Using this method, we can get the following benefits:
-
Sniffer nodes lose advantage in determining the true output of a transaction.
-
Refuse to add transactions to the dandelion phase 1 process without critically compromising privacy. This helps prevent a denial of service attack.
Current implementation (taken from here Transaction graph obfuscation · BeamMW/beam Wiki · GitHub):
-
The transaction is sent via the Dandelion++ protocol
-
During a peer-to-peer transfer, a transaction can be combined with other transactions and dummy UTXOs. (dummy UTXOs are zero incoming and outgoing UTXOs)
Known attacks:
-
Sniffer nodes are likely to be in the path of a transaction in Dandelion phase 1 before it is merged with another transaction or dummy UTXOs. A link will be established between the input and output UTXO.
-
Denial of Service attack is implemented by combining several transactions in the 1st phase of the dandelion, if one of these transactions will have common inputs with any other transaction with a larger fee. The miner will choose where more.
Alternative implementation:
-
When creating a transaction, the recipient immediately generates several decoys of output UTXOs. (no one except the receiver knows where the true output UTXO is, this is hidden even from the sender)
-
During peer-to-peer transmission, the transaction is padded with zero input UTXOs.
In this implementation, we can strictly set the degree of uncertainty ourselves, regardless of the presence of a sniffer node.
Why merge transactions in dandelion phase 1?
In my opinion the main reason is to save the block size as less lures are needed. But this implementation assumes that in order to protect against sniffer nodes, when creating a transaction, the recipient immediately generates several dummy output UTXOs. Therefore, there will be no space savings in the block from merging transactions. The failure to merge transactions in dandelion phase 1 makes it possible to prevent a denial of service attack from being carried out.
Comments and suggestions are welcome.