The Case for Dandelion
Privacy, once a hallmark of Bitcoin’s code, has become pseudonymous and not anonymous. What this means is that for every transaction on Bitcoin’s network, a user can trace back its origin to an individual’s wallet. Quantity of bitcoin, time sent/received, who it was sent from, where it was sent to, all of these values are visible on the blockchain. Not to mention the user’s IP address which deeply underscores any level of security within a network. Bitcoin fails to fulfill the original meaning of the word, private. Once the identity of an address is cracked, the entire transaction history becomes visible to all.
For us to gain a better understanding on how Bitcoin attempted to improve its security, lets review how transactions are broadcasted and how the original protocol worked. When a user broadcasts a transaction from a node, it is then propagated to the nodes connected to that specific node, also called peers. This transaction is then subsequently sent through a chain reaction in which each node spreads the message further, this is known as Bitcoin’s gossip protocol.
However, the origins of IP addresses can be mapped by third-party observers if they control enough nodes i.e. gain enough traffic to filter out the obfuscation created by the nodes. Observers can effectively map the origin of the transaction by determining which nodes see the transaction first.
The Dandelion protocol explicitly identified how a supernode logged relayed traffic of all P2P nodes and observed patters of transaction spreads over time, which eventually reveal the source of the IP address. By creating a link to the IP address and the pseudonym of the sender, a third-party can de-anonymize users and further link transactions even if a new public key is created for each new transaction.
The Solution? Dandelion++
Dandelion++ is an upgraded version of the original protocol. This upgraded version has two phases, the Stem phase and the Fluff phase.
Stem Phase: Each node sends the transaction to only one of the two randomly selected peers in its local neighborhood.
Fluff Phase: The transaction is sent to all peers on the network, thus falling back to the Gossip protocol.
Dandelion++ significantly differs from its original protocol in its stem phase where it passes transactions over intertwined paths known as “cables” before diffusing the transaction to the network. These cables can be fragmented , but the protocols intuition on selecting a node to propagate to, is still confined to its local neighborhood.
Both previous and current versions of Dandelion proceed in asynchronous cycles. Each node will advance when its internal clock arrives at a certain threshold. For each of these slots, Dandelion++ functions in four primary components with minute optimizations.
- Anonymity Graph
- Transaction Forwarding (own)
- Transaction Forwarding (relay)
- Fail-Safe Mechanism
Anonymity Graph uses a random 4-regular graph, instead of a linear graph for the anonymity phase. Dandelion++ relays nodes independent of whether or not their outbound neighbors support Dandelion++
Transaction Forwarding (own) comes into play every time a node generates a transaction of its own, it then sends the transaction along the same outbound edge in the 4-regular graph. The difference here is that with the original protocol, nodes were only assumed to generate one transaction.
Transaction Forwarding (relay) is all about probability, more specifically within the Stem Phase when a node receives a transaction and chooses between relaying the transaction or diffusing it to the network. Deciding to diffuse a transaction to the network is pseudorandom. Nodes are either diffusers or relay nodes for the relayed transactions.
Fail-Safe Mechanism kicks in during each Stem Phase and each node tracks whether it is seen again as a Fluff Phase transaction. If not, the node diffuses the transaction.
Is this going to slow down Ghost’s Network?
No. This will have no affect on block times. Ghost will still produce blocks every 120 seconds. Dandelion only adds minor overhead to the transaction timing as the stem is created. It is unknown in terms of how long your transaction will take to stem, and then to fluff vs the timing of the next block. Given that Ghost’s block time is 120 seconds, this should provide ample timing for the protocol to do its magic by entering your transaction into the Stem Phase before the next block is produced.
In short, Dandelion++ is a lightweight network solution designed to help obfuscate users IPs while transacting. The protocol has various solutions built in to overcome known attack vectors such as Graph-learning, Intersecting, Black-hole, and Partial deployment to name a few.
With the addition of Dandelion++ being implemented in the next hardfork, Ghost will be the first and only blockchain that operates under a Proof-of-Stake consensus method utilizing RingCT, Bulletproofs, and Dandelion++.
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees (https://arxiv.org/abs/1805.11060)
Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in bitcoin using p2p network traffic.
Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. 2014. Deanonymization of clients in Bitcoin P2P network.
Brian Curran 2018 October 4, What is The Dandelion Protocol? Complete Beginner’s Guide Blockonomi https://blockonomi.com/dandelion-protocol/