Bitcoin, and some other cryptocurrencies, have gained much popularity during the past few years. Even though bitcoin doesn’t promote total anonymity of its users, it is publicly perceived as a privacy preserving digital currency. Technically speaking, cryptocurrencies publish all users’ transactions on public ledgers that can be visible by anyone and this process is a pivotal part of the process of transaction validation. Consequently, if a user’s address can be linked to his/her identity in real life, the privacy fallout can be detrimental. More recently, cryptocurrency researchers have described deanonymization attack models that exploit vulnerabilities in bitcoin’s peer-to-peer (P2P) network protocol. Presently, bitcoin’s network forwards content via a structured manner that allows observers of the blockchain to deanonymize a large percentage of bitcoin users.
A group of researchers from the University of Illinois has just published a paper that included a redesign of bitcoin’s P2P network in order to promote total anonymity of its users. They presented a brand new networking policy, that they named Dandelion, which achieves total anonymity guarantees for bitcoin users.
Dandelion – The System Model:
The researchers modeled three essential aspects of bitcoin’s P2P network, which are based on the currently existing protocol:
1- The topology of the network.
2- The message propagation protocol.
3- The deanonymizing capabilities of adversaries.
The P2P Network model:
The bitcoin P2P network model is comprised of two types of nodes; servers and clients. Clients are nodes which don’t accept incoming TCP connections, such as nodes behind NAT, while server nodes accept incoming connections. Dandelion focuses on servers due to a couple of reasons:
1- The are more permanent within the network.
2- Generalization of server oriented anonymity solutions will protect clients.
The P2P network is modeled as a graph G(V,E), with V representing all server nodes and E representing the connections, or edges, between these nodes. For a given node v, Γ(v) refers to the group of neighbors of v in G. For a group of nodes U, Γ(U) refers to the group of all neighborhood groups of nodes in U. The bitcoin’s network address managers are modeled by presuming that each node across the network possesses the contact information for all bitcoin servers. Practically speaking, address managers usually include a random sample of all of the IP addresses of the nodes.
Each server is permitted to establish no more than eight outgoing connections with nodes included in the address manager of the server. An outgoing connection from Jon to Mark is a connection that has been initiated by Jon. Nevertheless, these TCP connections, once established, will behave in a bidirectional manner. Accordingly, the creators of Dandelion modeled the server-to-server connections’ subgraph as a random 16-regular graph.
The network is categorized into honest nodes and adversarial, or colluding nodes, who would try to deanonymize users. The creators of Dandelion assumed that all of the honest nodes would validate one transaction within a given period of time. Practically speaking, servers validate transactions at various rates; nevertheless, all transactions validated by a single node are referred to by means of the node’s public key. Consequently, Dandelion treats multiple transactions validated by the same node as one transaction to be deanonymized. Typically, a transaction usually needs up to 1 minute to be propagated all across the bitcoin network, so predicting its time of origin at a useful granularity of a couple of seconds, or a fraction of a second can be difficult.
X is the group of all transaction messages originating from honest servers. Xv refers to the transaction message broadcast by an honest server v and X refers to a vector that includes the ground truth mapping between transactions Xv and source nodes v. Dandelion models the mapping pattern between transaction messages and servers as being uniformly drawn from the group of all such mapping.
This is just a simple introduction to Dandelion. For more information, about its adversarial model, anonymity metric, please refer to the paper. Dandelion represents a redesign of bitcoin’s P2P network to promote anonymity of its users and shield it against attacks of distributed adversaries, such as botnets, who try to link transactions to the users who executed them. Dandelion’s networking policy is proven to achieve optimal anonymity guarantee via a simple implementation. Dandelion can achieve this guarantee through mixing transaction messages originating from various users on a graph that remains concealed from an adversary’s point of view.