Abstract

Recent work has demonstrated significant anonymity vulnerabilities in\nBitcoin's networking stack. In particular, the current mechanism for\nbroadcasting Bitcoin transactions allows third-party observers to link\ntransactions to the IP addresses that originated them. This lays the groundwork\nfor low-cost, large-scale deanonymization attacks. In this work, we present\nDandelion++, a first-principles defense against large-scale deanonymization\nattacks with near-optimal information-theoretic guarantees. Dandelion++ builds\nupon a recent proposal called Dandelion that exhibited similar goals. However,\nin this paper, we highlight simplifying assumptions made in Dandelion, and show\nhow they can lead to serious deanonymization attacks when violated. In\ncontrast, Dandelion++ defends against stronger adversaries that are allowed to\ndisobey protocol. Dandelion++ is lightweight, scalable, and completely\ninteroperable with the existing Bitcoin network. We evaluate it through\nexperiments on Bitcoin's mainnet (i.e., the live Bitcoin network) to\ndemonstrate its interoperability and low broadcast latency overhead.\n