Reading about SafeNet I stumbled upon the blog unsafecoin. The author posts a lot of inflammatory posts about MaidSafe, but he also tries to write criticism of SafeNet’s consensus mechanism in a couple posts.
In the posts Proof of Ridiculousness and Node aging for centralized and immobile SAFEnet , the author basically claims that SafeNet’s consensus mechanism will not work or will only work if some kind of Proof of Work is added.
Has anyone looked at his arguments? I found some posts about the blog on the forums, but nothing directly addressing any of his points. Are they based on misunderstandings of how the network works or is any of his criticism valid? I don’t really know well enough how SafeNet’s consensus works at this point to tell, and while his writing style may be inflammatory, that in itself isn’t enough to dismiss his criticism.
More specifically some points from the blog posts
So – in theory – group members (nodes) would have to progress from the lowest Relay level up before they can participate in more important group tasks such as voting in group leader election.
I’m not a PoW expert, but what’s to prevent me to modify my (SafeNet) client to do exactly the opposite and that is to simply change the RelayNode algorithm and rebuild the client, so that the result is to stop using a Relay Node if it is (rather than isn’t) responding?
With such modified client one can easily and quickly find his rogue nodes (because they aren’t responding/relaying as they should) and help them get easily and quickly promoted to more advanced roles so that they can take control of the group at a later time. If anything, this “solution” actually makes it easier to overtake groups!
He then goes on to write about node aging
The outcome will be that an attacker or large participant in the network has an amount of work that must be carried out that is prohibitively expensive.
It’s not prohibitively anything, it just postpones the inevitable. A rogue node with 1MB vault takes almost zero resources and thousands can be set up and left idling until their status advances enough to be able to overtake a group which they dominate. The cost of grooming a 10,000 strong botnet like that is tiny (few hundred dollars per month).
The maths model of age based relocation is, as yet, incomplete, although it’s very difficult to imagine this does not significantly increase security, whilst also allowing nodes to accrue an age that allows them to store significant amounts of data (archive nodes).
In comments posted on the community forum, MaidSafers state that nodes that go offline will have to start from the lowest “status”.
There is no way for SafeNet to know which nodes are mobile, so mobile nodes (if they ever support them) would take a long time to join (due to the calculation that must be performed) and won’t be able to advance their status due to interruptions (due to power and/or signal loss).
And all clients from areas with unstable Internet connectivity will have the same problem, which guarantees centralization and fewer vaults (which probably makes it even easier to take over a group).
about resource proof
Based on a variant of Hashcash with the addition of the requirement to transfer an amount of data, this library does provide a “proof of work” like algorithm. This work requirement forces joining nodes to perform some calculation and data transfer. The expected use case is to require the work is done and data transferred within a time duration.
It should be clear to anyone that the both of these tests can be easily manipulated. (Start with the obvious: modify the source code to do trivial checks, or simply report a made up result).
But, how does it work?
This crate hopes to combine mechanisms that attempt to validate resources on remote machines. This validation though, is a spot check and also best effort. It is not guaranteed to be accurate over time and this consideration must be clear to users of the crate.
In other words, this is completely useless, but they’ll still spend resources on it.
The important point is that checking the proof is very fast and given enough difficulty, creating the proof is work intensive. This is a critical consideration that will mitigate some attack vectors on decentralised/p2p networks. It is by no means a security solution and should not be considered without continuous ongoing checks on a nodes “behaviour”.
The more important point is that SafeNet has no way of knowing whether the check has been tampered with.
Another important point is that they have no way of knowing of much RAM or flash cash a system has. If test datasets go up to 500M (which can be observed, but also learned from the source code), one has to create a 550M cache and can continue using the slowest HDDs out there.
Another important point is the CPU check program can be assigned a lot of resources while the rest of MaidSafe can be given minimal resources.