Zcoin is the first cryptocurrency to implement Dandelion privacy protocol
Zcoin is now protecting user IP addresses with flower power.
Although if you want to get super literal, it might be the second. Dandelion was tested in runs on the bitcoin network, where researchers modified the Bitcoin Core client to set up their own circle of Dandelion nodes on the bitcoin network.
Dandelion is the work of researchers from Carnegie Mellon, MIT and the University of Illinois; Giulia Fanti, Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Bradley Denby, Shruti Bhargava, Andrew Miller and Pramod Viswanath.
It was intended to present a solution to certain "de-anonymisation attacks".
Basically, bitcoin is a network of peers, where each peer is identified by a combination of its IP address and port. Whenever a node generates a transaction, it broadcasts a record of this transaction over the peer to peer network. The transaction record doesn't actually include the sender's IP address, of course. Only the pseudonymous wallet address is publicly available.
The problem is that transactions tend to spread around the bitcoin network in a certain way, like the way ripples spread outwards in concentric circles from a pebble dropped into water. So when someone with enough know-how and time on their hands monitors transactions as they spread through the network, they can observe these patterns to make an educated guess at the source of the transaction – just like you can look at ripples in a pond and guess where the pebble was dropped. Using new wallet addresses for each transaction doesn't help much either, because the ripples will still keep originating from the same place.
So with a bit of patience, someone can observe enough ripples to get a good idea of where the pebbles are being dropped, and start associating ripples with pebbles. Now they've managed to associate certain transactions and wallet addresses with IP addresses. And IP addresses can in turn be deciphered to deduce physical location.
Consider what might happen if a watcher manages to track a lot of large transactions to an IP address, picks out the real world location of that IP address, and then decides to go pay them a visit with the expectation of finding a lot of money there.
"There is a lot of sensitive information in people's financial transactions, so it's important to ensure that their data can't be exploited by malicious agents, especially given the public nature of cryptocurrencies. Dandelion protects users from adversaries who might try to link their cryptocurrency transactions to an IP address," says Giulia Fanti, Dandelion researcher and assistant professor of electrical and computer engineering at Carnegie Mellon University.
There are ways to minimise and avoid the risk, and privacy-conscious bitcoin users will commonly route their network traffic through Tor (The Onion Router) to better hide themselves. But it's not perfect and limits functionality in some ways.
“Unlike using Tor, Dandelion is implemented within the existing cryptocurrency peer-to-peer network, so it doesn't rely on (or impose costs on) an external service. It's also lightweight and fairly easy to implement on top of existing cryptocurrency gossip networks because it does not use encryption," explains Andrew Miller, Dandelion researcher and assistant professor at the University of Illinois.
"Expecting bitcoin users to route their traffic through Tor (or a similar service) poses several challenges, depending on the mode of integration," the research paper notes. "...many Bitcoin users are unaware of bitcoin's privacy vulnerabilities and/or may lack the technical expertise to route their transactions through Tor."
They also flirted with the idea of hard coding Tor-like functionality into the system, but moved away from that on account of it being super complicated.
"One option would be to hard-code Tor-like functionality into the cryptocurrency's networking stack; for instance, Monero is currently integrating onion routing into its network. However, this requires significant engineering effort; Monero’s development effort is still incomplete after four years," they say.
The name comes from the shape of a dandelion, as a stem leading to a fluffy bit on top. It works by essentially bouncing transactions to a random new location before it starts propagating across the network. In other words, the ripples will come from a random part of the pond even if you keep dropping pebbles in the same spot.
Visualised, this looks like a dandelion. The stem is when a transaction is initially bounced to a random new location, and the fluff is the transaction propagating around the network. The benefits are best realised when an entire network is updated to use Dandelion Protocol, rather than just having a few nodes in the network using it.
For the end user, the effect is another layer of protection for their IP address. It's not perfect, but as far as anyone knows it's probably one of the most practical solutions that doesn't involve the use of cumbersome encryption. One of the key benefits might be that it can be permanently built into systems to help protect all users much more effectively, without any real downsides.
"We're excited to be adding yet another layer of privacy to reduce the likelihood of any linkability to personal information like IP addresses to transactions," says Zcoin CEO Reuben Yap. "Dandelion is an elegant and lightweight solution to further conceal IP addresses and we are proud to be the first to implement it in a cryptocurrency. Having an IP address connected to a transaction can give information as private as your physical location, name and account balance - the exposure of this can have very far reaching ramifications."
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA
- Tim Draper: Bitcoin ahead of schedule to hit $250,000, may be as early as 2022
- France to pilot national digital currency in Q1 2020, the first in Europe
- Bakkt CEO Kelly Loeffler appointed to US Senate, will depart Bakkt
- Dash cryptocurrency: How Moocowmoo’s alleged exit scam could destroy Dash
- Self-sovereign cryptocurrency private key recovery introduced by Squarelink
Picture: Shutterstock, Greg Hume via Wikimedia Commons