Bitcoin and other cryptocurrencies have surged in popularity over the last decade. Although Bitcoin does not claim to provide anonymity for its users, it enjoys a public perception of being a privacy preserving financial system. In reality, cryptocurrencies publish users' entire transaction histories in plaintext, albeit under a pseudonym; this is required for transaction validation. Therefore, if a user's pseudonym can be linked to their human identity, the privacy fallout can be significant. Recently, researchers have demonstrated deanonymization attacks that exploit weaknesses in the Bitcoin network's peer-to-peer (P2P) networking protocols. In particular, the P2P network currently forwards content in a structured way that allows observers to deanonymize users. In this work, we redesign the P2P network from first principles with the goal of providing strong, provable anonymity guarantees. We propose a simple networking policy called Dandelion which provides quasi-optimal, network-wide anonymity, with minimal cost to the network's utility. We also discuss practical implementation challenges and propose heuristic solutions.
[1]
Andrew K. Miller,et al.
Dandelion++
,
2018,
Proceedings of the ACM on Measurement and Analysis of Computing Systems.
[2]
Andrew Miller,et al.
Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
,
2018,
SIGMETRICS.
[3]
Alex Biryukov,et al.
Deanonymisation of Clients in Bitcoin P2P Network
,
2014,
CCS.
[4]
Patrick D. McDaniel,et al.
An Analysis of Anonymity in Bitcoin Using P2P Network Traffic
,
2014,
Financial Cryptography.
[5]
Stefan Savage,et al.
A fistful of bitcoins: characterizing payments among men with no names
,
2013,
Internet Measurement Conference.
[6]
Adi Shamir,et al.
Quantitative Analysis of the Full Bitcoin Transaction Graph
,
2013,
Financial Cryptography.