With only 5% of the network acting as curious listeners, vanilla GossipSub lets an attacker correctly guess the message origin 35% of the time. That’s the baseline Ethereum validator exposure today. SPREAD cuts that to 22%—and does it while actually making message delivery faster.
The Deanonymization Problem That 6-Second Slots Make Worse
GossipSub’s randomized forwarding doesn’t hide the source. A validator’s direct peers consistently receive its messages first; deploy a few tens of listening nodes and you can map validators to IPs within a few epochs. Security researchers (Sharma, Heimbach, Rhea) have shown this concretely. The usual fix—Dandelion++’s random-walk phase—buys anonymity at a latency cost the Ethereum community already deemed infeasible for consensus. With EIP-7782 cutting slot times from 12 to 6 seconds, that budget shrinks further. SPREAD’s authors (Cardoso, Franco, Rodrigues at ETH Zurich) argue the old tradeoff is a false dilemma.
Intra-Cluster Random Walk, Inter-Cluster Stepping Stones
SPREAD partitions each node’s overlay neighbors into a cluster (the closest ~t% in a virtual coordinate space) and two remote sets. Intra-cluster propagation uses a cobra walk: a random walk with occasional branching, controlled by Bernoulli trials. Inter-cluster hops go only to “unobstructed” remote peers—those not hidden behind a closer stepping stone in the coordinate space. No global view needed; each node builds this locally from Vivaldi coordinates with Newton checks. The protocol is an opt-in extension to libp2p GossipSub, advertised via existing handshake fields, so mixed deployments work immediately.
Real Numbers on Anonymity and Stretch
All three protocols were run on the real go-libp2p-pubsub implementation over simnet, using a global Internet RTT dataset, with per-node bandwidth budget matched. At 20% curious nodes, GossipSub’s deanonymization accuracy hits 54%; Dandelion++ holds at ~20%; SPREAD sits at ~45%. But the performance gap is stark: at a stretch threshold of 3 (delivery time within 3× direct latency), SPREAD completes 90% of deliveries, GossipSub 83%, Dandelion++ only 50%. Mean stretch drops 23% vs GossipSub and 67% vs Dandelion++. Half of SPREAD’s deliveries land under 100 ms; GossipSub manages 40%, Dandelion++ 10%. That tail behavior matters when multi-step consensus protocols multiply each hop penalty.
SPREAD’s four parameters let operators slide along a continuum: lower fanout and branching push toward Dandelion++-like privacy, higher values toward GossipSub-like speed. The configuration tested targets a balanced point. The paper shows that tuning intra-cluster parameters dominates stretch, while inter-cluster probability acts mostly as an anonymity knob. This is the first proposal I’ve seen that improves both anonymity and efficiency over GossipSub simultaneously.
What This Enables
SPREAD is not a panacea—it raises the bar rather than eliminating deanonymization. But it solves the binding constraint that killed prior proposals: latency. With the implementation already in a PR against go-libp2p-pubsub and a draft spec in libp2p/specs, the path to deployment is unusually short for a research protocol. If Ethereum’s consensus layer absorbs this, the 6-second slot transition might not mean a privacy regression—it could mean a net gain.
Source: SPREAD: Extending GossipSub with Efficient Anonymous Dissemination
Domain: ethresear.ch
Comments load interactively on the live page.