When I was architecting Intercoin, I ran into one problem over and over when it came to achieving a local consensus, as SAFE network sections do. That is, when a network starts up, it is usually quite small, and thus all the initial members of a consensus can be malicious. And one attack in particular can perpetuate the problem until it’s discovered later, but by that time it’s too late to have prevented it and you must deal with it in unpleasant ways.
I call if the #EarlyAttack and it goes like this: the section starts out with all colluding nodes. They actually have two or more forks of the consensus. As each vault enters the section, they share one version with some, and one version with another, always being careful not to let the two sides know about each other’s membership in the section. For all the new vault knows, it’s a member of a section of 8-22 vaults, but really it may be a larger section where the original founders continuously perpetuate conflicting histories arising from their #EarlyAttack.
In Intercoin, we came up against this because we let small communities start their own currency. For instance, when you spin up a cryptocurrency for a university, it may be secured by 5 computers in the whole university. They double-spend the currency early on, and as more computers join the consensus they get added to one fork or another, not knowing that there are more computers on the network running a conflicting fork.
The #EarlyAttack could allow double-spending early on. Eventually when the conflict is discovered, you have two safecoins or whatever that have been in circulation and as far as their holders are concerned, both are rightful owners. The kindest thing to do at that point is to let both parties keep their safecoins (essentially each has a fork of a safecoin) and inflate the community’s currency.
As the network grows, this will be less of a problem, provided that nodes have NO control over when new sections are formed or who their neighbors will be. But right at the beginning, a network may experience this problem.
That’s why I came up with the idea of watchers. When a community starts up, it needs more independent watchers from the outside to, at the very least, hold the list of WHO belongs to a section. In short, you need consensus about who belongs to a consensus. The idea is to have watchers prevent forks among the consensus participants, to hide forks among the files. And who watches the watchers? Each other - it’s just another consensus. But it’s a major layer to prevent #EarlyAttack in SMALL networks. And as the network grows, recipients of a coin may agree to have more and more watchers come from the local network, until they are relatively sure that there is no chance of an #EarlyAttack from within.