Ethereum Researchers Warn Node Operators Can Be Deanonymized

Ethereum researchers claim to have developed a technique for deanonymizing Ethereum validators that could expose the IP address of more than 15% of the network’s node operators.

On Sept. 21, Privacy Problems in the P2P Network and What They Tell Us, a paper co-authored by five researchers, was published to the Ethresearch forum. The paper asserts that messages exchanged between nodes on the Ethereum network are vulnerable to deanonymization by nodes acting as “silent observer[s]” on the network, meaning that third parties may be able to identify the IP address of validators.

“Ethereum’s P2P network is what allows validators to exchange important messages like blocks and attestations, which keeps the blockchain running,” the paper said. “Our deanonymization technique is simple, cost-effective, and capable of identifying over 15% of Ethereum’s validators with only three days of data.”

The technique was enabled by observing Ethereum’s attestation mechanism, which splits validators across 64 committees, assigns particular validators as attestation aggregators, and organizes aggregators across 64 subnets. Each node subscribes to only two subnets by default and maintains a connection with at least one peer in each subnet, allowing the researchers to trace the messages of aggregators to begin deanonymizing nodes.

“By deploying our logging client across four nodes over a period of three days, we were able to deanonymize more than 15% of Ethereum’s validators in the P2P network,” the paper said. “Our nodes were located in Frankfurt (FR), Seoul (SO), Virginia (VA), and Zurich (ZH). By deploying a greater number of nodes and running the measurement for longer, we presume this figure would increase.”

The paper also acknowledges the existence of three other methods for deanonymizing Ethereum peers by observing P2P messages. In June 2020, researchers developed a deanonymizing technique that maps validators to peers by observing which peer first broadcasts a block. A second method was described in August 2022 that analyzes attestation arrival times, while a third process focusing on subnet subscriptions was published in June 2024.

However, the latest paper claims to achieve more precise results using less data and network connections.

Attacks and mitigations

The researchers warn that the technique could be used by an existing block proposer to launch attacks against the following block proposer in a bid to propose extra blocks and earn additional fees. The attack could be extended to continuously target upcoming blocks, threatening to halt the network in the unlikely event that more than one-third of block proposals are missed.

Still, the paper discusses multiple ways to protect against deanonymization. These include promoting private peering agreements, promoting the adoption of privacy protocols such as Tor and Dandelion among validators, keeping block producers anonymized until they propose blocks, and increasing the number of subnets validators are subscribed to.