Nostr Web Client

I wrote a very basic overview of watermarking, fingerprinting, timing analysis and supernodes for Bitcoin Magazine's last print issue, which is pretty much an unsolicited advertisement for why I think we need a second mempool (and also mixnets, but thats a longer story). Since no one cares about stuff like this on Twitter anyway, I'll explain here.

Bitcoin has a privacy issue on baselayer. I know this. You know this. Everybody knows this. The problem is that there's a lot of stuff we can't do to solve this issue without completely fucking up how Bitcoin works, like, say, anonymous amounts. But there is some stuff we *can* do to increase privacy on the Bitcoin baselayer. One of those things is incorporating a second mempool to integrate Dandelion++, the routing protocol used in Monero. Hear me out.

One of the ways blockchain surveillance firms identify who what transactions belong to on the Bitcoin blockchain is by operating so-called supernodes. A supernode sets up as many connections to other nodes as it can, and by doing so can establish where a transaction was first seen in the peer-to-peer network, ergo ascribe whom a transaction belongs to.

Here's where Dandelion++ comes in. Instead of propagating transactions to *all* connected peers, Dandelion++ propagates transactions like, well, a Dandelion.

In Dandelion++ propagation, Bitcoin nodes send transactions to *one* peer, instead of to all of them. This peer sends it to another peer, they send it to another peer, and so on and so forth. This is called the "stem phase".

When we've established enough plausible deniability, Dandelion++ reaches the "fluff phase". At this point, a node that did not *create* the transaction, but is simply relaying it, propagates it to all nodes in the network it is connected to, including supernodes, and the next node does the same, and so on and so forth – business as usual.

Incorporating Dandelion++ (or any other anonymizing propagation protocol, like Dandelion, Dandelion Lite, or Clover) would arguably seriously fuck up the blockchain surveillance stick as we are taking away the most obvious attack vector for blockchain surveillance firms. It's also not a trivial task, see ajtowns' overview of stempools (and no one wants to maintain another mempool on bitcoin, if we're honest). But it's a really interesting proposal to think about to increase privacy on Bitcoin that, yes, would be a lot of work to implement and maintain, but also does not get talked about enough imo for everyone yapping about Bitcoin baselayer privacy.

AJ Towns' Stempool overview: https://gist.github.com/ajtowns/f3a19c33b80750a47c5b83ecf6a09aaf

BM Article:

https://bitcoinmagazine.com/print/whistleblowing-in-the-surveillance-age

Reply to this note

Please Login to reply.

Discussion

Juan 🍁 1y ago

I've never heard of this, thx for sharing

liminal 🦠 1y ago

I need to learn more but this is interesting

<old>cypherhoodlum 1y ago

Stempool is an interesting idea for achieving privacy on bitcoin base layer.

nostr:nevent1qqsrtqa8rrkmgnn2lyc548htdylx0wkpcy7vlrmclpz072h0dglhs3qpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzpk9xancv89h24rme53yhl6dh0hyhwce528eu5hrrfcsgvkg3vermqvzqqqqqqy0v2yy6

BE 1y ago

Thanks for this good info. I’ll look up your article in Bitcoin Magazine also. I can’t do much to help directly bring this into implementation, but I can be one of many voices supporting and using it as it gets started. I expect the fight to preserve privacy against the authoritarian attacks by most governments is going to be a hundred years war, and it takes mire than front line warriors to win such a war. Keep up the good and intelligent fight!!

Big Barry Bitcoin 1y ago

I've heard about dandelion, not of the stempool stuff though. 🙏

ShiShi21m 1y ago

So all the transactions coming from dandelion++ mempool flood original mempool & then selected by fees as usual?

I assume you'd have to attach a second fee for the dandelion++ mempool to take your TX?

andrewtoth 1y ago

This is a much simpler alternative that achieves the same thing, and has a PR ready to be merged today. IMO you should promote review of this to get merged asap instead of dandelion which has been around as an idea for a decade.

https://github.com/bitcoin/bitcoin/pull/29415

High Heel King 1y ago

Hmmm

andrewtoth 1y ago

It offloads the onion routing to Tor and I2P, two of the best anonymity networks to achieve an even better level of privacy. Building out a Bitcoin specific onion routing network using a parallel mempool is a fool's errand and will not be able to achieve the same results as the best researched and developed networks built specifically for anonymity.

L0la L33tz 1y ago

This is a work around but it does not achieve „the same thing“

andrewtoth 1y ago

> A supernode [...] can establish where a transaction was first seen in the peer-to-peer network, ergo ascribe whom a transaction belongs to.

It completely removed this ability of the supermodel, whereas with dandelion the supernode still has at least one peer it can ascribe ownership to. So it is even better than dandelion.

How do you think it falls short of achieving the same thing?

L0la L33tz 1y ago

because it only works for nodes running behind Tor/I2P, which means that it improves obfuscation only to that percentage. Definitely better than nothing, but not complete heuristic breakage which Dandelion++ etc aim to achieve. I like that your autocorrect turns supernodes into supermodels though.

andrewtoth 1y ago

That's not exactly true though, your node and the peer you anonymously connect to can both be clearnet for Tor. You just need a tor proxy available to your node and it can route it through an exit node.

Similar for I2P, except the peer must be behind I2P as well.

It breaks all heuristics if used today for any transactions sent with it. For dandelion, you need many peers running it to hide in an anonymity set.

L0la L33tz 1y ago

Right but propagating exclusively via Tor/I2P even via proxy is not desirable for everyone due to reliability, but again its def an improvement. I don't think an anonymity set assumption makes sense for Dandelion++ as we're not hiding in a crowd, it's rather the idea of a sneakernet: since P2P traffic is encrypted now it's more the idea of passing messages out of band. You could likely observe who is running a stempool, but shouldn't be able to see much more beyond that

andrewtoth 1y ago

I don't think any new onion routing network bolted on to the Bitcoin network will be able to be more reliable than Tor or I2P with decades of research and development. Not to mention that Tor and I2P exist today and dandelion is vaporware that will never realistically be built.

nostr:nevent1qqsqa9mt93l2xqqqesssuqp3xy4ez00zf093zp6znh5x6t64ru05e6cpz3mhxue69uhkummnw3ezummcw3ezuer9wcpzqyxuxzmh6ewz3pxsyfkcatfd2t2s6an8q0laemalfgr3k0nn97n8qvzqqqqqqy0te4c9

L0la L33tz 1y ago

I don't think it makes sense to compare the two. Tor and Dandelion serve completely different purposes. Let's agree to disagree.

vnprc 1y ago

Doesn't erlay solve this problem by allowing a node to 'broadcast' transactions using reconciliation instead of flooding?

https://github.com/bitcoin/bips/blob/master/bip-0330.mediawiki

L0la L33tz 1y ago

Oh wow good question! I dont think so bc Erlay‘s goal is scaling not privacy, as it assumes that „every unreachable node is directly connected to several reachable nodes, this policy ensures that a transaction is quickly propagated to be within one hop from most of the nodes in the network“ - I think that obfuscating one hop (sometimes, not all the time) as a byproduct would probably not be enough to reliably break BS heuristics, but I wonder if parts of the BIP could be used to improve the stempool idea - would def be interesting to see an analysis from a privacy perspective for this!

vnprc 1y ago

I think you just need some way to prevent your tx from being flooded. If the default setting was to never 'upgrade' a reconciliated tx to a flooded tx it should diffuse slowly through the p2p network. Maybe this makes it more vulnerable to timing analysis but iirc there was some random delay built in. I'm fuzzy on details, it's been a long time since I studied the erlay proposal. Plus implementation details may differ significantly from the original paper.

Cody 1y ago

Holy shit can't wait to read through this!

Chuck Langstrumpf 1y ago

why not dump on wallstreet and convert btc to monero?

Layerjack (Onion Knight) 1y ago

Cause BTC is better for number go up, and bitfags just want to exchange it for USD

Chuck Langstrumpf 1y ago

dumping on wallstreet was our dream from the beginning, it is time.

Layerjack (Onion Knight) 1y ago

I don't understand it. What use is it to you? Ideological thing aka "kill the kikes"?

Chuck Langstrumpf 1y ago

who are the kikes?

Layerjack (Onion Knight) 1y ago

Janet Yellen and alike.

Chuck Langstrumpf 1y ago

My use is independence of a tyrannical state. Freedom, thats it.

Layerjack (Onion Knight) 1y ago

You're also free to accept the utility of a tyrannical state. If you make the right connections, you can take a lot for yourself, and have control over plundered resources.

Chuck Langstrumpf 1y ago

Sure, but do i want to lick the feet of those people in order to take something for myself? No.

Layerjack (Onion Knight) 1y ago

Let's say 1 BTC per lick. You'd say no to that? I bet you'll polish the boot so it looks like Swiss cheese after you're done 😁

Chuck Langstrumpf 1y ago

No amount of BTC can buy you self respect.

Layerjack (Onion Knight) 1y ago

Wanna buy mine for 1 BTC? 😀

Chuck Langstrumpf 1y ago

I can give you 0.1 Wownero for that ;)

Layerjack (Onion Knight) 1y ago

6 million DOGE.

Chuck Langstrumpf 1y ago

0.1337 Wownero

Layerjack (Onion Knight) 1y ago

Not worth setting up the wallet. I thought you were gonna dump on Wall St, but you're just as stingy as the kikes?

Chuck Langstrumpf 1y ago

i dont know if you have any self respect left, so 0.1337 Wownero is already a generous offer

Layerjack (Onion Knight) 1y ago

It's okay. Better to have a big cock than big self respect anyway 😁

Chuck Langstrumpf 1y ago

your wife said that to me too

Alfred Hodler 1y ago

Yesterday I published a lightweight tool that broadcasts transactions in a private manner through Tor. Seems much simpler than Dandelion. It can be integrated into wallets too.

https://github.com/alfred-hodler/pushtx

The real prophet Muhhammed who invented islam aka False Idol #1 1y ago

Has literally been in discussion since 2018

https://bitcoinops.org/en/topics/dandelion/

Skaag 1y ago

This is absolutely inevitable by the way. I've been saying this for years. Bitcoin is software, and it will ultimately be forced to adopt the best innovations from other blockchains. The recent attacks on the Ethereum blockchain prove that Bitcoin's slow rate of progress may be a good thing in the long run. While other blockchains attempt to survive and innovate in a Game of Thrones style environment, Blockchain can bid its time and adopt the best tech on a per-need basis.