D

dandelion++ for validator privacy

Eth2 validators have no privacy w.r.t their IP address, allowing for DOS attacks on block producers and censorship. Dandelion++ adds anonymity on the network layer to mitigate this.


The problem dandelion++ for validator privacy solves

Currently, IP addresses (physical location) and public key (on-chain identity) of validators can be trivially linked.
This is bad, since block producers for a specific epoch are known between 0 or 2 epochs in advance, they can be DOSed.
Potentially, blocks from validators in certain regions could be censored as well.

Dandelion++ is an anonymity-preserving gossip algorithm, originally designed for the Bitcoin mempool.

We implemented dandelion++ into JS and Go libp2p gossipsub and tested it with simulations and on an Ethereum consensus client (lodestar).

Since it de-links a node's IP (network identity) from their application (on-chain) identity, it helps mitigate DOS attacks and censorship with regards to block production and attestations. Similarly, it can be used for a transaction mempool to private privacy regarding where a transaction originated from.

See the dandelion++ paper here: https://arxiv.org/abs/1805.11060?context=cs

Challenges we ran into

Implementing dandelion++ was quite straightforward, but simulating it turned out to be a lot harder! Since you need a large, distributed network to properly test a gossip algorithm, we found it difficult to simulate and gather metrics on only our machines. We tried using various frameforks for testing Ethereum clients and p2p systems (kurtosis, testground), but these proved difficult to use. In the end we made a custom go-libp2p simulation program as well as testing Lodestar directly with the dandelion++ implementation.

Technologies used

Discussion