Step-by-step: the road to Fleming, 2: Sybil resilience

Some context

With the release of SAFE-Fleming, we’ll have assembled all of the components required for a fully-functional permissionless decentralised network. The data layer will soon follow. But this is big news by itself. The previous post in the series, The Big Questions: SAFE Fleming and Beyond, outlines some of the challenges that we’re tackling.

The crucial part here is that one word: ‘permissionless’. It lies at the heart of a number of design decisions made across the SAFE Network. One is ordered consensus - something that we touched upon in the first post. Another, which is both orthogonal and complementary, is Sybil Resistance which we’ll now expand on a little here.

Let’s start with the Wikipedia definition of Sybil attacks:

“The attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence.”

Perhaps you know other Networks better. Let’s take Bitcoin for example. There, the proof-of-work (PoW) mechanism is effective in countering Sybil attacks because no matter how many identities an attacker creates, she still needs to control >50% of the network hash rate for any attack to be effective.

But as we know, a PoW blockchain isn’t a viable solution in the SAFE Network for a whole range of reasons (including lack of scalability and asynchronicity). So we have to achieve this using other means.

Before continuing, we should make an obvious point: Sybil attacks are of course not the only form of attack on the Network. But it’s a sufficiently important category that warrants separate consideration.

But, why?

To think about Sybil attacks, it might be useful to think about one of the weaknesses of existing social media networks. In most cases, it super-easy for someone to create a large number of fake identities in order to wield a disproportionate level of influence. Whether these identities are semi- or fully automated, the results are the same. In aggregate, they can be used to manipulate the discourse to their advantage. In some cases, that’s done simply to drive up sales of banal products. In others, it gives the attacker the power to subvert the foundations of freedom and democracy.

In the context of the SAFE Network, preventing Sybil attacks is crucial for a number of reasons - including preventing a malicious actor trying to perhaps set up a huge number of nodes to control consensus within Sections or attempting to double spend Safecoins.

So how do we stop Sybil attacks?

To guard ourselves from this happening there are a number of steps we can take. Fundamentally it boils down to making it prohibitively expensive for the attacker, both in time and resources spent. In Bitcoin, proof-of-work makes a Sybil attack very expensive because it requires any attacker to have control of more than 50% of the hash rate of the Network. In the same way, we want to make it so expensive to attack the SAFE Network that it becomes infeasible.

More concretely

We can identify at least two properties that would increase the cost for an attacker dramatically.

• Dilute the attacker’s resources so that it prevents them from gaining a local advantage.
• Delay the attacker’s ability to gain meaningful influence.

We can achieve this through a combination of mechanisms:

1. Don’t blindly add all new vaults that want to join

The SAFE Network only accepts new Vaults when there is a capacity deficiency. This means a user can’t just create 10 million vaults and connect to the Network. Clearly, this needs to be balanced against the fact that we don’t want to prevent home users from joining.

2. Balanced relocation

A node that joins the Network has no choice. It is assigned to a location that is chosen by other nodes. This means that an attacker is diluted to the point that it has no local influence. Crucially, attacking nodes are not given a chance to cluster.

3. Node ageing

Adjusting the influence that a node has according to the amount of work it has performed over time means that an attacker can’t take control by setting up and providing extensive resources to the Network. The number of nodes and resource provided to the network don’t matter if your nodes are young because - put simply - they have very little say in the decision-making. As nodes age, they are also relocated, which also helps to prevent any kind of local concentration of malicious nodes. Empirical data from other P2P networks show that the oldest nodes are always by far the most stable, meaning they are unlikely to churn and will provide a robust core structure that is inherently difficult to challenge for Sybil nodes.

You could also argue that node ageing in practice returns a similar result to proof-of-stake (where you need to put significant resources at stake before you can wield influence).

Combine these to a number of well-considered SAFE parameters (such as the number of nodes in a typical Disjoint Section), and an attack becomes infeasible (similar to how PoW works in blockchains). And the longer the network is active, the stronger the protection from Node Ageing becomes.

Sounds good and all, but I want more details

In upcoming posts, we’ll be taking this a bit further to elaborate on these mechanisms and what they achieve. In particular, we’ll be discussing the work we’ve been doing in exploring the parameter space using simplified models so that we can get a feel for what is necessary in terms of e.g. minimum section sizes and number of Elders.

I worry that such simile might be a bit confusing.
The biggest complaint I have about the proof-of-stake is that any jerk with lots of capital can instantly get enough importance in the network.
In fact, both PoW and PoS faces the same problem inherited from the real capitalist world, the more capital the more control over the network.
Yes, there are several flavors of it now, each project have their own tweak to be more robust against Sybil attacks… so I would like to know on what aspects in particular do you find a comparison with PoS.

My first impression when I first heard about the SafeNetwork (after becoming early adopter of PoS in projects such as peercoin, NXT and NEM) was that it made it invulnerable to the types of manipulations that PoS could face.
There is no way to automatically gain any advantage over the network just for having an inordinate amount of money stashed. There is the sigmoid curve that also discourages single mega servers, so even single actors who wants to be full time farmers wouldn’t gain any influence on the network as they would need to break down their vaults, each of them being lost in the xor space.
At that time SafeNetwork was the only project I could find that seemed to be impervious to economic and political attacks.

So from my perspective, I don’t see the similarity between PoS with the SafeNetwork.
You might as well say that PoS is like PoW, just because it validates blocks, but it really isn’t it, is it?

I really like the effect that the network makes an attack expensive similar to PoS. It is a universal language that any attacker understands, if it costs more than an attacker can gain, then the benefit of an attack becomes useless and hurtful.

Ethereum is exploring PoS and I guess because they need to scale transactions, if the SAFE-network can achieve similar results to PoS without the need for PoS, that is great. But even if some form of PoS would be needed in the future, I would probably support that too.
Very well written text @jonhaggblad.

I think that is a view you can rightly take. The POS similarity is most to lose makes the decisions. So many angles to look at, but both your’s and this are indeed valid. Node age and safecoin is not POS or POW but they all have angles in common. In terms of sybil resistance age is closer to POS than POW really. I dislike POW and POS for the reasons you state, big cash wins in these networks. It is also true for SAFE but we force cash plus time (effort over a long period). All interesting to consider though, many “answers” to similar problems. POS and POW are sometimes confused with consensus and then also conflated with sybil resistance. We see age as sybil resistance but PARSEC for ordered async consensus and data chains as linear lists derived from either group consensus or PARSEC consensus. We will get much deeper in further posts though.

tl;dr: I agree with your premise and conclusion in many ways, but I think it does go a bit deeper and we hope to take everyone on a journey down there with further posts.

Will there be something in the protocol to kick entire disjoint sections off the network if they go bad, or is that not a concern?

Thanks for replying, what do you think about NEM’s twist on PoS with their Proof-of-Importance?
I liked that the level of importance is behavior-based, as it rates your importance in the network based on how much you participate in the network by making transactions.
I think node aging is more similar to this particular flavor of PoS, PoI.

I don’t agree at all. If sections have free slots and a new vault powerful enough to pass the PoR test is willing to participate then the network must not reject it just because there is enough free space. For maximum security we need the lowest rejection rate possible to maximize the total numbers of nodes:

• Nodes of an attacker will be more diluted
• With a greater rejection an attacker has just to retry to connect each node more often but the number of nodes he needs is not impacted
• On contrary for casual users, a greater rejection rate will deter them from connecting a vault, which will lower the number of honest nodes and so will increase the proportion of attacking nodes

My simulations done one year ago (concluded here) aimed towards a large and homogenous network. Part of the solution is a reduced rejection rate. Of course, it cannot be zero, but I was proud to keep it under 33%.

I tend to agree, it should be only be rejected if there is a glut of free space or just too many nodes.

Obviously some balance in that the section may slow down acceptance between needing nodes and having a glut of free space.

It seems to me this whole thing assumes that an attack is to be fast paced. But if one were to say set up a slow attack that had moderately sized vaults that stayed on for a long period of time what would happen? Sounds like the strongest counter to such an attack would be the dispersion rather than the node aging and such. There’s a lot of discussion about how the network is like proof of stake or what not but the only way it’s like proof of stake is that one has to invest computer resources over time due to node aging. It’s more like staking a claim to land than investing money, where you have to directly invest time and energy into the land rather than simply throw money at a project. For the SAFE network you need to throw time and processor power at your vault in order for it to grow in value and influence. But much like land barons there would be those willing to invest in the time to buy up a ton of servers and divvy up processor power. However it’s the diffusion of those vaults that really counters this. It’s like a realastate agent that lets you buy as much land you want but randomly selects the property all across the globe (ok not quite random but still).

Cost. Costly to keep nodes running for the length of time to age and then wait for others slowing joining to age too. The cost of attack increases the slower you add nodes.

Number of nodes in network on average increasing over time (assuming healthy network). So attacker is being diluted and may never be growing in %age of network

That balance was supposed to be controlled by the price of PUTS in SAFEcoin. Gluts of freespace would cause the cost of PUTS to decrease, encouraging storage and discouraging new nodes from participating. Now it is unclear to me how we close the loop on SAFEcoin value.

I am talking of a balance in allowing nodes to be added. NOT a balance in needing nodes

A possible (maybe not) advantage of delaying tactics: there is more time to ‘manually’ spot irregularities. Like noticing that a high percentage of Vaults are coming from the same location(s). You could detect that by collecting a lot IP’s. Of course the one(s) collecting these IP’s must also have a lot of Vaults (in different sections) themselves to have enough data to get meaningful statistics.
And maybe not possible to do then something (quickly enough) to dilute such an attack, without going against the principles of an anonymous, autonomous and decentralized network. I’m thinking of the Ethereum hard fork (DAO) as a bad example.

From a static point of view, perhaps. But from a dynamic point of view it is more the sum of good works, in benefit of the network, which takes the node to a privileged position. Is more a cumulative and not wasteful POW.

My objection, to the comparison with POS, especially consider that, in this world, it’s a term associated with property and wealth power. A system where you need to own part of the network to integrate as a miner which may lead to believe that need something similar to integrate as a farmer,
I think it’s a comparison that the SAFE network should avoid.

I agree but Maidsafe knows that too. They are comparing PoS in the context of effort over time (which has a cost) being staked rather than riches staked up front. Personally I don’t see a problem with the comparison because I get it but I guess I can see how folks here could be concerned that others elsewhere could misconstrue.

Great write up! Looking forward to the deep dives!

That we have. That we have.

The reason I pointed out that comparison is that it can easily be misinterpreted by people who aren’t familiar with the safenetwork…
That kind of statements are easily misconstrued.

Its unfortunate though.

But even knowing the little I do about SAFE, the comparison with POS still leaves an overall negative impression. Even though I realise what is being said and agree. To me its more like the Elders in a traditional tribe. They been through the rigours of life and are wise. Even if occasionally you get one that shouldn’t be.

in fact, in the general sense, there is only PoS. Why?

Because:

• in PoW you stake machines bought with cash
• in PoS you stake directly cash
• in Node ageing you stake computer time = internet + power + computer, which all are cash

So, in the general sense there all are PoS, but the stake is only seemingly different…

Thanks @tobbetj