Vitalik Buterin on MaidSafe's consensus mechanism

I think it is really really hard to push nodes away or to DDoS them. On an ip-level you’re only connected to maybe 2 addresses per group. Every message you sent out using this 2 ip-connections, will be forwarded by them to the other 30 nodes. So if someone tries to DDoS your ip (let’s assume they have it) they can only take out 1 node in the group. The other 31 will be alive. And your attacker has no clue what their ip-addresses are. So I have no idea how to attack a group. I think it almost can’t be done. Now let’s assume I’m the bad guy, so I start to attack these 2 ip-addresses that I’m connected to. The other nodes will see some weird behavior of 2 nodes in the group, so their ranking goes down. Now let’s assume I really go nuclear on these 2 ip-addresses, what happens? I kick down 2 nodes in the group. the other 30 will still be alive and well. And I have no clue what their ip-addresses are… So to kick down a group, take like 12 nodes out at once? I don’t think it’s possible.


It’s like smashing the ocean with a rock; eventually the ocean consumes it; “punching holes in the ocean” @dirvine


It’s possible that Ethereum could be over engineered. They have to be careful to let the best design emerge rather than to try to predict all possible future scenarios in a top down grand design approach.

It’s not possible to design something like this by trying to forecast every possible exploit. Instead it’s better to design it with emergent properties so that there is an in-built immune system for instance or self repairing mechanism.

So I would say David has the right approach here. As long as SAFE Network is “evolve-able and resilient” by design, then it will be attacked and develop immunity to those kinds of attacks as they happen.


A design which solves all possible problems from the start is impossible. There is no design like that.

However you can have a design which is built to evolve and be flexible enough to be extremely resistant to attack.

Ant colonies are a very good model to look at when you’re engineering an emergent architecture. It’s not a good idea to look at any top down over engineered design from the minds of a mathematician or engineer because these designs often try to look at all possible risks and manage them but it’s not possible to control for all risks at once.

If you look at how biology works then a species doesn’t start out immune to all viruses. It develops immunity over time, it develops resistance. The key feature is adaptability of the species, the hive, the colony, the chain, the code, etc.

As long as team SAFE Network focuses on having the ability to easily evolve and adapt then it can resist attack.


Is this resolved ? And 20 characters

Generalised answer: Basically Yes.

Read up on disjoint groups.


I think you really just avoided the questions and felt like you either don’t like the questions or don’t have answers. Vitalik is a well-respected crypto leader and Chief Scientist of Ethereum( the most successful crypto project to date) and its founder, he spent time learning about maidsafe and definitely know what he was talking about, it would be more convincing to take his question head-on, shouldn’t we encourage some healthy conversation, instead of sitting back in the closet and completely shut oneself off the larger crypto community.

Who has sat back or shut themselves off? He’s trying to build the basic network, when it exists in the wild it will be more interesting to the wider community.

You need to go read about disjoint groups as neo suggested above to warren.

How was he anything other than respectful and engaging?

Disjoint groups did turn out to be a lot of hard work and took many months.

/raised eyebrow


I don’t like the way he just tried to dodge the bullet, why not take the question head-one like a man instead of taking half an hour defending the dodging? If there was already disjoint group discussion, share the link or content, it is also helpful to bring about more discussion and shouldn’t we encourage more interaction with the larger community, instead of accusing " you guys know nothing about the issue, we already discussed". When an ex-employee questioned this project last year, all questions raised were also ignored and dodged. Maidsafe looks like an isolated island in the vast crypto ocean, I don’t think you could attract developer mindshare if always turn yourself inward and so disengaged.

This discussion with vitalik was well before there was a disjoint group solution. Kinda hard to refer him to that. Maidsafe got past it though, isn’t that the thing to focus on here? The mighty vitalik made some fair points, David et al did some amazing engineering and showed what was possible.

The ex employee you refer to was not ignored?! He made several long posts with different points, many of which were simply irrelevant because he did not understand how the network had changed from when he worked for maidsafe. His posts were picked apart and his technical arguments found wanting. Did you read the whole thread yourself? I suspect you haven’t or else you would not be bringing it up as a negative for maidsafe; it only reflected poorly on him. He was handled in a polite way considering the content if you ask me.

It just hasn’t launched yet. It will be a bit isolated until at least the MD APIs are sorted and app devs can really do stuff.

Eth was just an ignored $65M market cap shitcoin 2 years ago. Things change quickly, but they won’t change until after the network is further along. You can’t will it to happen sooner, we all just have to wait for nature to take its course here. IF it works it wins, if it fails it fails. There isn’t a lot of middle ground.


No the questions from Ben were not ignored they were challenged head on and it was Ben who was dodgy when anyone came up with answers. From any side there is bias. I’ve followed this project for about 3 years or so and try to be as technical and realistic as possible, though I’m a natural optimist I am also realistic. That said, Ben was then working at some new Blockchain startup so who’s to say he didn’t have some kind of reasoning to attack the legitimacy of this project and garner some attention for himself and that company?? Who knows for sure? All I do know is if this project spooks you then maybe don’t be involved in it.


ETH’s success is not just technical, they have a very open-minded, outward and cooperative and conversational development team, which is what are lacking in maidsafe. I invested both in maidsafe and Etheruem ICO back in 2014 and I think we do have a lot to learn from Ethereum in terms of execution, community engagement, ecosystem building and leadership. Maidsafe had a lead time of 9 years when it ICOed, but ETH is now 70x larger in terms of valuation with a live network and robust ecosystem.

With equal complexity(if not less) , maidsafe are still struggling to prove its non-vaporwareness. It’s really disappointing to see maidsafe dev team still so disengaged from the wider community and that’s part of reason of the stagnation and I do think David bears major responsibility for that.

Besides Ben, you also had the contractor Lee (vtnerd), who had some remarks, discussed in this thread. With 229 posts in the thread, it seems to me it is safe to say his questions and remarks weren’t ignored.


You may or may not be aware but we also were part of a crypto security / economy mailing list Vitalik and others set up to discuss deeper parts of consensus etc. Hours and days were spent there as well. Is there a specific question you feel was asked and not answered, if so perhaps I can help. If it’s group security then there are a few things we do such as node age, data chains, routing table recovery (for collapse). In design we look at other similar protocols for decentralised networks, like paxos, tangeroa (signed), PBFT, async PBFT and more. There is not much research in terms of papers but it’s for sure getting better. Nodes getting bribed is hard as they change ID’s and groups as they do, restart of a node means new name and less age etc. If X fail all at once, then we consider mass loss and how the network handles that (it’s via group merges) to shrink number of groups to match existing population. So loosing X from a group will force a merge to a larger group etc.

With any system though there is always a break point, this is where the consensus just gets way out of sync with requests and churn etc. These questions are continually asked in code and answered, so far. There is no one answer to “how does the network decide” or “how does it repair” that we know of that’s simple enough to put in a short description. Then the question needs to be how can it restart on mass failure, this is where data chains kicks in to validate previously stored data.

In terms of breakages etc. we see DHT’s combating this all the time, bittorrent DHT and others and now IPFS is charging ahead there, albeit focusing more on interoperability where we focus more on the security and data availability side. Both are rather complimentary in research terms and possibly in real terms, but we will see over time. We have not had enough chance to confirm how complimentary they are physically,

I have written a few blog posts, rfc’s, papers and patents all describing parts of the system, the community and maidsafe team can multiply that by factors. The reason there are so many of these is the size of the research area and the desire to launch but with a system that is understandable and based as much as possibly in simple rules.


You know you are replying to a 2 year old post do you??

Here you are…[quote=“Kingslanding, post:18, topic:3542”]
When an ex-employee questioned this project last year, all questions raised were also ignored and dodged.

are you sure??

Like this one?

or this one??

or this one???


Ethereum( the most successful crypto project to date)



Agreed, but what grates my carrot the most is when the Safe Network is herded into the crypto project barnyard.


Yes, it is not a crypto project as such. Just one little portion of it involves a new crypto coin. Like saying your car is a financial product because you need money to pay for fixing/fuel.


I think that crypto is a special case of the problem MaidSafe is solving, which is storing mutable files. Token ownership is just a special case of file access. You can either replace the content of the file (as with safecoin) or append to it (as with ever-growing histories).

Also I would say that Vitalik’s criticism here isn’t of the Maidsafe consensus algorithm, but rather of the section size in Kademlia. He wonders whether such a small number of computers can be enough to prevent double-spending when money is on the line. A few things need to be pointed out:

  1. The amount of value in transactions that can be reversed by double-spending is proportional to how many sections you can compromise. However, this by itself is not enough as a virus or sybil attack can cause a serious problem, that can lie in wait for a year and then destroy the network.

  2. The actual math shows that the probability approaches zero fairly quickly even with a small number of computers provided that only a small proportion is compromised

  3. The consensus algorithm matters a lot.

At the Intercoin project we developed innovations to be resilient to 33% malicious nodes, which you might want to take a look at over here. What’s interesting is that our consensus mechanism also got criticized by Ripple’s chief cryptographer on our forums, but he admitted at least that it actually works and did not point out any security problems with it. So it might be useful for MaidSAFE to adopt some of those ideas!


Essentially there are several innovations that I think MaidSAFE could adopt for safecoin:

  1. The Intercoin Consensus Process

  2. Multiple token denominations to get around the subdivision problem that safecoin has

By the way if anyone wants to chime in about any of these topics, you’re always welcome to pop over on our forum. We just started it recently and welcome any sort of discussion (pros and cons) and criticism same as I’ve been doing here.