What is needed to attack the consensus of the network?

There’s one thing I’m not too clear about. Proof-of-work blockchains are secured by hashing power, and an attacker needs 51% of the hashing power to compromise the network. Proof-of-stake blockchains, as I understand them, work similarly with coin holdings instead of hashing power.

But the SAFE Network is not a blockchain. As I understand it, it works through network voting, with each node having a “close group” it looks to in order to establish consensus, giving precedence to high age nodes with a history of reliable operation.

So what is the limit on an attacker’s power to compromise this consensus? Is it just the number of nodes and the age thereof?


One thing crypto focussed on and bitcoin started with amazing results is POW and that has been called consensus and a fix to the byzantine general’s problem.

Reality though is different. The consensus is more like having enough power to increase the probability of solving a problem (POW). It’s probability though, which is nice but misunderstood. So > 50% power means more than 50% chance of calculating the next block. Probably! Also the byzantine generals problem is not solved by publically sharing the message to everyone :wink:

Then the block is propagated to all nodes in a loose manner. As nodes get the block they do a quick check on it’s validity (easy check) and add that block as the next one. During this time there may be another winner, so that is added. We have a fork.

Nodes decide which tip of tree to believe and when the next winner happens it’s previous block is the new branch. This is a form of partial order, similar to many CRDT patterns.

This keeps happening until one of the branches gets to a length of 7 after the “fork” and the longest chain is the winner. (this is the 6 commitment measurement). So we deterministically “fix” the fork and select the longest chain.

This is termed consensus in some circles, but is it?

Consensus in other teams is a strict total order and this is where PARSEC was, strict consensus or strict total order. In short it stinks IMO :wink: In this scheme, no new blocks can form in a fork, but instead, there has to be total agreement (>2/3) to create the next block.

So in many ways bitcoin can be seen as a CRDT type with deterministic fork resolution, whereas consensus in paxos/parsec etc. means no forks, so no partial order.

So diving down we see many get confused, but if we consider consensus is total order then bitcoin to blockchains are not that, they are partially ordered fork resolving structures. i.e. the network does not attempt to have >2/3 nodes agree on the next block to keep going. Instead, it moves the probability of 6 forks to almost infeasible and uses partial order, therefor the 50% claim (many state btc attack may be 25% if selfish mining is allowed https://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf )

So if we consider consensus as not total order but any order that can resolve forks (so even partial order) then the Safe network has a similar consensus to bitcoin. Both partial order CRDT like protocols, but with different Sybil defence.

If you search here for node age you will find loads of info on that, but essentially there are many networks, each with agreement between the eldest nodes (Elders) and to become an elder requires time money and good behaviour.

Then we look at beating consensus, is it 51% for btc (well kinda, but not really) or is it >1/3 Elders for Safe? The latter is the case, but > 1/3 Elders which is likely less than 7% of all nodes? So from that angle we can say you need to have nodes in the top 7 percentile, but you need >2/3 of those nodes to get agreement or >1/3 to stall that section.

Or folks may sell their node (if they can) like a miner can sell his mine? that is perhaps easier but equally as problematic, although folk think it’s easy and farmers will sell farms like miners don’t sell mines.

This rabbit hole goes pretty deep and the economic protection blockchains have is important and confuses the maths. So the % attack becomes much more problematic and deep than the headline figure of % hashpower or % nodes etc.

For Safe we need to produce some more maths on this, but again search here for node age
simulations and you will find those results and links to a simulation repository that looks at node numbers as one attack.


Thank you. I’m not sure I was able to follow all of that, but I think I get the gist.

My only concern is that node count seems to be a factor. Not THE factor, but a factor. If legitimate users have no incentive to run multiple nodes, that will be something that’s relatively easy for an attacker to overcome.

1 Like

It’s all relative, even POW or just creating an ID/Key. We modelled this in a single section with 7 Elders and >60 Adults with churn every 5mins (IIRC) and the time taken to get enough nodes to Elder to stall the section (i.e. 2/3 or 3 nodes) was measured in centuries. With 100 Adults we never got the final values for such an attack as it was longer than millenia.

This is why I think the “easy” part of your assumption is wrong.

Now deeper thinking and more realistic thinking.

If we say node count is a factor and it is and then we prove via some math that this factor is so small that such an attack is infeasible if the attacker does what we measured, i.e. start loads of nodes and wait. Then we all feel cosy, but, this is where these projects fall on their face. The real attack will be the one we did not measure, i.e. a quantum computer, code error, we intro smart contract types and so on. In these areas and millions more, there will be attacks.

tl;dr the num nodes attack we don’t see as a threat if we have over 60 Adults per section and node age is working well. Also if threat detection and dysfunctional detection works well too. However, even given that fix for the apparently obvious easy attack, we don’t see us as totally covered and never will. Our approach is to get it all working and reduce complexity over time, making the code readable and easy to dive into. Then we will be more comfortable, but that will be years after launch. Then we keep on going … :smiley: