Anonymous Broadcast

Anonymous broadcast is the cryptographic problem of letting participants publish messages to a shared channel without revealing who sent which message — even to a network-layer adversary who can observe all traffic. It is the core R&D focus of Flashbots’ research agenda as of August 2025, motivated by the need for private mempool gossip and censorship-resistant block-building coordination. (→ NoConsensus.wtf 2025 — Overview)

Why Existing Privacy Tools Are Insufficient (Phil Daian / Flashbots)

Signal metadata is fully visible to the centralized Signal Foundation (US-registered, regulated): who you message, when, frequency, group membership, attachment sizes. “We kill people based off metadata alone” — General Michael Hayden, NSA. Signal is a communication-privacy tool that leaks communication metadata.

Tor (onion routing) is vulnerable to:

• Volunteer pool poisoning: the exit node pool is legally risky to run; it’s small and fragile. Carnegie Mellon spent ~$1M on an attack theorized to have deanonymized Silk Road.
• Global passive adversaries: anyone observing large portions of the internet can correlate entry/exit traffic via timing fingerprints.

Neither is adequate for crypto, where information = arbitrage opportunity and the stakes are financial, not just communicative.

The Goal: Unconditional Privacy (Phil Daian)

Unconditional (information-theoretic) privacy: security holds without any cryptographic hardness assumptions. Even computationally unbounded adversaries learn nothing. Achievable via DC-nets (Dining Cryptographers networks).

Phil Daian’s “troll hypothesis”: unconditional privacy is achievable in the blockchain context. Start here; relax assumptions only when forced, and justify each relaxation rigorously.

MEV as privacy demand: in blockchain systems, information is currency. Transaction contents reveal arbitrage opportunities; order flow patterns reveal trading strategies. The demand for privacy is financially quantifiable — not niche or adversarial.

DC-Nets: The Primitive

DC-nets (Chaum, 1988) achieve sender anonymity via pairwise shared secrets:

• Each participant XORs their message with a shared secret for every other participant.
• On a broadcast round, all participants post their XORed values; the XORs cancel, revealing the message without revealing the sender.
• Security is unconditional (information-theoretic): even if an adversary corrupts all but one participant, they learn nothing about who sent which message.

Limitation: bandwidth scales quadratically with participants. Classic DC-nets are impractical at network scale.

Modern DC-net architecture (client-server): a smaller set of servers (1-of-n must be honest) runs the XOR cancellation, reducing per-user bandwidth. But server-side bandwidth still scales with user count.

ZipNet: Practical DC-Nets via Aggregation (Fan Zhang / Yale)

ZipNet introduces untrusted aggregators between clients and servers to reduce server bandwidth:

1. Untrusted aggregators: form a tree structure above clients. Perform XOR aggregation locally. Not trusted for privacy — only for aggregation. Can all be corrupt without breaking anonymity.
2. Servers: strip the one-time pad after receiving aggregated traffic. Only 1-of-n must be honest.
3. TEE for disruption resistance: clients run inside TEEs to enforce scheduling (footprint scheduling — reserve next slot by embedding a tag in the current message). TEE is trusted for liveness only, not privacy. TEE failure is detectable: if channel is disrupted, you obtain cryptographic evidence.
4. Cover traffic is nearly free: sending a zero-content message costs only the scheduling tag.

Key trade-offs vs. mixnets: lower latency (no multi-hop), stronger unconditional anonymity, but bandwidth doesn’t scale to thousands of servers as gracefully as some other designs.

ADCNets: Flashbots’ In-Progress Design (Mark Simkin / Flashbots)

ADCNets builds on ZipNet’s architecture with a different point in the design space:

Building block — Secure Addition: each client secret-shares their message across n servers (sum of shares = original message). Servers each hold one share per user; corrupt subsets of servers learn nothing. Servers sum their shares and reveal sums; XOR reveals messages.

Slot-reservation-free anonymous broadcast via stacked invertible bloom filters (IBFs):

• Clients place messages in random positions in a large array.
• Collisions are resolved using multiple arrays of decreasing size — messages extracted by peeling known collisions across arrays.
• Stacked IBFs: only ~2n slots needed for n messages (near-optimal). Eliminates need for slot reservation protocol entirely.

Aggregator message authentication: ZipNet leaves aggregator outputs unauthenticated (clients authenticated, but the XOR’d aggregate isn’t). ADCNets adds lightweight authentication allowing servers to verify aggregator outputs are well-formed (not garbage injections). Uses sum-of-tags under independent keys.

Design trade-off vs. ZipNet: ADCNets is worse at very large server sets (bandwidth increases with server count) but avoids distributed key generation and distributed PRFs. Optimized for low-latency block-building context with a modest number of servers.

Where Anonymous Broadcast Applies in MEV (Phil Daian, dmarz)

1. Mempool transaction submission: even with TEE-based block builders, network-level metadata (IP, timing) leaks order flow. Anonymous broadcast hides sender identity at the P2P layer.
2. Builder-to-builder gossip: in distributed block building (BuilderNET), nodes gossip transactions to each other. A network observer can infer which builders are receiving which order flow. See Distributed Block Building.
3. Staker/validator communication: validators operating “in the clear” face implicit coercion even with inclusion list guarantees. Privacy enables freer speech about protocol behavior.

ECC2 Update: Metadata Privacy as the Core Problem (2025)

Multiple ECC2 speakers converged on the same framing Phil Daian introduced at NoConsensus: metadata is the harder problem than content.

Nym Network (Daniel Vasquez): The production deployment of metadata-resistant infrastructure:

• 700+ community-operated mix nodes
• Cover traffic injection defeats volume-pattern analysis
• Message timing obfuscation defeats timing correlation attacks
• New Nym RPC mode: route Ethereum wallet queries through the mix network, preventing IP-correlation between wallet addresses and users

Roger Dingledine (Tor): Tor’s limitations vs. mix networks explicitly acknowledged. Global passive adversaries can deanonymize Tor users via traffic analysis. The volunteer model is more resilient than profit-maximizing infrastructure, but insufficient against nation-state adversaries.

The metadata stack: See Metadata Privacy for the full layer-by-layer treatment.

Key insight: DC-nets (this page’s focus) are the information-theoretic gold standard; mix networks (Nym) are the deployed practical system. Both are necessary: mix networks for the global user base, DC-nets for the highest-stakes applications (mempool privacy, validator communication). Neither alone is sufficient.

Connections

• Distributed Block Building — Production requirements: ~500 nodes, ~4,000 TPS, motivates anonymous broadcast design constraints
• P2P Networking in Ethereum — RLNC interference alignment as a complementary anonymization technique
• Censorship Resistance in Consensus Protocols — Phil Daian argues inclusion lists are insufficient; anonymous broadcast is required for the full stack
• NoConsensus.wtf 2025 — Overview — Conference context
• Privacy as UX Design — Broader privacy design framing; unconditional privacy as a specific stance

Open Questions

• Can ADCNets reach the 4,000 TPS / 500-node target required for production BuilderNET deployment?
• Is the stacked IBF slot-reservation approach proven secure under adaptive adversaries?
• What is the right TEE trust model when the TEE is trusted for liveness but not privacy?
• Do incentivized mixnets (Nym, etc.) provide comparable guarantees at lower bandwidth cost, or do their assumptions undermine the anonymity model?