The attacker would need to brute force the combination of addresses for two sections that they have taken over.
I’m not sure.
In your proposal the Safecoin CoinAccount data structure is (only) guarded by 1 data copy on another CoinManager section: the one responsible of the range the id’s mirror address is part of?
That value of the id field of CoinAccount, is that part of the XOR range where the CoinAccount data structure is stored?
If both answers yes, then after +/- ‘total number of sections / 2’ tries with different id’s of your 1st section, you get one where the mirror address is part of your 2nd section, no?
If all sections are mirrored from launch day, then any rogue behavior would get detected after that point.
If I’m not mistaken, if you can get control of 2 sections and create new CoinAccounts like described above, then you won’t be detected with the current proposals.
To be clear, let me try to explain the kind of attack I’m thinking of to get control of a section.
No need to control a high percentage of the total number of vaults with this attack.
Maybe it is unrealistic, but I’m not (yet) convinced it is.
It is certainly not an easy nor cheap attack. But the reward can be high.
Certainly if the Safe Network becomes a big success and Safecoin has a lot of value.
You, the attacker, create a number of vaults. You then have the IP addresses of the ‘elder’ vaults of the sections your vaults are part of. You investigate the IP addresses: which ones can I track/detect the owner of?
I guess this is difficult, but paying the responsible ISP for this information could help. Or some ISP want to help for free to get rid of that annoying (for them) Safe Network.
If you’ve found a section you know all/most ‘elder vault’-owners of: you contact them and offer a lot of money to take over their vaults (e.g. remotely with ssh on a Linux). You could even try to promise the owners to pay them with part of the reward the attack will give, if it succeeds. You have to convince 2/3 of the owners. Or a bit more, in case one of them has to leave the section due to the normal ‘churn’ in the near future.
Remember: you only have to control 2 sections.
Then you replace the elder vaults software, while it is still running and operating normally, with a version that does what you want (of course you’ve tested this before on a test network).
This won’t be easy, but again I’m not convinced it is impossible: see this post.
Maybe a succesful attack is more complicated than described here, but I think the idea is clear.