bitcoincore development – What is the trade-off between confidentiality and the complexity of Dandelion's implementation (BIP156)

In my opinion, the main details of the implementation to be developed with Dandelion
make sure there are no new DoS vectors introduced.

In the existing Bitcoin Core transaction relay model, the transactions that
do not do in mempool of a node – a proxy for what we expect to be
(possibly) mined – do not be relayed to other nodes.

In the Dandelion protocol, transactions are relayed (in the stem phase) before
to acceptance in mempool of a node. As a result, there is a potential for denial of service
vectors if transactions can be systematically relayed via Dandelion but
ultimately not be accepted to mempool from any node – this could either introduce
DoS bandwidth, where the bandwidth of the Bitcoin network is used or wasted
relaying ultimately useless data; or a DoS of processor depletion, if
expensive transactions to validate can be relayed without being finally
mine. [In general, the only way attackers “pay” for the network’s resources
they consume when relaying is via the transaction fee in their transactions; if
attackers can generate transactions that do not ultimately get mined, then any
side effects of the relay — such as validation cost and bandwidth used — can
be achieved for free since those transaction fees are never actually paid,
which typically implies that the network’s resources could be utilized entirely
(since it would be costless for an attacker to ramp up usage).]

It turns out that – in a naive implementation of dandelion – it would not be
very difficult to generate transactions that would spread in the stem phase
but never be accepted at the mempool (at very low cost). This is largely a
consequence of the complexity of the acceptance logic of mempool, and seems
particularly inevitable given the mempool anti-DoS limits.

Existing mempool acceptance logic attempts to prevent or limit the effect
of these types of DoS attacks. Transactions do not have their signatures
checked until shortly before the acceptance of mempool, after any other transaction
the rules of strategy were respected in order to avoid the attacks of exhaustion of the processor. Prevent
bandwidth attacks are more involved:

  • transactions are only relayed after being accepted by our own mempool

  • if our mempool fills up (data structure limited by memory), then we can
    expel transactions that are not fierce to make way for new transactions, but new ones
    transactions are subject to higher minimum relay fees designed to compensate / pay
    relay fees for transactions that have been expelled from the
    mempool (and will not be mined until they restart).

In short, there is a bit of complexity in the logic of accepting mempool for
prevent DoS. So, in my opinion, the questions relating to the implementation of Dandelion are as follows:

(a) Do we need something as complex as the current logic of mempool for
to avoid DoS vectors with Dandelion, or can we do something simpler?

(b) Are there acceptable modifications to the dandelion protocol that
simplify DoS analysis and enable simpler implementation while maintaining
provide a significant increase in privacy to the network? As an example: would it be
be acceptable to implement Dandelion so that in denial of service scenarios we
to fall back on the current relay model?

(c) If we do not have simpler solutions that work, is it worth it to be implemented?
it's apparent to the current logic of mempool (called "stempool" in some of the
discussions) to introduce Dandelion into Bitcoin Core? Is the code
is complexity worth the benefit that Dandelion would confer in terms of confidentiality? While
The improvement of the confidentiality on the network is obviously a good thing, the confidentiality
The benefits of dandelion are limited, is this the kind of thing that is worth it
spend a lot of energy to implement and maintain, or should we focus our
mental energy elsewhere?