The Dandelion project was first shown off by a group of developers in January 2017 as a way to enhance privacy in bitcoin’s transaction propagation. By June 2017, they managed to set up a working implementation of the project on the Bitcoin testnet and invited peer review.
The concept was designed by Zcash advisor and developer Andrew Miller. The project contributors also include Giulia Fanti, an assistant professor at Carnegie Mellon University, and other University of Illinois researchers.
How does Dandelion Improve Transaction Privacy?
Dandelion is best described by the proposal’s wiki on Github, which goes on to explain that the system works in two distinct phases, called the “stem” and “fluff” stages respectively. In essence, it is a routing protocol that overcomes deanonymization techniques that have been demonstrated in the past to uncover the identity of bitcoin users.
“During the stem phase, each node relays the transaction to a single peer. After a random number of hops along the stem, the transaction enters the fluff phase, which behaves just like ordinary flooding/diffusion. Even when an attacker can identify the location of the fluff phase, it is much more difficult to identify the source of the stem.”
In simpler words, the ‘stem’ refers to the data unique to a transaction, whereas ‘fluff’ is the process through which the sender’s IP address is hidden. By preventing nodes from ‘listening’ and finding out where a transaction originated, user privacy is improved by virtue of reducing the effectiveness adversaries can de-anonymize the network.
When first revealed, some speculated that while the Dandelion Project will bring a much-needed boost to the privacy and security capabilities of bitcoin, its effect may be somewhat short-lived and akin to a band-aid on a larger problem. Well-known Bitcoin Core developer Greg Maxwell alluded to this issue himself in his reply to the mailing list in 2017, stating that malicious actors could still cross-check transaction patterns to identify the origin of the transaction.
A year after concerns revolving around a deanonymization attack initially cropped up though, it appears as if the project’s authors finally have a solution. In another email sent to the bitcoin developer (bitcoin-dev) mailing list, the team suggested a feature to combat the issue, dubbed the “per-inbound-edge.” With the measure, transactions would be hopped through different nodes to prevent tracing attempts.
Bitcoin Network Upgrades
Any update to the Bitcoin protocol, including the one proposed by the Dandelion Project, needs to be approved by a majority of all nodes on the network. The last major update to the Bitcoin network was the launch of Segregated Witness (SegWit) in late August 2017, codenamed BIP-141.
The term BIP is shorthand for a Bitcoin Improvement Proposal. Any new change to the network must be drafted thoroughly in the document for anyone to audit and review. The Dandelion BIP was first submitted to the bitcoin developer mailing list in June 2017 for feedback when it attracted the attention of Greg Maxwell.
Once the Dandelion project is ready to be launched, a BIP number will be assigned. Post that, it will be up to nodes on the network, the metaphorical guardians of any cryptocurrency, to accept the change.