I thought 99% fault tolerance meant 1% of honest actors can defeat 99% dishonest actors. Even if you’re unlucky enough to find yourself surrounded by 99 crooks and just a single honest one, you would still be okay.
1 Like
This is quite aligned with what I was saying, maybe you didn’t read (or wanted to reiterate).
It’s the same question as for so many other parts:
An infant network will be vulnerable like … an infant.
It is pertinent to ask what kind of support wheels the network should have in the beginning.
Some purists frown and shudder at the thought that it wouldn’t be 100% decentralised and autonomous from node one, but hey, it’s a quite “natural” thing that an infant needs protection(which can later be shed as it grows), and only using allegories and references to elders and nature and ants when it is convenient would make that concept seem a bit hollow.
(Actually, that’s a reason why I think it is a little bit problematic with the biology-light often referenced, because only a very few similarities are chosen, and it’s hard to do more than that, so it will always just be a few phenomenons that happen to be alike, while the larger picture can be quite different. Many more exist, which are brutal, cruel and quite the opposite to what the goal of the network is. But that’s very much a side note).
4 Likes
This is the post by Vitalik that prompted the ‘99%’ headlines:
“In the case where one node is honest, can we guarantee that passive observers (ie. non-consensus-participating nodes that care about knowing the outcome) can also see the outcome”?
Yeah an infant needs protection agreed, but I also think the network needs protection from economies of scale going forward. Otherwise, all of our data could end up in 8 data centres around the world. To avoid this, once a geo partition gets big enough, it can divide like mitosis. Promoting decentralisation of a geo section further. (The geo-sections chunks will be spread 50/50 between these new sections)
This way the cost to run a single global safe farm gets increasing more expensive as those resources are required to be further distributed to earn the same amount of safecoin. Improving protection against sybil attacks while increasing robustness of data redunduncy, making early farmers be rewarded for distributing their farms across the world i.e biggest rewards will be places with no coverage because you’ll earn more safecoin. While spinning up extra AWS EC2 nodes won’t earn you much reward because the network already has plenty of them.
I would happily help contribute this feature to the safenetwork if core developers where happy enough with the idea and would like to collaborate in producing a design specification.
I think the point is, if 51% (the majority) of people think something should happen, then the other 49% are arguably the crooks. Taken to 99% and 1% respectively, then even more so. It becomes a question of ethics, the further you get towards a minority dictating what is right and honest.
The situation I described is about the case when the crooks have a local majority. Most of the network would still disagree with them, but poor me doesn’t know about that because I’m surrounded by bad actors.
Those bad actors could be new releases changing core network functionality. The point is, what resolves to a good or bad actor largely reflects majority opinion. Suggesting that we can have 1% of honest nodes defining behaviour seem a rather undemocratic in this light and may not even be desirable.
1 Like
You walk into a shady bar. A group of good-for-nothing thugs surround you and demand your wallet. They have an absolute majority at that place. Should we question they are in the wrong and, though in the minority, at least locally, the one dude who stands up for you is what we’d call an honest actor?
I don’t think it’s such a difficult concept. We can have unfortunate situations when we find ourselves at a place where most people are trying to mislead us. It’s real good if we have a mechanism to help us recognize such cases.
I’ll repeat, because it seems to have got lost on you twice already. It’s not that we should support the minority view, but that we should see when the local majority is not aligned with the global majority. It’s about the times when the majority opinion, that you hold in such high regard, and rightly so, needs protection from a directed organized attack.
See taxes vs theft, wolves and lambs deciding who is for lunch, etc. There are plenty of times where majority dictates what is defined as right or wrong.
While I am not a huge fan of statism, then right of the majority to over turn a tyrannical minority is perfectly healthy.
Wind your neck in! The local decision is what counts. The clue is in the name - distributed autonomous network.
There is no concept of global consensus, just an emergent consensus which grows out from local consensus. This isn’t a blockchain and the local decisions are final.
Now, you can add more centralisation, watchers/observers/adjudicators etc, but all these steps start to strip consensus groups of their independence. These will add latency and work against the core philosophy of the network.
6 Likes
I see what you mean. If I get it right, the situation I described should never be able to happen on the Safe Network because of how it’s designed (something which I, ironically, argued for on another thread against @neo) and that means we’re already covered.
2 Likes
This makes me wonder (there are a few assumptions because maybe I’m not sure how everything in this network works) what happens in the following secenario. If a chunk has been distributed to 1 good actor and 7 bad actors. The 7 bad actors can’t make the good guy delete or mutate the chunk because that request signature hasn’t been made by the client. Therefore, would when the client requests the chunk, they would get 7 bad replies and finally 1 good reply they agree is there data. Does the network now punish the bad actors and redistribute the data? Because the client is boss and has made an accusation 7 nodes are bad?
Not enough info on the makeup of the section to sure. Let me describe something that might answer you
7 bad actors. How many are Elders? How many other Elders? Remember Adults and maybe children will be running vaults and only Elders get to decide what happens with consensus and data retrieval.
- When a chunk is requested the section decides which vault sends the chunk.
- The chunk being served up by the vaults must have their hash match what the hash should be. Immutable data is stored using the Hash as the XOR address, so thats easy.
- Now if there are 7 bad actors and 3 are Elders and there are 20 good elders then the bad actors will have to act good or be discovered and punished somehow.
- Now if there are 7 bad actors and all Elders and there are 13 good Elders then the bad actors can only disrupt section operations. But in any case the client code can tell if the chunk is received correctly by the hash. So no the bad actors still cannot force bad data onto the user.
- Now if there are 7 bad actors and all Elders and only 3 good elders then the bad actors can do as they please and destroy data. But the client will still know if the chunk received is good or bad because the hash still has to match
Disclaimer: I am unsure about data integrity of MDs in the above scenarios
4 Likes
Just a quick reminder, MD’s are signed by the client, so worst that can happen is
- It is not provided
- An “old” copy is provided.
So if a client knows the version, the second instance is not an issue as it would be ignored. The first problem is also able to be penalised if the client or neighbors (who will have) can access the data chain showing the data should be there. Its a bit deeper, but 10,000-mile view is this.
5 Likes
Interesting find. Thought I would share it here for @pierrechevalier83 @bart @qi_ma @anon86652309 @ustulation and anyone else knee deep in PARSEC. Sybil Attacking Byzantine Faults – Complicated Stuff Made Complicateder
11 Likes
Thanks @nigel. This looks like a good read. @jonhaggblad and @adam may also find it interesting as they’re also knee deep in PARSEC 
6 Likes
It’s funny because the author talks about using an anonymity network like TOR but he really should be made aware of SAFE. Hope it sparks some creative thinking at least. Cheers
9 Likes