Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees

Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that originated them. This lays the groundwork for low-cost, large-scale deanonymization attacks. In this work, we present Dandelion++, a first-principles defense against large-scale deanonymization attacks with near-optimal information-theoretic guarantees. Dandelion++ builds upon a recent proposal called Dandelion that exhibited similar goals. However, in this paper, we highlight some simplifying assumptions made in Dandelion, and show how they can lead to serious deanonymization attacks when violated. In contrast, Dandelion++ defends against stronger adversaries that are allowed to disobey protocol. Dandleion++ is lightweight, scalable, and completely interoperable with the existing Bitcoin network.We evaluate it through experiments on Bitcoin's mainnet (i.e., the live Bitcoin network) to demonstrate its interoperability and low broadcast latency overhead.

[1]  ChaumD. The dining cryptographers problem , 1988 .

[2]  Bruce S. Davie,et al.  Computer Networks: A Systems Approach , 1996 .

[3]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[4]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[5]  Emin Gün Sirer,et al.  Herbivore: A Scalable and Efficient Protocol for Anonymous Communication , 2003 .

[6]  Alexander Schrijver,et al.  Combinatorial optimization. Polyhedra and efficiency. , 2003 .

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  Ari Juels,et al.  Dining Cryptographers Revisited , 2004, EUROCRYPT.

[10]  Ramnath K. Chellappa,et al.  Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma , 2005, Inf. Technol. Manag..

[11]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Bruce S. Davie,et al.  Computer Networks ISE: A Systems Approach , 2007 .

[13]  M. Mézard,et al.  Information, Physics, and Computation , 2009 .

[14]  Carmela Troncoso,et al.  The Wisdom of Crowds: Attacks and Optimal Constructions , 2009, ESORICS.

[15]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[16]  Carmela Troncoso,et al.  Drac: An Architecture for Anonymous Low-Volume Communications , 2010, Privacy Enhancing Technologies.

[17]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[18]  Ramzi A. Haraty,et al.  I2P Data Communication System , 2011, ICON 2011.

[19]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[20]  Martin Vetterli,et al.  Locating the Source of Diffusion in Large-Scale Networks , 2012, Physical review letters.

[21]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[22]  Stefan Katzenbeisser,et al.  Structure and Anonymity of the Bitcoin Transaction Graph , 2013, Future Internet.

[23]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[24]  Prateek Mittal,et al.  Pisces: Anonymous Communication Using Social Networks , 2013, NDSS.

[25]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[26]  Jared Saia,et al.  Towards Provably-Secure Scalable Anonymous Broadcast , 2013, FOCI.

[27]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[28]  Philip Koshy CoinSeer: A Telescope Into Bitcoin , 2013 .

[29]  A robust information source estimator with sparse observations , 2014 .

[30]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[31]  WangZhaoxu,et al.  Rumor source detection with multiple observations , 2014 .

[32]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[33]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[34]  Chee Wei Tan,et al.  Rumor source detection with multiple observations: fundamental limits and algorithms , 2014, SIGMETRICS '14.

[35]  Alex Biryukov,et al.  Deanonymisation of Clients in Bitcoin P2P Network , 2014, CCS.

[36]  Pramod Viswanath,et al.  Spy vs. Spy , 2014, SIGMETRICS.

[37]  Alex Biryukov,et al.  Bitcoin over Tor isn't a Good Idea , 2014, 2015 IEEE Symposium on Security and Privacy.

[38]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[39]  Andrew Miller,et al.  Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[40]  J. Bohannon Why criminals can't hide behind Bitcoin , 2016 .

[41]  Laurent Vanbever,et al.  Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies , 2016, ArXiv.

[42]  Pramod Viswanath,et al.  Anonymity Properties of the Bitcoin P2P Network , 2017, ArXiv.

[43]  Pramod Viswanath,et al.  Dandelion: Redesigning the Bitcoin Network for Anonymity , 2017, Proc. ACM Meas. Anal. Comput. Syst..

[44]  Ethan Heilman,et al.  TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub , 2017, NDSS.

[45]  Andrew Miller,et al.  Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees , 2018, Proc. ACM Meas. Anal. Comput. Syst..