P2P-level attack on Dandelion++ on Monero and how to prevent it on Zec

fireice_uk · November 7, 2020, 8:56am

As you probably know, Monero users are getting their their transaction correlated and personal details dragnetted out on a daily basis now.

This shows how critical is the “forgotten layer” (p2p) of blockchain to privacy coins. ZF has already published a blog about it - Assessing Mixnet Production-Readiness - zcash foundation . Unfortunately for us, the ideal contender for a private broadcast protocol (a high-latency mixnet) likely will never be developed as there are simply no other applications outside of transaction broadcasts that justify the time and effort needed.

I would personally recommend funding the development of such mixnet through the grants system - even though it will likely to be a “capital-scale” project involving at least half a dozen people.

tromer · November 7, 2020, 5:03pm

Can you please provide references for this?

We know that various attacks are possible in principle, but I wonder what’s known about p2p-level deanonymization attacks/analysis already underway.

fireice_uk · November 7, 2020, 6:07pm

I got in trouble with the temporary community mods for posting the link to the site - so follow the white rabbit - https://twitter.com/fireice_uk/status/1324979665153499136

Tsupportisharmful · July 7, 2025, 8:01pm

In 2025 Dandelion++ is still not perfect but getting better (it was discussed and compared
to Clover at MoneroKon 2025).

Network level privacy should matter to all blockchains but especially those like Monero and Zcash where privacy is a core focus. Let’s keep working hard to improve!

Some relevant links:

github.com/monero-project/monero

p2p: Improved peer selection with /24 subnet deduplication to disadvantage 'spy nodes'

master ← rbrunner7:peers

opened 02:59PM - 30 May 25 UTC

rbrunner7

+182 -99

For background info about those "spy nodes" check [this GitHub issue](https://gi…thub.com/monero-project/research-lab/issues/126), [this Reddit post](https://www.reddit.com/r/Monero/comments/1hc1ozf/mrl_recommendation_ban_spy_node_ip_addresses_from/) and [this wonderful work from Rucknium](https://github.com/Rucknium/misc-research/blob/main/Monero-Peer-Subnet-Deduplication/pdf/monero-peer-subnet-deduplication.pdf). This PR was developed in close cooperation with @Rucknium who gave much valuable input and also actually checked that the new method improves things: The daemon connects to considerably less "spy nodes" with it. As I rewrote large parts of the `make_new_connection_from_peerlist` method, the diff with the old version of the method comes out quite confusing. Maybe for review hold the two full method sources side-by-side.

Topic		Replies	Views
Status of Network-level Privacy Efforts in Zcash Technology	60	6731	March 8, 2022
Is Monero’s anonymity Broken? Off Topic Lounge	5	1053	January 9, 2026
Coin Privacy Wars General	11	1758	July 13, 2017
Monero Vs Zcash - Privacy Coin Open Debate Thread • r/CryptoCurrencies General	17	2051	March 28, 2018
[DISCUSSION] How should we deal with attacks from Howard Chu and the rest of Monero community? General	65	5703	September 7, 2020

P2P-level attack on Dandelion++ on Monero and how to prevent it on Zec

Related topics