DevelopmentTechZcoin Blog

What is Dandelion and how it can improve Zcoin’s privacy

By July 26, 2018 No Comments

Privacy in a cryptocurrency is dependent on two factors. The first and most important one is blockchain privacy. Zcoin provides blockchain privacy by using the Zerocoin protocol to make sure transactions cannot be traced. The other factor is network privacy. This is provided by Zcoin’s integration of Tor. To learn the differences between these two privacy factors, you can read more in our article “The Difference between Privacy on the Blockchain and hiding your IP address“.

What does Dandelion add?

Dandelion provides network privacy that further conceals the IP address of someone broadcasting a transaction. Dandelion is the result of the research work of  Giulia Fanti, Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Bradley Denby, Shruti Bhargava, Andrew Miller and Pramod Viswanath.

To understand the problem Dandelion solves, we need to understand how Bitcoin, Ethereum, and almost every other cryptocurrency propagate transactions over the nodes in the network. Nodes are computers that keep a copy of the blockchain and verify transactions. When you send a transaction, it is broadcast to all the nodes that you are connected to. Once your transaction has reached one of the next nodes, this node itself will broadcast it to all other nodes it is connected to. It’s almost like a chain reaction.

When this process is repeated enough times, a huge portion of the network will be aware of the transaction and it usually takes less than 10 seconds. This propagation method is aptly called Bitcoin’s “gossip” protocol. That is because every node is telling all the other nodes they know about what they have just seen.

Identifying the originating IP address of the transaction can be done if someone controls enough nodes on the network to observe how the transactions travel through the network. That way he can check when a transaction has been received in which part of the network. By seeing which nodes “see” the transaction first and observing the propagation patterns, an estimate of the IP address that originated the transaction can be made. A study indicates that the accuracy of these methods can be in between 11% to 60%.

How does it work?

Dandelion works by modifying the way nodes communicate with each other. It does this in two phases, the stem phase and the fluff phase.

In the stem phase, instead of just gossiping the transaction to all other nodes it sees, Dandelion first relays the transaction to just one other node. The transaction then gets transmitted from node to node.

Explanation of Dandelion Routing

At a random time in the process, the node then initiates the fluff phase. This sets the mode of transport back to gossip mode and tells all connected nodes about the transaction. This means that even if the node that “gossiped” first was identified in a network analysis, that node wouldn’t necessarily be the one that originated the transaction given it had gone through several other nodes in the ‘stem’ phase.

An easy way to visualize it is how a juicy piece of gossip can spread. In the normal traditional model, everyone’s a blabber mouth and whatever secret you tell them gets told to everyone they know. In Dandelion, it more mimics how a gossip can spread in real life:


Kathy: “Pssst, I have a massive crush on Nuwa. Please don’t tell anyone”
George: “OMG, did you know what Kathy told me? She has a massive crush on Nuwa. I only told you, please don’t tell anyone”
Alice: “Betty, you won’t believe what Kathy’s best friend, George just told me, Kathy is crushing hard on Nuwa! You’re my best friend so I only told you, please don’t tell anyone okay!”

Blabbermouth Betty: “Oh wow hot news…I have it from good sources that Kathy has a huge crush on Nuwa…Please tell everyone this is so exciting!”

As you can see the news is at first contained between Kathy, George and Alice until it reaches Betty. When bringing it to into the transaction model, the first few nodes do not expose the transaction publicly until randomly one of the nodes flips a coins and decides it’s time to enter into a fluff phase when then all nodes start seeing the transaction.

Why do we need Dandelion given that we already have Tor?

Tor provides good everyday protection for most users but using it can be slow since bandwidth is limited. Furthermore, the study quoted above also shows how an attack can be mounted to make nodes reject or blacklist Tor connections and deanonymize transactions.

Tor and Dandelion can work together to provide even stronger network layer anonymity when doing transactions on the blockchain. What’s even better is that even without TOR, Dandelion on its own also provides a good degree of protection, for users who do not wish to use Tor.

How far is Zcoin’s development with Dandelion?

We are set to release Dandelion integration sometime in August 2018 barring any unforeseen circumstances and are currently testing our code.