I don’t know much about coding, or the deeper technical layers of software and hardware systems - but I like to read about technology and security etc. If my ramblings seem idiotic to the technically advanced people in this group, I apologize in advance.
As of now, there are a couple of things that are supposed to protect the system from a Sybil attack:
Close Group Consensus, Node Ageing
I think Data Chains and Disjointed Sections also help, but I am less clear on those.
And I think the close group consensus and the various mechanisms that @dirvin has put in place negate the utility of gaining control over a group in the first place - I am tired after another night of reading this forum, but even to a novice like me it is clear that @dirvin and maidsafe team in general have thought out a lot of things and there are extreme nuances, they have various hints of mechanisms in different places which makes one appreciate the system and its complexity.
So to quote him:
Node Ageing (as far as I understand) helps by slicing the rank by half after a churn and enables the system to rank nodes by age - and so a node can’t jump around to join others in a malicious group - it will have to try to brute force the entire system and go for the 65% ownership of total nodes route - no short cuts.
It has also changed the Quorum of whole group to basically >50% of nodes and >50% of age.
This is on top of the fact that if an attacker has not gained complete control over a group - the group can kick the malicious nodes out.
Basically all this means (to a technologically illiterate person like me) that any person or entity interested in a Sybil attack would need to first add at least around 200% of the nodes already in existence to the network (just to be safe) - and then leave them connected (24/7) to the network for three weeks or so - so that the nodes are well aged and trusted.
Now due to XOR space, nodes cannot really decide what role or position they’ll be in the network - and the malicious entity ageing their nodes would probably be aware of that, so all the more reason for adding around 200% of the nodes that are already operating to just do some damage.
And I am assuming they will add patches to the vault code such that the ageing nodes behave accurately first and then when given a signal - attack.
And so I think the person attacking will also be aware that when they do attack, they might get quorum majority in some groups - but if @dirvin calculations are true, they will not have the statistical numbers required to change the consensus of the system - which would require much more number of malicious nodes. They are just vandalising and disrupting, unable to change the consensus of system, but vandalising nevertheless.
I think, such a capacity to disrupt SAFE - to vandalise it, so to speak, has value. To me, it gives the imagery of jamming the communication and the system. I know that the system can handle the malicious nodes going offline suddenly and some other scenarios - but if a huge majority of nodes in the SAFE system - nodes that have good age and ranking, for they behaved very well for three weeks or so and never disconnected before attacking - just suddenly go haywire surely that’s a shock to the system. So they can jam the system, create a shock in the system, distort communication, misbehave, I think that’s a powerful attack.
The attackers may not gain control over safe coins, getting access to chunks of data will be useless - but (to me at least) it’s a very uneasy thought that this type of attack can be done.
If I’m not wrong, the primary deterrence to a Sybil attack is making it prohibitively expensive:
As I said, I’m really not a technical person, don’t know much about costs of servers and hosting etc.
If the above scenario is wrong, and I am stupid for not having understood the SAFE Network properly, I humbly request some member to kindly take some time and enlighten me.
If the scenario can take place, can someone calculate just how expensive an attack like that be?
If we are to assume let’s say, a node population of 3 million being active in the SAFE Network system (not all nodes will be active at all times, so lets say total population is 5 million nodes and 3 million are normally active at one time)- just how expensive is it to add 6 million nodes into the network 24/7, have them age nicely for three weeks so that they gain rank and trust, and then those 6 million nodes just do whatever they can do vandalise - break some protocols etc.
If it’s a couple of million dollars, then surely it’s just a couple of million dollars more to do the devastating 600% or 800% attack to completely cripple the system.
Let’s say it’s 2019 and someone uses SAFE Network to leak some extremely embarrassing documents that piss off a dictator or some billionaire.
If the cost to cripple SAFE system, is a couple of million dollars, or let’s say it’s 30 million dollars - why won’t a dictator or pissed off billionaire or China or any other state entity cripple it?
Thanks for your time.