|
|
@ -66,7 +66,7 @@ Next, transactions are forwarded along this privacy graph during the "stem |
|
|
|
phase." Finally, messages are broadcast to the network during the "fluff phase" |
|
|
|
using the typical method of diffusion. |
|
|
|
|
|
|
|
[[File:bip-dandelion/1-dandelion.png|framed|center|alt=An illustration of Dandelion routing|Figure 1]] |
|
|
|
[[File:bip-0156/1-dandelion.png|framed|center|alt=An illustration of Dandelion routing|Figure 1]] |
|
|
|
Figure 1 |
|
|
|
|
|
|
|
In order to select the privacy graph in a decentralized manner, each node |
|
|
@ -94,7 +94,7 @@ fingerprint attack allowing network-level botnet adversaries to achieve total |
|
|
|
deanonymization of the P2P network after observing less than ten transactions |
|
|
|
per node. |
|
|
|
|
|
|
|
[[File:bip-dandelion/2-attack.png|framed|center|alt=An illustration of a fingerprint attack|Figure 2]] |
|
|
|
[[File:bip-0156/2-attack.png|framed|center|alt=An illustration of a fingerprint attack|Figure 2]] |
|
|
|
Figure 2 |
|
|
|
|
|
|
|
During a fingerprint attack, a botnet-style adversary with knowledge of the |
|
|
@ -104,7 +104,7 @@ attack, the adversary collects transactions at its spy nodes and matches these |
|
|
|
observations to the simulated fingerprints. Our simulations have shown that this |
|
|
|
attack results in devastating, network-wide deanonymization. |
|
|
|
|
|
|
|
[[File:bip-dandelion/3-attack-plot.png|framed|center|alt=A plot illustrating total deanonymization|Figure 3]] |
|
|
|
[[File:bip-0156/3-attack-plot.png|framed|center|alt=A plot illustrating total deanonymization|Figure 3]] |
|
|
|
Figure 3 |
|
|
|
|
|
|
|
To avoid this issue, we suggest "per-inbound-edge" routing. Each inbound peer is |
|
|
@ -123,7 +123,7 @@ words, adversary knowledge is limited to the case of one observed message rather |
|
|
|
than a rich profile of multiple transaction paths. Dandelion also breaks the |
|
|
|
symmetry of diffusion, making the source of the transaction difficult to infer. |
|
|
|
|
|
|
|
[[File:bip-dandelion/4-dandelion-plot.png|framed|center|alt=A plot illustrating limited deanonymization|Figure 4]] |
|
|
|
[[File:bip-0156/4-dandelion-plot.png|framed|center|alt=A plot illustrating limited deanonymization|Figure 4]] |
|
|
|
Figure 4 |
|
|
|
|
|
|
|
After a transaction has traveled along a Dandelion stem for a random number of |
|
|
@ -280,10 +280,10 @@ referencing Dandelion transactions. |
|
|
|
==Implementation== |
|
|
|
|
|
|
|
A reference implementation is available at the following URL: |
|
|
|
https://github.com/mablem8/bitcoin/tree/dandelion-feature-commits |
|
|
|
https://github.com/dandelion-org/bitcoin/tree/dandelion-feature-commits |
|
|
|
|
|
|
|
All features have been compressed into a single commit at the following URL: |
|
|
|
https://github.com/mablem8/bitcoin/tree/dandelion |
|
|
|
https://github.com/dandelion-org/bitcoin/tree/dandelion |
|
|
|
|
|
|
|
==Compatibility== |
|
|
|
|
|
|
|