Source linked

SPREAD تقليل إزعاج GossipSub بنسبة 35٪ في حين تحسين في الواقع التوقف

يرفع توسيع GossipSub الجديد من الباحثين في ETH Zürich الحدود ضد إلغاء الهوية المرسلة، وفي الوقت نفسه يقلل من الارتفاع المتوسط بنسبة 23٪ مقارنة مع GossipSub الفانيلا، مع تطبيق يعمل على...

gossipsubspreadethereumlibp2panonymous disseminationethresearch

With only 5% of the network acting as curious listeners, vanilla GossipSub lets an attacker correctly guess the message origin 35% of the time. That’s the baseline Ethereum validator exposure today. SPREAD cuts that to 22%—and does it while actually making message delivery faster.

The Deanonymization Problem That 6-Second Slots Make Worse

GossipSub’s randomized forwarding doesn’t hide the source. A validator’s direct peers consistently receive its messages first; deploy a few tens of listening nodes and you can map validators to IPs within a few epochs. Security researchers (Sharma, Heimbach, Rhea) have shown this concretely. The usual fix—Dandelion++’s random-walk phase—buys anonymity at a latency cost the Ethereum community already deemed infeasible for consensus. With EIP-7782 cutting slot times from 12 to 6 seconds, that budget shrinks further. SPREAD’s authors (Cardoso, Franco, Rodrigues at ETH Zurich) argue the old tradeoff is a false dilemma.

Intra-Cluster Random Walk, Inter-Cluster Stepping Stones

SPREAD partitions each node’s overlay neighbors into a cluster (the closest ~t% in a virtual coordinate space) and two remote sets. Intra-cluster propagation uses a cobra walk: a random walk with occasional branching, controlled by Bernoulli trials. Inter-cluster hops go only to “unobstructed” remote peers—those not hidden behind a closer stepping stone in the coordinate space. No global view needed; each node builds this locally from Vivaldi coordinates with Newton checks. The protocol is an opt-in extension to libp2p GossipSub, advertised via existing handshake fields, so mixed deployments work immediately.

Real Numbers on Anonymity and Stretch

All three protocols were run on the real go-libp2p-pubsub implementation over simnet, using a global Internet RTT dataset, with per-node bandwidth budget matched. At 20% curious nodes, GossipSub’s deanonymization accuracy hits 54%; Dandelion++ holds at ~20%; SPREAD sits at ~45%. But the performance gap is stark: at a stretch threshold of 3 (delivery time within 3× direct latency), SPREAD completes 90% of deliveries, GossipSub 83%, Dandelion++ only 50%. Mean stretch drops 23% vs GossipSub and 67% vs Dandelion++. Half of SPREAD’s deliveries land under 100 ms; GossipSub manages 40%, Dandelion++ 10%. That tail behavior matters when multi-step consensus protocols multiply each hop penalty.

SPREAD’s four parameters let operators slide along a continuum: lower fanout and branching push toward Dandelion++-like privacy, higher values toward GossipSub-like speed. The configuration tested targets a balanced point. The paper shows that tuning intra-cluster parameters dominates stretch, while inter-cluster probability acts mostly as an anonymity knob. This is the first proposal I’ve seen that improves both anonymity and efficiency over GossipSub simultaneously.

What This Enables

SPREAD is not a panacea—it raises the bar rather than eliminating deanonymization. But it solves the binding constraint that killed prior proposals: latency. With the implementation already in a PR against go-libp2p-pubsub and a draft spec in libp2p/specs, the path to deployment is unusually short for a research protocol. If Ethereum’s consensus layer absorbs this, the 6-second slot transition might not mean a privacy regression—it could mean a net gain.


Source: SPREAD: Extending GossipSub with Efficient Anonymous Dissemination
Domain: ethresear.ch

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.