Blockchain-jaded

Catching up on blockchain news and podcasts and junk tonight since I just found out I’m off work tomorrow, and I can’t help but think at most of what I’m hearing:

But with the SAFE Network, that wouldn’t even be a problem in the first place.

Am I getting blockchain-jaded?!?!

  • Privacy/anonymity (blacklists are just the first public exploit of dragnet surveillance)
  • block propogation speed vs miner decentralization - a.k.a blocksize (ha!)
  • Decision-making process (did someone say vault ratings?)
  • Human-readable addresses (Y’all know I want perfect, but perfect is the enemy of good, at least we have something right now)
  • Instant confirmations w/o double-spend threat (ha!)
  • Incentivize honest full nodes (double ha!)
  • Segregated Witness drops security for space (ugh…)
1 Like

The list compares practice vs. theory.
Graveyards (and hospitals) are full of coins that promised and couldn’t deliver.

I’m not predicting anything this way or another, just saying it’s way too early to compare systems that have been functioning for years vs. systems that haven’t entered production.
Ethereum had a similar (if not longer) list of things they were going to solve. Now they’re running PoW.

But the problems are all inherently blockchain based. I’m still trying to figure out what issues blockchains solve that the Network wavers on.

To hazard a glimpse into my thought process, I see blockchains as very useful to industries that need to be transparent:

  • Banking
  • Insurance
  • Voting (to a degree)

And many others, but self-contained industries. The Network I see as more valuable to end-users.

Anyways, that’s the generalization that I keep ending up at.

1 Like

Blockchain problems are blockchain based, that’s for sure.

Which decentralized network doesn’t need to be transparent? Your local coffee shop doesn’t need to be transparent (unless you care if they buy coffee from “sustainable” suppliers), your local bar doesn’t need to be transparent. But if you’re (for example) buying knock-off meds, you’d probably like to know what corners have been cut (or not) in making your knock-off pills.

I don’t see how in any network participants nodes aren’t end users. They’re participating for some reason, otherwise they wouldn’t be on the network. Hence, they’re all end users.

No approach except PoW blockchains has proven to achieve anything close to self-sustaining existence (Bitcoin hasn’t either, but it’s close IMO). Maybe the SAFE network can accomplish that, but until that happens it is premature to claim there’s a better way.

The consensus algo of Maidsafe (those “groups”) is a good place to attack the SAFE network. Not saying such attacks will work, but that’d be a nice place to give it a shot. I don’t know how to calculate the odds of success, but I’d like to know how many bot nodes would one need to accomplish the following Sybil attack, assuming a 5000 node strong SAFE network:

  1. Join the network
  2. Signal to the rest of the botnet you’re in group X
  3. If your group doesn’t contain enough (I don’t know how many is that) nodes to mess up the group, leave the network
  4. Keep repeating 1-3 until you happen to strike gold

Even if you need a 20,000 strong botnet, those are inexpensive. Let’s say it costs you $2,000/hour (I’m pretty sure it’s less than that) and if you need 48 hours for this attack to succeed, it’d cost you less than $100K in software and “services” to harm the network. This is just a bunch of assumptions, and I’m sure we’ll see comments like “we don’t know yet how it’s gonna work so it’s just wild guessing”, so before that happens, here’s the official opinion:

To circumvent this, the attacker would require the ability to surround specific Vaults in the SAFE Network. This cannot be achieved, as it would require being able to effectively generate different values which, when hashed with SHA-512, result in close hashes around one particular point.

(Source: here).

Cannot be achieved, huh!

So if you need to surround every vault by 3 botnet vaults, how many botnet vaults do you need? If you keep rejoining as described above, you probably need considerably fewer. And the best time (lowest cost) to attack will be early on when the network has fewer nodes.

Given that the chance of success is a mathematical certainty, then it becomes just a matter of cost/benefit analysis. If it costs you $5,000,000 to destroy a $6,000,000 network, you likely win.

Of course the same is possible with Bitcoin, but it hasn’t been done and maybe that’s because by the time the opportunity became obvious, the network was worth 50-100 million bucks and outside of reach of common criminals. Now in all likelihood only high-end criminals (such as the US government) can afford to attack Bitcoin. So although the both networks are prone to Sybil attacks, I think SAFE is going to be at significant risk at the outset and maybe for many months, and after 5+ years of crypto craze low-end malicious actors are many.

1 Like

I guess that’s why there’s so much push for critical mass adoption of the Network - even though it hasn’t even been launched yet. sigh

Good analysis. I’m still working on your post-exploitation rationale, but the initial breach scenario seems relatively plausible on a young Network.

1 Like

The problem as I see it is that if you don’t have a transparent blockchain, you wind up trusting a black box…

It may be a perfectly well functioning black box, but there isn’t a really good way to know… We are trusting the nodes to run the code that we expect them to run. There isn’t a great way to audit what you are not allowed to know…

2 Likes

In what type of system are the nodes that you are referencing operating in?

Blockchainless, he implied

1 Like

I’m struggling to rationalize that statement to not take that as a direct criticism of the Network then.

For instance, that directly applies to Safecoin - there is no blockchain, and the safecoin trail/generation cannot be audited.

Does this criticism only apply to PoW schemes?

Because PoW needs to be audited given the entire blockchain.

But then is there a viable way to audit PoR?

Of course the same is possible with Bitcoin, but it hasn’t been done and maybe that’s because by the time the opportunity

Actually, it has happened many times in the past. The miners surpass the 51 percent, and thereby have the power to destroy the network. It is also possible to double spend once they achieve that power. There were a lot of threads telling miners to diverse to prevent this. It can happen again but this time, it will be between the big three miners, and probably will end bitcoin legacy. But the point is, the hashing calculation was design to prevent botnets. So he implemented sha-256 which requires at the time, processors and then graphic cards. And now asics. As hashing power multiplies, it has become so difficult for the botnets to attack. This is a great way to prevent sybil attacks.

You are right that botnet can achieve pretty easy, especially if the client is able to run on processors. What about having a unique client that does more computing power that processors cannot handle. Every 8th node in the cluster must operate a graphic card, (and asic?) so it can calculate the validity of the each client by hashing. Every cluster must have 4 graphic card users. Each client is connected to one of the 4 graphic card trustee. Clients are like blocks. It needs to be broken to be understood. It forces the botnet to use graphic cards so it will cost more to commit an attack.

I dunno, I am just rambling here.

Edited: Oh wow.

http://systemdocs.maidsafe.net/content/en/attacks/birthday_paradoxsybil_attack.html

The SAFE Network requires all requests be processed by at least two groups of Vaults. A SAFE Network client passes a request to its 4 Data managers, who verify the request based on the client’s signature. The request is then passed to a deterministically selected group of 4 other Vaults which also verify the request based on its signature.

By deterministically selecting the second group of Data managers, this attack no longer holds true for the SAFE Network, since it is not possible for the attacker to gain control over a Vault by simply surrounding it.

To circumvent this, the attacker would require the ability to surround specific Vaults in the SAFE Network. This cannot be achieved, as it would require being able to effectively generate different values which, when hashed with SHA-512, result in close hashes around one particular point.

1 Like

Laugh out freakin’ loud.

1 Like

A client (vault) can’t know whether there are other clients on the networks (say, running out of different VMs), unless it probes other servers around the network, which would be a very bad idea.

Couldn’t Maidsafe start the network off private with all vaults/clients being bannable, giving the company the ability to boot off malicious actors, until the network had grown enough that it could survive in the wild?

That…just…no. Even “just in the beginning”, no.