Author: @Álvaro Castro-Castilla

The general idea is to approach the protocol design as if we had infinite bandwidth for privacy. From there, ways to bring down network usage to practical levels can be designed, making use of our knowledge of network deanonymization to achieve adequate tradeoffs.

Objective

This design is focused on solving the one central problem of our privacy concerns: hiding who is the leader.

Contrary to previous approaches that are designed for generic and unpredictable traffic (such as Loopix), this attempts to use the following unique characteristics:

• Traffic is known and predictable. There is a single message type, of predictable size, that needs to be protected.
• It's relatively low-latency (no real-time), total delays can be stretched even >20s.
• The amount of data whose origin must be hidden is extremely small: just a proof and a block reference.

This design adheres to the requirements described here.

Threat model

We start from the point of view that the GPA (Global Passive Adversary) is not a good model for real world scenarios [See P. Syverson, “Why I’m Not an Entropist,” in Security Protocols XVII, 2013]. Instead, we consider an ad-hoc thread model that to the best of my knowledge is not yet formally defined (I would appreciate any help with defining it formally):

• It's weaker than the GPA: no single entity controls all the Autonomous Zones in the Internet. We believe that, unless we fall onto a global pseudo-democratic dictatorship, this won't be the case, and there will be AZs outside of the control of the Five Eyes or similar transnational organizations.
• It's stronger than the GPA: at the same time, certain AZs and service providers posses active manipulation abilities, like intentional message dropping and delaying. Current observers have must stronger abilities than a passive observer.

Protocol

1. Mempool

• All txs can be identified by their hash (32 bytes)
• All blobs as well

2. Block building

• Key point: block building and block selection are separate processes. Block building is distributed, while block selection is done by the leader.
• This attempts to solve the tagging attack, while minimizing the amount of data that needs to be made private to just a proof and a block reference (as seen below).