Hacker News new | ask | show | jobs
by tromp 636 days ago
> When you publish a new transaction and broadcast it to your peers, the attacker can detect that it is indeed a new transaction (since it is the first time it's seen by the attacker nodes) and that the IP address of your node is the IP address of the transaction sender.

You're assuming that peers will relay new transactions to all their peers, but that is not the case with the Dandelion protocol that Monero adopted [1].

[1] https://resilience365.com/dandelion-for-monero/
1 comments
popol12 636 days ago
Yes, you're right However, even if Dandelion makes this task harder, the task remains essentially the same: controlling a significant amount of node
link
zigararu 636 days ago
What proportion of nodes? There are papers that analyse it but I haven't read closely or found a clear answer.

I suppose even if they controlled all but 2 nodes - the extreme case - even then they couldn't know with certainty which of the 2 nodes sent the transaction, so it could be argued that there is always plausible deniability.

link
popol12 636 days ago
Let’s call these 2 nodes N1 and N2. The case you mention only works if N1 is connected to the network only through N2, in which case when the attacker’s nodes receive a new transaction from N2 there is plausible deniability for both N1 and N2. In any other network topology, N1 and N2 are broadcasting their transactions to attackers node, which can then link then directly to N1 or N2. So no, this attack doesn’t require to own all the network.

I don’t know which threshold makes the attack practical though. I guess there is probably no threshold: the bigger the share of the network you own, the bigger your percentage of successful IP tagging is.

link
zigararu 635 days ago
I dont think that's how dandelion++ works; one of us is mistaken. In any network topology, I think it is possible that in the first step of the stem phase the transaction is propagated only from N1 to N2. It will be impossible for the other nodes to know if that happened or not, so they can't know whether N1 or N2 transmitted the transaction first. I could be mistaken but this is how i understand it.

I agree with what you say about the threshold.

link