The Role of Dandelion Routing in “Breaking Mimblewimble’s Privacy Model”

What is Dandelion and how does it relate to this attack?

Dandelion is a routing protocol for cryptocurrency transactions designed to reduce the probability of a network observer linking a transaction to the sender’s IP address. Dandelion passes transactions along a randomized sequence of relay nodes (“stem phase”) before broadcasting (“fluff phase”), which hides the source IP address of a transaction’s sender.

What can we do about it?

Although sender-receiver linkability is not the problem Dandelion set out to solve, it is an important problem in its own right! We agree with Bogatyy that it is important to evaluate how we can solve this problem as well.

Concluding thoughts

Bogatyy’s post highlights an important point that is often overlooked: network privacy vulnerabilities can undermine privacy guarantees at the consensus layer. To the Grin (and Beam) developers’ credit, they acknowledged this point early on.


The authors would like to acknowledge valuable feedback and suggestions from a number of individuals, including Ivan Bogatyy, Claire Le Goues, Daniel Lehnberg, Quentin Le Sceller, Heather Miller, Antioch Peverell, and Justine Sherry.


[1] S.B. Venkatakrishnan, G. Fanti, P. Viswanath, “Dandelion: Redesigning the Bitcoin Network for Anonymity”, ACM Sigmetrics 2017.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Giulia Fanti

Giulia Fanti

CMU Electrical and Computer Engineering