Regarding a Sybil attack

Yes that is why my thoughts were not about that size but what a government would be concerned about and that is a network more than 10 times your selected figure of 3 million.

For the small network one has to wonder the benefit of putting in $30+ million to attack a baby network of 3 million. For the QDOS? very expensive way to do that. For the coins, well those coins will be worthless by the time they could sell any quantity and people know of the attack.

Motivation to spend big $$$ will come when the network has grown and hopefully by then things work as they should and datachains etc are securely implemented. Governments as I said will not be interested until SAFE is in use by more than the magical 14-20% figure. Government sppoks have said in the past that once you have >80-86% surveillance then you effectively have full surveillance. (the same for control, vaccinations and many other things)

But yes some analysis is needed and will be welcomed by many (@oillio thanks for your input)

4 Likes

So as @dirvin says - a node has to go through 1024 churn events if it is to have age 10 and beyond - and if we are to stick with his assumption of a churn event per 30 minutes:

We get 48 churns per day, and 1008 churns in 21 days - so if a malicious actor connects nodes to the system 24/7 for 3 weeks - those nodes will be at age 10, which frankly is nice age number to pass the quorum requirement of being above than 50% of age of the group (because when a node goes offline they lose half the age, so these malicious nodes would be at a nice point in age and rank after three weeks of 24/7 connection).

Hence a node cannot cost more than $10. I agree with you, the more expensive every node is - the better it is for the security of the system. But I think ageing and getting a high rank can be achieved in 3 or so weeks.

This is correct. See Data Chains Option A - Limitations And Security for original source of the quote.

1 Like

The expense is one factor (which I am unable to calculate), but it must be weighed against the consequence of the attack.

The attacker will be looking at it from a cost vs benefit perspective, a regular user will be looking at it as a cost vs disruption perspective. The measure of the consequence (to compare with the expense) is too subjective to be able to make a good guess.

How long will that expense be able to sustain the crippling? What good is the crippling if the data becomes available after the attack is exhausted? It’s important to factor in the duration of the attack since no attack can last forever, but often the benefit of the attack is directly related to the duration.

I admit this is a lot of hand-waving to avoid the crux of the issue, but I think the parameters of the network are not yet firm enough to be able to model the expense of an attack.

8 Likes

1.-Cannot fill the network with new nodes in a short time because each sector only accept one node with age 0. Even if someone have almost infinite malicious nodes, they will stuck waiting for churns that promote the first nodes to age 1. It will depend on the time the network has been running, and the number of churns, but possibly will need much more that two weeks only to introduce the nodes in the network.

2.-The malicious nodes will gain age but the rest too. If there are enough stable nodes, via VPS, small devices or professional farmers, is unlikely to get the majority of the quorum of a group, both in number of nodes and age, before several months. Of course Is possible to think in an attack mixing DDoS and new nodes but will be much more complex and expensive.

3.-To try to control the network you must first contribute to the growth of the network. That attracts new users that make the attack more difficult every day. At the end you can enter a vicious circle that ends up helping the network instead of being able to control it. Remember, is one attacker against the world.

4.-If the network is capable of republishing the data, via datachain, the entire work of the attacker is useless. In the end the attacker must spend enormous resources that, possibly, will only result in the resurgence of a stronger network

8 Likes

Yes, but for an attack you need to target a group. As get relocated to random groups you could not target a group with any succes.

1 Like

Thank you for your thoughts Mav, Neo, Digipi regarding the motivation to attack the SAFE network, especially in the early days - I think we all agree that the greater the size of the network, the safer it becomes. So that certainly point towards the need to make it’s adoption by the general public as friction-less possible.

Thing is, SAFE Network is attempting to become an alternative (and many would say better alternative) to the Blockchain technology in terms of attaining decentralized consensus. A successful implementation of such a concept would give SAFE an edge over several cryptocurrencies currently in market - it will be very obvious, very soon, that SAFE will take over these cryptocurrencies markets - and SAFE is operating very openly and clearly in the eyes of cryptocurrency industry, hoping to target this audience.

Many of these companies will have direct financial incentive to destroy the network before it gains a certain network effect.

People might not want those coins, they might not want user data, they will want to cripple the SAFE network itself through a brute force Sybil attack for it will be in their interest to do so as soon as possible. Every currency, Bitcoin, Ethereum etc has been attacked and so will be SAFE network - such is how it is. Apart from other Cryptocurrencies - there are several other players who will be at a very real threat of SAFE taking away their market share. They will also have financial incentive to attack SAFE as soon as possible after it’s launch.

So we can all agree that there most certainly is an incentive to try to attack and destroy SAFE network from the very first day, especially considering that only one such malicious party is required. Whether they will succeed or not, whether it will be expensive or not etc is a different argument - but there will most certainly be entities with financial incentives to destroy the network before it threatens their market share.

So there will be entities attacking SAFE, and if the community and developers etc can find some mean of further increasing the financial cost of such an attack, the better the survival chances of SAFE.

3 Likes

By crippling the network I meant introducing such a large amount of malicious nodes (especially when the network is small and more vulnerable) such that the SAFE network loses its collective consensus i.e. the network no longer operates within the boundaries it was programmed to do. So it’s not a matter of long can such an attack be sustained, more like how many malicious nodes will be required to basically overtake the quorum of a great majority of the groups in SAFE Network even after the nodes are randomly distributed in the XOR space.

I think the more expensive the cost of one such node is, the more chances of survival SAFE has. The parameters are not firm but we all know that the basic unit in the system will be a node, and I still think the cost of an aged and well ranked node is not more than $10.

Thank you for highlighting that, I think it does increase the time period of introducing malicious nodes into the network. I think a churn at every 30 minutes is reasonable to assume so it is then reasonable to assume that a person can introduce around 20% of the total network size per day. This does delays the process of introducing let’s say 300% extra nodes into the system by two/ three weeks.

Most of the nodes will be disconnecting and getting their age reduced by half, but overall - I agree with you, the attacker would definitely need to play catch up with the network - and that this catching up will become extremely difficult after SAFE Network has reached a certain threshold of adoption by the general masses, but in the beginning it might not be that prohibitively expensive. .

But if the attacker manages to gain a quorum control over the majority of the groups, won’t it possible to disrupt the datachains or destroy their mechanisms? I don’t really know how that works. Is it possible to resurrect the network let’s say even after hijacking of 85% of total groups in the network? How much damage can an attacker in such a scenario do to the datachains?

1 Like

I was keeping that assumption in mind, basically I think it is still possible to take over let’s say 65% or 85% of total groups in the SAFE network even after being placed randomly in different groups due to XOR space and in this topic overall consensus is that such a scenario is most likely in the beginning few months after release - because at that time the size of the network will be such that enforcing such an attack might not be prohibitively expensive to do so.

Why 85% and not 95%? or 99,99? or 99,99999%? Sorry but I don’t play this game. In a distributed system you can always go further and the assumption that somebody can control 85% of the network is basically ridiculous.

Better you say that 100% of the nodes are malicious and we don’t waste our time.

3 Likes

You have your views, formed over a lot of time, about the SAFE network. I understand that it gets bothersome to reply to non-technical new posters, but I assure you I’m asking the questions in good faith and after having read this forum as much as I could.

I’m just trying to understand the system better, and in doing so, I believe I’m adding some value to this forum - at least now if someone has the same questions that I do, they can read my posts.

I agree with you, 75% 85% or whatever are just numbers - you believe that it is ridiculous that someone can infiltrate that much - I think there’s a possibility, especially in the beginning. I guess it depends on just how rapidly SAFE network is embraced by general public and crypto community.

Anyways - in all my reading on SAFE network I haven’t been able to find some answer to the following question, if someone can enlighten me on that - it will be appreciated:

Let’s assume that some person manages to introduce enough malicious nodes that he gains quorum majority in some groups. Let’s say 1% of total groups. In all those groups, malicious actor has 28 or more out of 32 nodes - well aged and ranked - connected to the system.

Is there some method or function in the SAFE network to isolate that 1% of malicious group or remove those groups - I understand that those groups will not be able to do much damage - but how does the system deals with them? Is there some method to kick the malicious nodes out or to identify and disconnect from compromised groups?

4 Likes

And if some technically knowledgeable person can answer this query, that will be appreciated.

1 Like

I’d recommend reading through this thread, it addresses the concerns you raise:

1 Like

FWIW I find your questioning is constructive and helpful. I also can feel frustrated by such questions so I understand why people react sometimes. In such cases I now try and leave it to others to answer! :slight_smile:… or not. Usually @neo leaps in and does a fine job, or @polpolrene, or several others who have gone much further into the details than I.

So I can’t give much of an answer to your latest question. My thought is - probably not, but that the network is being designed to ensure such a take over is not feasible, rather than to cater for it.

You are right that while the network is small it will be more vulnerable. Maidsafe are certainly aware of this and have plans to mitigate the issue, but it will not be possible to cater for extreme scenarios. My thought is that we just need to be good enough, and that while the network is small there really isn’t much to gain from attacking it - only once it is too big to attack will rivals realise it is a threat. That’s my thought anyway.

But what is the worst case? It falls over, we step back and come up with a plan to get it running again. I don’t mean to be complacent - we should think hard about these kinds of threats and take whatever measures we can reasonably take, and I think that’s what Maidsafe are doing. Often they have engaged in these discussions, but I think they are too focused on getting there just now, and I’m all for that! :slight_smile:

1 Like

I’m not a coder, but you make the right split between Clients and Vaults. When a Vault joins:

  • It’s not trusted, has no voting rights on anything, can only join and sign with quorum of the other nodes. So if 2/3 of the nodes in a group allow a user to store some data this new Vaults needs to sign with them. If the Vault behaves differently it’s rank won’t go up, it might even be removed from the network. So at age 1 a Vaults needs to do some work but can’t really “screw” anything. it needs to behave and follow the other nodes that form quorum.
  • After some time (when another Vault leaves the network) the new Vault might age to 2. It will be relocated by the other Vaults in the first group. So now it’s in the second group and is trusted a little more. But it still has to do work and prove to be reliable. After 2 Vaults leaving the new group the Vault’s age goes to 3. It might earn a little Safecoin if it delivers some chunks out of it’s Vault. But still not the same as the older Vaults in the group.

This process goes on and on. So to become a trusted Vault with voting rights it needs to do quite some work. And as it’s randomly relocated after good behavior it can’t target a group. So there are 2 options: Work with the quorum of the other vaults and get a higher age to earn some money after a while. Or try to fool other Vaults and get kicked out without making any money.

5 Likes