This post follows on from the simulation in Explaining group splits and merges
A ‘google attack’ is when a large company (such as google) owns a significant portion of the vaults on the network. This attack may have a few different effects:
- Control of consensus for sections
- Network disruption via churn during simultaneous exodus
This post explores the first point, where consensus over sections can be exploited.
The table below shows the results of a simulated google attack on a network of 100K nodes. If the attacker controls more than 62.5% (5/8) of the vaults in a section, the section is considered successfully attacked (see caveats below).
- before - how many vaults are in the network before the attack
- after - how many vaults are in the network after the attack
- sections - the total number of sections in the network after the attack
- attacked - the number of sections in the network that are controlled by the attacker
- percent - the percentage of sections controlled by the attacker in the whole network
Before After Sections Attacked Percent 100K 110K 7120 0 0.00 100K 120K 7507 1 0.01 100K 130K 7908 9 0.11 100K 140K 8316 26 0.31 100K 150K 8766 80 0.91 100K 200K 11905 1969 16.54 100K 300K 17468 11536 66.04 100K 400K 23809 20920 87.87
This simulation does not consider node ageing, where only the oldest vaults contribute to quorum. On one hand this makes the attack significantly less meaningful, but on the other hand if the vaults are left long enough then statistically it’s almost the same result in the long run.
This does not factor in any cost of the attack, nor any benefit of the attack, which is a crucial factor.
This assumes the attacker is malicious, when most likely an attacker doing the google attack would be benign (eg intern starting a lot of ‘vanilla’ vaults without their boss knowing).
The google attack ignores other large participants. If other large participants simultaneously attempt to perform this kind of attack the proportion of the network under control of any one entity is greatly reduced and the ‘attack’ merely becomes ‘participation’.
This simulation does not differentiate between the various degrees of control of the vault. For example, many vaults may be run by many individuals on Amazon Web Services. This means the degree of collaboration is low so group consensus is not affected, but if the datacenter fails then it may look like the network is experiencing a google attack.