Monero increases privacy with Dandelion++
Monero increases privacy with Dandelion++

Monero increases privacy with Dandelion++

By Gianni Morselli - 4 Mar 2020

Chevron down

Developer Lee Clagett has adapted Dandelion++ to Monero’s protocol through a soft fork in order to improve the privacy of the blockchain.

Monero is the most widely used privacy coin in the cryptocurrency landscape and has three key factors for long-term success: sufficient privacy, decentralization and promising adoption. 

Zcash‘s network, which has much better transaction obfuscation technology, has low usage of shielded transactions, compared to Monero which has all transactions shielded by default.

During 2019, Monero has greatly improved its technology. It solved the scalability problems with the introduction of blockchain pruning and improved the privacy of its transactions with last November’s fork, phasing out payment IDs and adding in the protocol the requirements of at least two outputs and 10 confirmations for each transaction. It also introduced a new PoW algorithm called RandomX, specifically optimized for CPUs, greatly penalizing ASIC or GPU mining.

Traceability of transactions via IP address

Monero uses Ring Signatures to mix the inputs and outputs of transactions, making it very difficult to track senders. 

However, there is one important aspect that is the result of Monero’s network architecture. The different nodes that make up Monero’s network are identified using IP addresses, presenting the risk of linking IP addresses to transactions. By training a botnet connected to Monero’s network, it might be possible to spy on transactions from different points of the network, in order to allow a time analysis against the information retrievable from the nodes.

This is a complex and laborious activity, but not so unlikely when considering that companies like Chainalysis are tracking transactions on the blockchain on behalf of governments, institutions and exchanges. Once the IP address is traced, it’s easy to trace the user’s identity and a wealth of information about them. This problem can be mitigated by using VPN connections or the TOR network, but Monero’s developers have thought to give more privacy to transactions in this respect as well, natively on the protocol.

How Dandelion++ works

Initially developed for Bitcoin by researchers at the University of Illinois, Dandelion is a method to hide this possible connection between sender and IP address and will be implemented in the Monero protocol in the next fork.

Right now, the Monero node that initiates the transmission of a new transaction uses a process called “flooding”, by which it communicates the transaction to all its connected nodes, which in turn communicate to all other nodes and so on, propagating the transaction to the whole network like a wave. 

Dandelion directs the transactions to a remote node in a special undetectable way before starting the spread. To do this, the researchers worked on mathematical models for anonymity used to study the various propagation techniques of a transaction, considering that a spy botnet may be present in the network. They discovered that current propagation techniques are inadequate to protect privacy.

To overcome this problem, Dandelion defines a process to find a proxy node to transmit (anonymization phase) and establishes another process for the transmission to the remaining nodes (diffusion phase). The two phases use different sets of P2P connections with the difference that the anonymization phase changes over time.

The process has been called Dandelion because the propagation of the transaction resembles the dandelion flower at the end of maturation. First, there is the search for a proxy node through a special linear path (the stem of the flower), then the spread from this proxy node quickly and symmetrically (the fluffy part that contains the seeds). If Dandelion is used by all nodes in the network, it proves to resist the spying of a botnet of nodes behaving as passive observers.

But what if the network is not composed only of honest nodes using Dandelion? 

Some nodes may not follow the rules and generate any number of outgoing connections to honest or contradictory nodes. To overcome this inconvenience, researchers have developed Dandelion++, introducing a dynamic node connectivity that proceeds at discrete intervals called epochs.

Each node changes epoch independently every few minutes, and at each new epoch, it selects two new connections at random from its outgoing connections called “relays”. Each time the node creates its own transaction, it sends it to one of these two relays, and each time it receives a transaction from another node for forwarding during the stem phase it randomly sends it to one of the two new relay connections.

The “fluff” phase in Dandelion++ has been improved by making communication times random in order to make it more difficult for spy nodes to find the source. At any given time, a node is randomly classified as either a relay or a speaker. If a node is a diffuser, each time it is given a transaction to be transmitted in the stem phase it transmits it using diffusion.

In addition, there is a fail-safe mechanism, whereby a timer is triggered when a node transmits a transaction during the stem phase. If during that time the node does not receive the transaction back in the spreading phase, it starts one of its own. The reason for this is that malicious nodes may discard transactions during the stem phase rather than forward them in a black hole attack.

The implementation in Monero

Developer Lee Clagett has adapted Dandelion++ to Monero’s protocol, and the pull request (the modification request on GitHub) is waiting for the necessary checks to be introduced into Monero’s code through a soft fork.

In tests conducted with the developed mathematical models, researchers have shown that transactions remain anonymous even with a high presence of spy nodes in the network. 

“Dandelion++ gives formal guarantees of resistance to deanonymization”.

This improvement leads to a slowdown of a few seconds in the propagation of transactions, but the developers do not believe that it affects the performance of the network. 

When used in conjunction with other security layers such as VPN and/or TOR that prevent monitoring by ISP providers), Dandelion++ guarantees a good level of anonymity.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.