Security flaws in the safecoin model

After reading over what little documentation exists on safecoin some attack scenarios came to mind, the first is that safecoins are minted and granted to users based on a users “resources”, no literature exists to show how the network would authenticate that the user was in fact actually in posession of and providing said resources aside from a consensus of nodes which could easily be lied to by said user, except for say bandwidth.

The second issue falls in line with the first, how safecoins are transferred. Alice sends Bob 1 safecoin, the network receives this broadcast and finds 32 nodes with the closest XOR distance to Alice and accepts a consensus of 28 to validate the transaction, an attacker only has to setup 28 nodes with XOR distance closest to its target to steal Alices coin.

Whereas POW requires an actual result be produced to satisfy the test, and POS requires visible ownership of coins to validate trust, POR requires that each individual farmer honestly reports (or moreso doesnt hack a client to fraudulently report) their resources. This becomes more problematic when an attacker like for say in issue two sets up many hundreds or thousands of fraudulent nodes and has each report falsely the abundance of eachothers resources.

And whereas POW/POS blockchain solutions use a permanent public longest-chain approach to ensure miners are working together (and hopefully honestly if no one miner holds a majority of power), POR allows anyone to setup nodes with XOR distances close to their target and manipulate their transaction without any public knowledge.

Id be interested to hear what solution there may be to the first issue as this seems all to easy to game and undo the entire concept of safecoin, as for the second issue i see a solution but would like to hear what the developers have in mind.

2 Likes

You are, in short, asking what countermeasures exist for ‘sybil attacks’.
Well, read these: http://systemdocs.maidsafe.net/content/en/attacks/birthday_paradoxsybil_attack.html

And regarding the Proof of Resource, spoofing it would be impossible as it is based on actual usage of the stored data and lost packets. The only way to proof resources is by offering resources.

And read this:

9 Likes

We discussed this in several topics including this last weekend:

I don’t know if it’s fair to call it a flaw. Maybe “weakness” is better, just is it is a weakness of Bitcoin to be unable to ensure proper validation if a malicious mining pool gets a 66% plus share.

2 Likes

Plus my favorite back-and-forth with @janitor happens to be on the same subject:

3 Likes

So to get close to a XOR address you have to generate one that sha256 hashes closest to theirs making it impossible to just give yourself a close address. And i take it from the close group security thread that XOR addresses of a group are not just given out unless a group accepts your connection so the attacker would see very little by trying to connect to everyone, this would certainly inhibit mass sybil attacks of particular nodes.

For the network wide sybil it was stated that the attack would have to bring on 5x as many nodes as their were in the network to get a 75% attack that would allow it to destroy the remainder.

Well i cant speak for this without seeing it in action, but it did occur to me that nodes on the network can follow a similar design in TOR to help prevent sybil attacks, which place new nodes on probation until they’ve stuck around for a few weeks, this would prevent a bruteforcing of addresses and other behaviors. Still though i dont understand how any of this is supposed to prevent a large group of colluding attack nodes from falsely reporting eachothers resources to the rest of the network to reap farming rewards.

2 Likes

Nowhere does it say that’s supposed to be prevented by design.
I think the foundation will run a bunch of seed nodes to bootstrap the network so that it hopefully becomes large enough to securely work on its own.

1 Like

This is catered for by vault rank which is something gained by good behaviour and performance over time. I’m not sure exactly how this is applied in the current design because there have been significant changes since it was originally discussed on the forum (the switch from persistent to non persistent vaults), but I think it will still be applied in some form.

You already explained that this requires so many nodes as to be unfeasible - because to vouch for each other they would have to create close groups, each of which has a quorum of their fellow cheats. To achieve this for even one close group is very hard indeed.

These might help with understanding the safecoin design and seem to answer your question more broadly:
https://github.com/maidsafe/rfcs/blob/master/proposed/0012-safecoin-implementation/0012-safecoin-implementation.md
https://github.com/maidsafe/rfcs/blob/master/agreed/0004-Farm-attempt/0004-Farm-attempt.md

4 Likes

[quote=“happybeing, post:7, topic:6730, full:true”]
This is catered for by vault rank which is something gained by good behaviour and performance over time. [/quote]

Would describing it as an anonymous web of trust / reputation system be correct?

Side note: I hope it’s using exponential moving averages. I love exponential moving averages :stuck_out_tongue_closed_eyes:

1 Like

I think MaidSafe addresses Sybil attacks correctly now. Also, I think that the protocol as a whole seems rather secure, except for a massive number of new malicious nodes coming online. The internet itself is subject to far more weaknesses, bitcoin is much less.

MaidSafe is less secure than Bitcoin because of the “nothing at stake” problem. But it is far more secure than TCP, for example. It likes somewhere in between. The coin’s fair value should remain somewhere near the utility cost of the network.

If the coin goes up too much, it incentivises attacks… which can easily succeed by briefly dominating the network (how much would a 75% attack right now using Amazon cost?).

So the coin remains limited in real value. But the network itself is not limited. It will creep up slowly and probably more steadily than real world “lots at stake” algos like Bitcoin.

3 Likes

If bitcoin worked in practice as it was designed to in theory, you might have a point.

It remains to be seen how Safecoin and SAFEnetwork perform, but we can see that bitcoin is not decentralised, and so is very vulnerable compared to the theory of a 50% attack: due to the concentration of hash power among a handful of miners.

These miners also happen to be geographically co-located inside China which has already caused problems with confirmation times, but more seriously makes the whole bitcoin network vulnerable to the actions of a single very powerful state, which has the capability to control a lot of internet traffic already and is no doubt continuing to enhance this ability.

I also think your suggestion that SAFEnetwork farmers have nothing at stake is misleading. We’ll have to wait a little longer to be able to make proper comparisons, but not too long to go now. :slightly_smiling:

4 Likes

I can barely scratch the surface of what you guys are talking about but two things.

1, these discussions on security are great and just what we need.

2, I would of assumed that the network automatically but not directly requests more nodes to come on if an attack was made and killed some of the network by changing the rewards and rate of rewards? And especially because it’s not a closed system nodes would be coming online and offline all of the time so there would always be new ones?

Yea, but in case of flash attack, aka Blitzkrieg, or botnet attack, that wouldn’t be fast enough.

@janitor What kind of attack are you considering here, massive shutdown of previously operating nodes? Rewards or not, as nodes shut down the processes of redistributing that content would begin. So I think we’re talking about an attack that cuts off too large a percentage of the network simultaneously that data begins to be lost, due to simple lack of nodes for the data flowing away from the lost part of the network. This would have to be a large chunk, such as if a majority of clients were corrupted with code to shut off via remote command.

I wonder if the network status could be communicated in some way that could be monitored. If it could report a net churn rate then people could setup a service to add nodes from could storage at certain triggering churn rates, and catch the fall, so to speak. They may have a financial incentive to step in in those times, to be ready when the reward rate inevitably increases, but I’m not sure how those numbers would add up.

A truly dastardly individual might hope to gain by both supplying a large percentage of the nodes and having financial investments dependent on the network status in some way (up/down of the safecoin or of the network stability). They could then use their generally reliable node farm, to occasionally shock the system by fully going offline. If they knew what was going to happen in that shock they could plan accordingly and possibly reap repeated financial rewards by sort of alternating support and denial attacks at a great enough interval. Would the system “remember” those bad nodes? I don’t think it will as I understand it, since each new startup is a new id and new reputation. Any thoughts on a scheme like that?

1 Like

Yes, a truly logical attacker would want to benefit from this financially (everyone has hosting bills to pay). I didn’t want to mention these details but I assume would-be attackers will be creative enough to see the opportunity in that as well. They can create sufficient number of fake crypto exchange accounts to cover their tracks.

You can simply wipe it all and create a new one. I think partially that is why - which I didn’t understand at the time - there is so much enthusiasm for the “proof of unique human” (see old topics on this forum). (Which didn’t go anywhere).
At the same time some of those PoUH enthusiasts still laugh at the wasteful and unnecessary PoW :slight_smile:

How do you plan of these attackers profiting exactly?

From the high cost of puts on the network?

That would work once if you are very lucky , you wouldn’t end up with the market increases by 100’s of percentage in a matter of hours, it just wouldn’t happen.

The fact the network would be monitored by thousands of people pretty regularly as they do their day to day activity , If space available on the network vanishes to near zero levels , within the first 10 minutes a large group of people will already be aware there is most likely an attack going on and wait it out. Either an attack of the network or no free space, which they would just wait it out.

It could possibly effect the network negatively perhaps, But that would have a reduced effect every time it happened , first being most severe then each time after effecting less and less people, we have seen this in almost every single crypto.

By taking a large amount of capacity offline and simultaneously attacking the network, “waiting it out” may not be enough to prevent data loss.
You assume that the app providers and users won’t mind to wait it out. Maybe not the first time, but one hour of global downtime on any Tier 1 or 2 cloud provider makes the news.

This woudn’t work as well as you would expect , It would increase hugely your cost margins , you are lowering data on the network to further run up the cost of putting data into the network , so not only are you making it more expensive to attack the network forcing it to be charged 1 sc per chunk sooner, you now need to rent a whole other load of amazon servers , before you even commence with your plan and allow them to run for a short while first.

More rental costs , far more SC costs as you have to maintain the attack and new servers would be getting added over time , Yes not very fast perhaps at first maybe , but within 1-4 days of the attack any number of people can have 100’s or 1000’s of terabytes just waiting to be switched on in case it happens again.

making sure the attacker spends a huge amount of money first by having to maintain an expense of 1sc per chunk for a 30-60 minute period burning thru potentially many thousands of tens of thousands of coins.

How long can you maintain this attack? even less than the first idea cos its costing you even more than before.

weird how bitcoin has been attacked by spam attacks forcing people to have to pay upto 10 times as much if they wanted their transaction to confirm within 6-12 hours and after the first time, with very little market effect, had even less so every other time after , ya know the spam attack that was costing attackers like 16 dollars a day to do so.

Am i to assume what actually happened would be impossible to happen because if it happened to other currencies providers other than bitcoin in fiat it would surely crash or affect them in their stocks if it ever happened to them?

It will hit the news and as has been experienced before, it would maybe affect the price negatively then face diminishing returns every single time after that .

This is also a potentially big problem in the beginning that can easily be countered in numerous previously thought up ways that can be there at the ready now for when the network launches, that once reaches a huge size wouldn’t matter be needed at all with a much larger network.

I’ve considered those problems and I have some ideas how they could be mitigated or worked around, but I’m not going to detail them.

Yeah, the first one cost very little, the second more as people tightened their relay settings, but I think now those attacks are basically futile. The attack was known before so there’s a parallel to the current situation with SAFE, I see that.

Most bitcoin users could simply wait it out, a strategy you mentioned earlier; but I think businesses and those who needed to make transactions weren’t very amused… However since there’s also PayPal and other workarounds to get your money through, it wasn’t so bad. But if you only do business on SAFE, then waiting it out is more annoying.

That’s the big question. We don’t know who will use the network and how. I think the largest long term gains for the attackers would come from the loss of long-term confidence in the ability of the network to protect itself from data loss.
We’ll see.

just a thought … to be honest i’m not exactly sure how the consensus mechanism for the farming reward is planned right now with safecoin …

…for a large-scale attack you might need “just a local majority” … let’s say you have a huge botnet … then 10% should not be a problem in the early days … then of course determining IF you have the local majority isn’t that easy … on the other hand maybe you could find a way to get this knowledge if you are very clever …
But if you need for a successful reward a local majority at more than one place in the network (e.g. your close group + a random chosen close group) this attack would become extremely difficult because you would have no chance to know in advance whether you will have the majority you need and probably will get kicked out of the network because of misbehaviour …

ps: sorry I know I didn’t participate in the discussion above and didn’t refer to those topics … just seemed like the right threat to post such a thought …

1 Like