You wont hear a solution from this guy, he has no talent in the solution department. His skills lay in the muddywaters department. The solution is coming from Maidsafe and this dude should be ignored.
Lets get this project done, way too much energy being spent trying to defend against guys like him. There will be more, and after that more, and more after that. The complexities of this project make it way too easy to refute any defensive from Maidsafe.
I welcome his critism as it confirms the project is currently on the right path, i think he just done it in the wrong place, he is obviously very knowledgeable but the code has changed alot since he was working for maidsafe.
I would like to see less passive-aggressive responses in this topic.
Iām finding the discussion quite informative. Essentially vtnerd if I understand you correctly youāre simply wondering how the network handles the classic āsplit-brainā problem.
My comments were not passive. I made no attempt to dampen my statement. This man is a professional and should by now know how to engage in a straight forward productive technical correspondence. His approach is the reason weāve gotten to over 120 post with no clear resolution.
Here we are so close to launch and instead of things flowing, these people keep throwing in dams to hamper the fluidity of development. This discussion takes up significant resources. It annoys me to no end when these guesstimators enter the room, throw around inflammatory claims of infeasibility then expect concrete answers when they donāt extend themselves enough to do a little research. Itās arrogant and disrespectful.
If youāre curious ask questions. If youāre properly educated on the matter point out flaws and or make suggestions. This man stands between the two extremes with little apparent desire to move towards the latter. Heās either lazy or foolish. Again not passive. I make no apologies for being aggressive.
The impression I get is that you assume the writes will have to āworkā.
Actually if you write to different addresses then there should be no issue.
If you have multiple machines writing to the same address and the group members get the requests out of order (normal) then none (or one) of the requests will succeed and the failed requesters will be sent an error message. If the group gets enough members (eg 28 if group size is 32) to agree on one request then that request will succeed and the others will be returned a error because 4 out of 32 cannot constitute agreement.
So then it is upto the requesters to perform normal error handling.
But, as Andreas Flacker say, this is a rare case and, in distributed computer, always can find more and more rare cases. In the end, the Godzilla Attack become the most likely.
About the possibility of a division of the network I ask myself two questions:
In the nearly seven years of the bitcoin, ever its network was divided?
if not, as I think, what real possibilities are, almost in 2017 with better communications, this division happens in a much more robust network as SAFE?
Yes, several times. This includes one time where a bug resulted in a ābadā chain becoming dominant before being abandoned by miners.
IIRC, splits actually happen periodically, where the heads of the block chain disagree for a period of time. I am not an expert in this, but it is wrong to think it never occurs.
Is different a fork of a chain that a network division. In a fork the miners choose a different leader to write the block and we have two, o more, possible lasts blocks. In a divided network we have two blockchains, two different group of miners, two different group of nodes and each group is unable to communicate with the other.
Please donāt do unfounded hype. It is as bad as unfounded criticism. Launch is not āso closeā by any definition of language. Beta launch can be seen as āso closeā if everything goes well.
I am not sure there is a material difference in resolution (choose longest chain) either way, but point taken.
However, unless a fork is due to a bug or a malicious attack, transaction propagation errors (e.g. Net split) must surely be the cause. If a transaction reaches half of the network, but not the whole network, then the blockchain heads are going to be different.
Regardless, I agree that it isnāt a critical problem for Bitcoin so far. Moreover, choosing one full chain over another, rather than at the finer grained by group basis, safenet should actually be better equipped to handle this.
You can currently fake a group running a network with the current implementation, which I mentioned on Metzdowd. David seemed to imply that I misunderstood this, and so I asked where in the code the messages were being authenticated as being from the group. Currently the accumulator is just counting messages. Based on the status updates, I believed this to be an area of development.
Whether the attacker can influence the decision depends on the implementation. If the implementation is simply the group with total closest XOR distance, an attacker could pre-compute keys to be closer. Preventing that would mean ensuring that everyone joined the network with a value provided by the network in a way where no collusion took place. I do not believe this problem to be adequately solved in theory yet (this was also mentioned on Metzdowd). It can be a little difficult to know for certain without seeing an implementation or a very clear description of the algorithms taking place.
This is an interesting thought, but it would alter the logarithmic lookup for the DHT. Digging into TOR hidden services some more could prove useful too. IMO, protecting the IP of some resource in a network intended to deliver quickest delivery is ultimately just going to be scary.
How can you āmergeā ownership of a single coin owned by two people?
Yes, blockchains do have this issue. There is no reason to suggest that SAFE requires computing resources to fake a network, at least not IMO.
I do not think there is an easy fix. I have thought about this.
I have read a decent portion of the code. I asked for code when I knew it was highly unlikely to exist.
I think the most recent commit clears up when I was talking about.
This has a different data race, but still one nonetheless.
You both are correct. When a new block is āminedā, it has to announce it to the entire network. Another miner could find a block roughly at the same time. This is a classic data race - the block announcements are not sent through an atomic broadcast. Each node will āseeā a block first based on the network latencies between the two miners. The ~10 minute interval increases the chances that every node on the network sees the same next block. I think the prior cases were of this sort, but I would have to re-read the specifics.
The network could also be partitioned to create multiple valid versions. I cannot recall this happening, it is rare. If it happened, then the some data center probably went offline for some time period, but the likelihood of someone find the next block in such a window was unlikely. And if it did, only a small number of people would know about it. The adversarial case gets a little hairy (attacker āownsā an ISP router, partitioning it, etc.). I am not sure if anyone tried this before, but they would have to mine another block. And the drop in hashrate would be noticeable (tripwire).
Ok, this is interesting. I would be interested to hear what @dirvine has to say about this.
If it is trivial to create a group, why would there be so much emphasis on preventing malicious nodes from joining a group? I understand that when you attempt to join he network, there is a neotiation that occurs, which places you into a different group (that you cannot choose). This is to prevent attackers from targeting groups which are know to contain specific data.
Naturally, I assume this effort would be relatively worthless if an attacker can just create a group and do with it as they please. In fact I would assume that new groups could only be created by splitting other groups which are considered too large, to form two separate groups. The same process of registering a node on the network could then be reused.
You canāt - you have to choose one owner or the other. Whatever is used to measure whichever the ābestā group is would influence this decision.
For blockchains, the longest chain wins. With safenet, i am not sure what metric is currently used. Maybe the longest data chain would provide a similar decision making mechanism?
Well, this is rather key and relates to my first answer. My understanding is that you cannot fake a group easily, but I admit that I do not understand the specifics of how. I am assuming that is a gap in my knowledge though, considering the efforts made to prevent unauthorised entry into existing groups.
@dirvine, is there something we can see to help the understanding of he new groups are formed and how the network prevents fake groups from being created?
Just wanted to clarify, that this patch gets a little crazy with nodes popping in out of a group. The expected vote count can vary from machine to machine. Placing machines under load (DDoS) can affect some of this behavior. I am going to guess that people are considering this attack out-of-scope, etc. Which is fine. The behavior in all cases will take some time to work through, which is the concern.
The problem is verifying that its the correct group. Prior suggestions were to ensure that the network chose where a node was placed on the network. That would work, except for the case where someone joins and then forges valid messages from a group that isnāt on the network. I have not seen a way for a node to rule out that possibility when receiving messages. Its just really, strange.
To prevent a fake group attach means not even create a group, fake one on network hops and claim itās a group. Disjoint groups RFC is your best bet. There are a lot of things to prevent though, fake groups is a huge one and covers a huge area really. In any case we do cover it, but a lot of info.
To disallow the off line address attack then secure name shows the process as now (it is also documented and set in diagrams in routing repository docs)
Of course data chains is a really big help as well. There is a repo and blog posts.
The sentinel part of the language of the network blog post also helps.
Also for routing table which is in the routing repo now 0.23 branch.
Also some RFCās covering beyond joining faking etc.
The part we are working on is targeting (i.e. restart continually) words are chosen carefully in these above posts though I think for other purposes. We are saying in all the tests, we have not yet secured the groups and turned down parts etc. as we are testing different things so āper current implementationā can be really misleading. So attack is on design then test code etc. This is all messy and misleading. Outlining how this all works then critiquing it would be helpful instead of backwards,
Now I am again not working but answering huge questions a difficult balance. Perhaps this is the goal of such statements in the OP? I take some comfort in the rest of the team are not stopped working like this or we would be going backwards. Not a dig at you @Traktion questions are great, but we do need to get better ways of getting through them all or some way to index all the papers docs etc. in an easy to find knowledge base.
There is also a paper on vault security in the WWWF and I think on the IEEE as well (not 100% sure its on security though). I am sure a lot more but the search for this perfect answering machine seems to continue
I have asked specifically for you to describe the process here and show us the security issues you state we have. It would be helpful as now it seems to be all about partitions and bitcoin. There is too much movement here to even attempt to get a grasp of the issues you are stating exist in the process I have asked about.
Have a look at this one. Even if you could fake a group, your group canāt do that much harm. The node you are misleading canāt really do a thing on the network as itās not the real network. And you canāt get itās private keys or log in details or coins. Whatās the purpose of faking someone in a fake network anyway? And explain to me how your fake group could fool Sentinel.
Getting into a disjoint group is a proof-of-work problem, with an easy difficulty. You try hash keys until you get a matching prefix. People generating vanity address for bitcoin are doing something similar already. If you notice, they have some pretty long prefixes. I have personally found a 40-bit public-key prefix for the secpk1 curve on a newish-i3. Took less than 36 hours I think, nothing too crazy. Adding a hash to the step will slow down the guessrate some, but not significantly. You could introduce scrypt or something to slow it down more, but I would advise against that because its still an advantage to someone with more CPU power. You could also increase the prefix length of the disjoint groups, but then you risk having empty groups. Even 2^32 is a pretty large number.
In fact, this is something else strange I have noticed. When the network decides to split a group, there does exist some probability that the group is empty. Seems like that would have to be coordinated or figured out.
Anyway, after generating my prefixes I either join the group legitimately (assuming the network is not enforcing anything else), or I join the network and start sending fake messages as-if I am the disjoint group. More specifically, if I am the proxy-node for a client I send spoofed responses from the non-existent group and never forward the request message.
Maybe define this assertion as well, Why would an empty group split (or even exist)? If itās empty itās not a group. If you have seen a bug int he current commits to the 0.23 branch it would be good to know.
I will link this once more. It would be really helpful if you explain the process and point out the issues.