, renegotiation, chaining CBC IVs, MAC-then-encrypt, error alerts, etc.).

All Diffie-Hellman (no signatures): Using TLS with ephemeral ECDH requires signatures. Noise relies only on ECDH (no signatures). This yields a simpler and more robust protocol, reduces bandwidth, and avoids creating hard-to-deny evidence of who has communicated with who.