Dandelion++ & Network Privacy

Monero's three on-chain pillars — stealth addresses, ring signatures, and RingCT — hide what is written into the blockchain. But there is another place privacy can leak that has nothing to do with the ledger: the network. When your wallet first announces a transaction, the way it spreads between nodes can hint at which computer it started from. Monero defends this layer with a clever propagation method called Dandelion++. In this lesson you will learn what network-level privacy is and why it matters.

Why On-Chain Privacy Isn't Enough

The three core technologies protect the contents of a transaction:

• Stealth addresses hide the receiver.
• Ring signatures hide the sender.
• RingCT hides the amount.

But none of them hides where the transaction physically entered the network. Transactions flood across the peer-to-peer network from node to node. A well-funded observer running many nodes could watch where a transaction first appears and which node spread it most aggressively, then guess that this node is close to — or is — the sender. Linking a transaction to an IP address is a serious deanonymization risk, even when the on-chain data is perfectly private.

How Ordinary Gossip Leaks the Source

Normally, a node that learns of a new transaction shouts it to all its peers at once, who shout to all of theirs, and so on. This "diffusion" spreads transactions quickly, but the symmetric, fast burst of traffic makes the origin node statistically easier to pinpoint by an adversary triangulating the timing of first appearances.

Dandelion++: Stem Then Fluff

Dandelion++ breaks propagation into two phases, named after the parts of a dandelion plant:

1. Stem phase — the transaction is passed quietly along a single, random chain of nodes, one hop to the next, like a stem. During this phase it is not broadcast widely, so it is hard to tell where it began.
2. Fluff phase — at a random point, one node switches to normal diffusion and the transaction blooms outward to the whole network at once.

By the time the transaction "fluffs" into the open, it has already traveled an unknown number of stem hops away from its true origin. An observer who first sees it during the fluff phase sees a node that is almost certainly not the real sender. The link between the transaction and the originating node — and therefore its IP — is obscured.

Network Privacy Is a Layer, Not a Replacement

Dandelion++ specifically protects the moment of broadcast. It does not replace the on-chain protections, and it is not a substitute for hiding your IP from the node you connect to in the first place. Two complementary defenses go further:

• Running your own node so your wallet does not reveal your transactions to someone else's server.
• Routing your traffic over Tor, as covered in Connecting Over Tor, so your real IP is hidden end to end.

Think of privacy as a stack: the chain hides what the transaction says, Dandelion++ hides where it entered, and Tor hides who you are at the network level. We dig into the bigger picture in Network Privacy with Tor and I2P.

What This Means for You

The good news is that Dandelion++ works automatically and invisibly — you do not configure anything. Every transaction you send already benefits from it. Your job is to layer the protections you control on top: choose your node wisely and consider Tor, especially if hiding your network identity matters for your threat model.

You can find more in the official documentation at Moneropedia.

Dandelion++ is the quiet guardian of Monero's network layer, scattering the trail of where a transaction was born before it blooms across the world. It is a reminder that real privacy lives in layers. Next, let's follow what happens after broadcast, when your transaction lands in a block and starts collecting confirmations and locks.