Can a section perpetrate an #EarlyAttack?

When I was architecting Intercoin, I ran into one problem over and over when it came to achieving a local consensus, as SAFE network sections do. That is, when a network starts up, it is usually quite small, and thus all the initial members of a consensus can be malicious. And one attack in particular can perpetuate the problem until it’s discovered later, but by that time it’s too late to have prevented it and you must deal with it in unpleasant ways.

I call if the #EarlyAttack and it goes like this: the section starts out with all colluding nodes. They actually have two or more forks of the consensus. As each vault enters the section, they share one version with some, and one version with another, always being careful not to let the two sides know about each other’s membership in the section. For all the new vault knows, it’s a member of a section of 8-22 vaults, but really it may be a larger section where the original founders continuously perpetuate conflicting histories arising from their #EarlyAttack.

In Intercoin, we came up against this because we let small communities start their own currency. For instance, when you spin up a cryptocurrency for a university, it may be secured by 5 computers in the whole university. They double-spend the currency early on, and as more computers join the consensus they get added to one fork or another, not knowing that there are more computers on the network running a conflicting fork.

The #EarlyAttack could allow double-spending early on. Eventually when the conflict is discovered, you have two safecoins or whatever that have been in circulation and as far as their holders are concerned, both are rightful owners. The kindest thing to do at that point is to let both parties keep their safecoins (essentially each has a fork of a safecoin) and inflate the community’s currency.

As the network grows, this will be less of a problem, provided that nodes have NO control over when new sections are formed or who their neighbors will be. But right at the beginning, a network may experience this problem.

That’s why I came up with the idea of watchers. When a community starts up, it needs more independent watchers from the outside to, at the very least, hold the list of WHO belongs to a section. In short, you need consensus about who belongs to a consensus. The idea is to have watchers prevent forks among the consensus participants, to hide forks among the files. And who watches the watchers? Each other - it’s just another consensus. But it’s a major layer to prevent #EarlyAttack in SMALL networks. And as the network grows, recipients of a coin may agree to have more and more watchers come from the local network, until they are relatively sure that there is no chance of an #EarlyAttack from within.

The way Ripple deals with this is to have a centralized list of all participants in their consensus, called the UNL (Unique Node List). It is published and cryptographically signed by Ripple Inc.

The reason that works is because Ripple is a central authority on who is a member of the consensus. And by publishing things on the Interney, it can’t reasonably fork that UNL list, telling half the internet one thing and half the internet another list.

However, in a SMALL network, as SAFE network has, this can’t be the solution. Here, we must replace Ripple and UNL with a consensus of outside watchers (per section) who agree on who is in a section.

So at this point your nodes are the network. And as you say can do as they please.

Why would others join your network?? Without answering this your network will lead a lonely life

But I do understand what you are saying, but feel that this question of why people woud join is important to your nodes gaining anything.

Well in SAFE this would not be the case unless you deliberately took the approach of not using SAFE’s security and had specific computers to act this way. The better way on SAFE is to have the security of SAFE to work with a “alt” currency and be secured by the global network.

I can see with SAFE that if someone ran up their own isolated SAFE network with the same network ID and “earned” coin on that isolated network then joined SAFE. Then we would see a couple of things when the isolated network joined SAFE

  1. The isolated network tries to join and the SAFE network sections don’t have any knowledge (ever) of the isolated network’s nodes or sections and thus force the nodes to individually rejoin (restart from babies) and thus all the data from the isolated network will be lost.
  2. If the isolated network was made up from nodes that were on the SAFE network but you isolated them then the results could be varied. Maybe the nodes could rejoin, but since the section structure is now different they would most likely be reassigned to new sections and since their data is unknown to anything it would likely be rejected. I do not know if it would even be possible to have their new data accepted by the SAFE network.

As to SAFEcoin in the isolated network it too would be wiped out since the coin is data objects and suffer the same fate as the rest of the data.

With SAFE, the coins are actual data objects with their own unique address and thus you cannot have two coin circulating on the one network. Your dual minded network maybe able to have this but we come back to why would anyone join that network? And the two coins can never be transacted on the other network and thus exchanges only take the real coin and thus people can only buy/sell for $$$ the real coin and the fake one would be lonely only able to dup some. But of course this assumes you were able to dup the world into believing your network was the real global SAFE network.

From your previous discussion these are on top of the network and so how can they help. All they can do is say something is wrong. But they cannot know who is right because when something is wrong then history has or has not been rewritten and the watchers could be reporting the wrong side. What about malicious watchers??? The network must be able to secure data or else we have a insecure network and no amount of watchers can fix that and so we all go home at that point. Watchers solve nothing. People will know if their safecoin balance is dropping and they are then able to raise the alarm.

If you were to write the code such that watchers can “reverse” actions then you need watchers over those watchers to ensure malicious watchers were not manipulating things. And/or watchers over the watchers to ensure the right version of history was being used. But you cannot be sure those watchers were seeing the right version of history since the underlying data being compromised can be made to say anything. So then you data stored off SAFE to help and we lose the autonomous network and it becomes a managed one.

Now as to why I ask why anyone would join your network?

The initial network will be run up with 100’s to 1000’s of nodes run by Maidsafe using the opensourced code base and people will be joining that network. So yes we have to trust them, but they have so much more (100 times more) to lose by malicious nodes in their initial network.

Then others join it and we will be running a "“release candidate” version of the network which will be tested for a quite a while before declaring it viable. There will be coins being earned and spent but these are “test” safecoins.

Only after it is shown to be correct would the network test coins become real coins and the 1:1 swap of MAID to SAFEcoin occur.

You want us to give up the idea of an autonomous network, roll back the advantages and be less innovative like a crypto network. Rather than being an autonomous network with many innovative features that no others have. The autonomous network is a huge feature that helps to prevent censorship and control of the data (which is a core design goal)

SAFE is not a crypto coin project. It is not crypto!!! It is a new network for the global population and is being designed to prevent any silencing of people by those in control, from the network being able to control data distribution to the peoples of the world.

Those in control are “called the UNL (Unique Node List). It is published and cryptographically signed by Ripple Inc.”

SAFE is about NO ONE being able to shut it down. The only way to shut it down is the southpark defense and that is no one look at it (use it). Not even Maidsafe can shut it down or have any control over the network.

Just to be clear, I mean that whenever a new section starts, including right at the beginning, ALL of the vaults in that section (and only that section) may be malicious. They would behave well except they would not tell the vaults JOINING that section about all the other vaults in that section. They would have a section in the actual network that has two different forks… until someone finally finds out some way.

How would the new vaults know everyone in the section unless other members of THE SECTION tell them? My answer is called watchers.

“So yes we have to trust them, but they have so much more (100 times more) to lose by malicious nodes in their initial network.”

Yes and so does everyone relying on them. And yet the malicious nodes may be able to buy quite a few things with “counterfeit” money before the dupes are found out.

You cannot start a new section! Only the network can run up a new section. Even at the start. At the start a node is run up then another and then another and they form a section and they decide when a new section is started using nodes from the first section.

Maybe learning more about the network would allow you to suggest better ways to attack the network.

“You want us to give up the idea of an autonomous network, roll back the advantages and be less innovative like a crypto network.”

Absolutely not. I am a big flag waving fan of what the SAFE network is doing, and I think it will revolutionize not just data storage but far more. Personally I am eager to build an app layer on top of it for permissionless messaging and group activities which are known only to the participants. I want to build governance systems inside self-selecting groups on top of it, free from outside control.

I am just ALSO evaluating the SAFE platform technology (like Kademlia trees and close consensus) as a basis for our cryptocurrency, Intercoin. And I wanted to share the pitfalls that I have encountered implementing an architecture for crypto. At the end of the day, the only way you can have a totally anonymous network hosting data without huge misallocation of resources is to have a currency pay for things. And when you have a crypto-currency, you have to solve the double-spend problem. That’s really where all the problems come from. It’s a hard problem to solve because there is an incentive to buy stuff for free.

However one of the things I love about SAFE is that as the network gets bigger, the proportion of the files and currency that any one section can compromise gets smaller. So this at the end of the day may be the killer argument to any sort of drawbacks to relying totally on consensus. Yes there are certain attacks but they are necessarily very limited in scope.

But you are by reintroducing watchers to solve the consensus. SAFE solved the consensus issues you mentioned by their own innovative ideas and solved the need for people controlled nodes to secure the network.

“You cannot start a new section!”

How is the network bootstrapped in the beginning?

I didn’t say a particular node can CHOOSE to start a new section later. I am only talking about the original members of some sections.

I have read quite a bit before commenting, but certainly not everything. Since sections contain 8-22 nodes then obviously new sections do start as more vaults join. They start by splitting off from other sections. Now when new vaults A and B join, my main question was, can they fork and pretend to A that B isn’t in the section and vice versa?

see this part of my post

By starting the network with known nodes (which will be removed when network is large) And the expected massive addition of nodes by users, then the problem of malicious nodes is reduced. Then by testing for months as the network grows means we can have confidence that your malicious attack is not happening.

1 Like

Fair enough, I buy that.

And I think that is more than sufficient to have more confidence in SAFEcoin than most cryptos.

It’s too bad that this solution doesn’t help if each community wants to start its own, disconnected network that is small but works without the Internet. That’s kind of our vision and ethos. But yes the larger the network is the SAFER it is :slight_smile: And SAFE will be one large autonomous network, that unlike Bitcoin and so on is not at all monolithic but horizontally partitioned. So it will indeed be very safe.

@neo by the way, I want to emphasise: I’m not here to rag on SAFEnetwork. On the contrary it’s an amazing project that I would like to see launched, and I’m interested to seee if I can help it reach greater adoption and/or funding. In another thread, I mentioned that I would like to build a mobile browser that people use to access it, and introduce it to our own user base — our apps have been downloaded by 5 million people in 110 countries.

I gathered that. We need to have all the attack vectors explored and don’t take me attacking your attack as anything more than trying to provoke further exploration.

I would expect a community would have some communications with each other before the network and then they could run up enough nodes to kick start a reasonably secure system. People should be able to run a number of nodes on each PC if the network is expected to initially hold small amounts of data. Maybe 20 nodes for each PC till the network is larger. So if 20 of the community start their network with 10 nodes each then its 200 strong before telling others the network ID.

Yes this is one of the design assumptions, that is the network is still considered small with 10000’s of nodes.