Consensus 28/32 or 8/8?


The vote is not blind for bad nodes because they are controlled by the same attacker. They can automatically base their vote on whether or not they are less than 5 in the group (e.g. vote Yes if <5 and vote No otherwise).


How do they know if the five are in the same group? I don’t think the network tells them. I could be wrong.


I think that the nodes composing the close group of a vault is stored in the nodes_in_table variable of the Vault structure. It is a vector containing the name of each of the nodes in the close group, except the first one which is the name of the vault itself.

The attacker can get all these names from the nodes he controls and discover which nodes belong to the same group.

But I am not sure of all that because I lightly studied the code. Members of the MaidSafe team would be more competent to confirm if all that is correct.


Thanks for the explanation, like always I better understand be doing it myself. I’m an autodidact person. That’s why I have hard time to understand other. But your presentation was help full to me to get me to the right way to learn how it work. And I fully understand how it work now. Thanks to you. But I did not learn the same thing as you tough. I tried with excel and unfortunately the COMBIN function did not support big number on my side. It return #NUM error in my cells after some big number. Small number work though. So now I’ll try to program it myself in C# and generate a list of result to really prove the real probability of attack. I hope to be able to do this shortly, maybe in 1 to 3 days I hope.


That’s why we need 28/32 so that you can hardly control a whole 1 group without getting pushed out by the rest of the groups as bad nodes.


Finally I have done it. I was not able to sleep and it was quicker than I though. But the result is really rewarding and I learn a lot.

Well the presentation is not so fancy. But you can click on any image to access it at full size.

The two first image is a proof that the formula is good. Which have to total 1. Which it’s normal.

Next it’s a sample with all data. To show a little how I made it.

Now the real probability come. The last value it’s the probability and if it’s 1 that’s mean it’s 50/50 chance to happen.
Here is the 28/32 Quorum. Notice at 65% (6500 / 10000) there more than a half chance to be able to control one or more group.

Here is the 7/8. Notice how much more dangerous it is to have least node in a group.

And the last one 8/8. Very dangerous too compared to 28/32.

The conclusion. 28/32 is a lot more better than 7/8 and 8/8 in any way. Maybe thinking about a 56/64 should again be better. Don’t know I didn’t try.


How about 280/320? Or 28000/32000?
If one asks himself these questions, answer presents itself.


I was joking and you like joking. If you are serious about it, ouf! We have to wait a long time for the network get so much big before we reach that goal.


But you have to admit that it’d be fun to setup 40-50 SAFE VMs and put them on a continuous reboot cycle!


Without the reboot I tried with 64 nodes in my machine. Only to upload the web page(the example that was released recently) took me hours to process, use 65 GB of memory (Lucky I have a SSD for cache) to finally end to an unknown stat and stuck there.


Awesome, that is the outcome I was hoping for!
Thanks for taking time to try this out.


Nice job. Your screen shots are impressive.

I think that your last column is rather the probable number of bad groups because a probability goes from 0 to 1. For example for 28/32 consensus and 10000 nodes the last column goes from 0 to 312. 312 is the number of groups (10000/32), so you can get the probability by dividing the last column by 312.

The last value 1.26 on the line with 6500 bad nodes means that the attacker will probably get one bad group (meaning a group with 28 bad nodes or more). This is the same result I got earlier:

(it was in same context: 10000 nodes, 28/32 consensus).

This is a good sign that our implementations are both correct (yours in C# and mine in Excel).


To be true I still have little doubt about my last column. I can’t find any confirmation on the web about that so I do it the way I think it should be done.

To be certain at 100% to have at least one group. You should have 10000-312.5 (with 32 nodes) nodes. Which is huge.


We are talking about probabilities. If you roll 6 dices, you will probably get at least one 6 but you can’t be sure of that.

Here it is the same: an attacker adding 6500 bad nodes to a network with 3500 nodes (for a total of 10000 nodes) will probably control one group but he can’t be sure of that.

But if he doesn’t succeed immediately, he just has to wait a little because the network reconfigures itself frequently due to an expected high churn rate. It’s like a rapid succession of different networks to be tested.


Right, so a good approach to speed this up is to clean configuration, join the network, see whether you hit the jackpot, if not, rinse & repeat.
But the attacker would have to have a way to monetize this.


Since PARSEC publication, it has been mentioned in several topics that an attacker must provide 1/3 of the elders to disrupt the network. But in fact, this would be true only if the faulty elders are uniformly distributed among the sections.In all probabilities a section will be impacted with a much lower ratio of bad elders.

I have updated my Excel file implemented a long ago to compute the probable global ratios for disruption with PARSEC threshold (1/3). Maidsafe has indicated that the section size will be increased from its current value (8), but unless I missed it, the new value wasn’t given. So, I choose a section size of 31 similar to the initial old value 3 years ago. I have taken a total population of 100000 elders as an example. With these values I found that:

  • a 12% ratio of malicious elders can disrupt one section (11/31 consensus)
  • a 36% ratio of malicious elders can control one section (21/31 consensus)

Note: With higher populations the percentages are slightly lower (but of course, in absolute value the attacker must provide more vaults).

Here are the corresponding curves and tables:

Disruption of a section:


Control of a section:


Network size and the cost benefit of an attack
Network size and the cost benefit of an attack

But even one “bad section” means the whole network is “bad” as sections trust each other.


Based on tfa calculation number of nodes in a group should be between 9 to 26 ? And group of 9 will have 8 elders and group of 26nodes 15 elders or they become elders from adults when forming new group ?


First, only elders matter for consensus, adults and infants don’t vote.

Second, there is a parameter named “group size” that controls more or less the size of sections, but in fact their sizes will be typically between this value and 3 times this value.

My simulations above suppose that section size is 31 but I don’t know what will be the future value chosen by maidsafe.


This was not my understanding. I thought it was >50% of age and >50% of nodes to make consensus?