Here, I outline an approach that is based on Dandelion++ (an easier version to understand can be found here), which is targeted for the Bitcoin network. I have made amendments in an attempt to make this relevant for ETH2.0 networking requirements. Note that most likely none of the privacy guarantees from Dandelion++ will be transferred over to this proposal and is mainly a part of the brainstorming on p2p privacy in ETH2.0
If there are any issues with some of the assumptions I have made, please leave a comment! I am in the process of gaining experience in this field and I am fully aware that I might make a lot of naive assumptions. Also, sorry for the lack of structure. Writing isn't my strong suit.
The adversarial model that I am going to assume is the same put forth in the Dandelion++ paper. It will be restated here for ease of understanding.
The adversarial model is as follows:
- A botnet can establish an arbitrary amount of outbound connections to nodes and can corrupt any node (Beacon node, validator node, etc) in the network
- A botnet is trying to connect validators' actions to IP addresses.
- Any adversarial host cannot influence an honest node to create outbound connections.
- All adversaries log as much information as they can about the state of the network e.g. timestamps, attestations, control packets,etc
The Dandelion++ protocol works in 3 phases:
- A random subgraph of the underlying P2P network topology is selected. This subgraph is known as the anonymity graph. In Dandelion++, it is an approximate 4-regular graph.
- Stem phase: During this phase, a peer sends pseudo-randomly selects 1 peer to send a message to. Once a message is relayed to another peer, that peer does the same thing and relays the message to another pseudo-randomly selected peer. This path is on the anonymity graph.
- Fluff phase: When the stem phase ends, the last peer to receive the message now, using diffusion, broadcasts the message to all the other nearby peers.
Note that not all nodes would need to adapt the above approach in order to take advantage of some of the privacy guarantees.
The main issue with the Dandelion++ protocol is that it increases latency in the p2p network. For a cryptocurrency like Bitcoin, where it takes on average 10 mins to create a block, this might not be an an issue. However, for ETH2.0, where block creating is done within seconds, this is going to be a serious issue.
Currently, the networking in ETH2.0 is based on a pubsub system called gossipsub. All the shards are topics and nodes can subscribe to a particular topic i.e. shard in the network. Validators are pseudo-randomly assigned to shards by the beacon chain. Thus, upon being assigned to a shard, a validator must subscribe to that shard in order to receive messages related to that shard. Similarly, if it wants to publish to that shard.
One way to apply a Dandelion++-like approach is to apply the first 2 phases of Dandelion++ before applying gossipsub. So, route messages through a randomly generated anonymity graph then route messages using the gossipsub protocol. Doing this would make it harder for an adversary to discover the source node of the message but they could find the node that did the actually spreading of the message to the rest of the subscribed nodes. This method provides a way to obfuscate the source of a message. Depending on how much privacy at the p2p level is acceptable, this may be enough.
Here, I outline an approach that is based on Dandelion++ (an easier version to understand can be found here), which is targeted for the Bitcoin network. I have made amendments in an attempt to make this relevant for ETH2.0 networking requirements. Note that most likely none of the privacy guarantees from Dandelion++ will be transferred over to this proposal and is mainly a part of the brainstorming on p2p privacy in ETH2.0
If there are any issues with some of the assumptions I have made, please leave a comment! I am in the process of gaining experience in this field and I am fully aware that I might make a lot of naive assumptions. Also, sorry for the lack of structure. Writing isn't my strong suit.
The adversarial model that I am going to assume is the same put forth in the Dandelion++ paper. It will be restated here for ease of understanding.
The adversarial model is as follows:
The Dandelion++ protocol works in 3 phases:
Note that not all nodes would need to adapt the above approach in order to take advantage of some of the privacy guarantees.
The main issue with the Dandelion++ protocol is that it increases latency in the p2p network. For a cryptocurrency like Bitcoin, where it takes on average 10 mins to create a block, this might not be an an issue. However, for ETH2.0, where block creating is done within seconds, this is going to be a serious issue.
Currently, the networking in ETH2.0 is based on a pubsub system called gossipsub. All the shards are topics and nodes can subscribe to a particular topic i.e. shard in the network. Validators are pseudo-randomly assigned to shards by the beacon chain. Thus, upon being assigned to a shard, a validator must subscribe to that shard in order to receive messages related to that shard. Similarly, if it wants to publish to that shard.
One way to apply a Dandelion++-like approach is to apply the first 2 phases of Dandelion++ before applying gossipsub. So, route messages through a randomly generated anonymity graph then route messages using the gossipsub protocol. Doing this would make it harder for an adversary to discover the source node of the message but they could find the node that did the actually spreading of the message to the rest of the subscribed nodes. This method provides a way to obfuscate the source of a message. Depending on how much privacy at the p2p level is acceptable, this may be enough.