Security of PARSEC outside of SAFE integration

If I understand you correctly, you see 2 cases: sabotaging the network or controlling the network.
Sabotaging the network will hopefully/probably difficult enough and I also think controlling the network is as good as impossible.
Controlling the network seems to be more interesting for the NSA, but should they succeed with this: in the end this will be discovered anyway. So if I was the NSA: why not go for the sabotaging from the start.

Was talking to some one the other day and mention that if the early network is sabotaged then we would really have to restart. I’d expect that threat would be in the first month or two of the release candidate network which would still be testsafecoin. So only data is potentially lost. If people are aware that the release candidate network could need restarting then it should be ok to do so.

Now if that were to happen I’d expect that the restart will be done with a lot more nodes initially so that the attack is much harder. So if the 1st time is with 5000 nodes by maidsafe and say 5000 nodes by the community then the 2nd time would be like 20000 nodes by maidsafe and the community encouraged to be double or more what they supplied before.

Now if that was also sabotaged I’d say the 3rd attempt would be a private start with even more nodes by Maidsafe and trusted people invited to join and as more and more join then hopefully it would be 50,000 node strong before opening it up. If it were to happen again then rinse and repeat till the network is too large and let it grow from there.

BUT BUT BUT I doubt this will happen and I sincerely doubt the NSA could give a shit about some tinpot company in Scotland starting a YARN claiming it will be a secure network. I’d say that because the network will be so spread out across the world and so insignificant in numbers&space for 6 months that the NSA or any government will even know that it started till quite a time after 6 months. And it will be 100’s of thousands of nodes and still insignificant as far as the governments are concerned. (Smaller than bittorrent still)

YARN - Yet another ruddy network (or yet another ridiculous network)

I’m not arguing, nevertheless I’m interested in the ‘sabotage’ statistics (ignoring node ageing etc.).
For instance: am I correct that a certain vault can only be member of 1 section? If that is the case and you increase the section size, it is more difficult to become an elder, but the total number of sections in the network will also decrease. So if you do become elder, then you have a bigger percentage of the total number of sections…

As far as I know

I gather so. Seems logical to me.

Yep, well actually becoming an eldest doesn’t give you power unless there are other elders also control by you.

Yea I know were not arguing, I just used it to expand the discussion and give my view of what might happen.

I am sure that the alphas will be testing this very situation and from that we might see the splitting happen earlier or later depending on what comes out of the tests.

Correction:

So if you do become elder have >= 1/3 of the elders to sabotage, then you have a bigger percentage of the total number of sections…

This is a great point. We are living in a bubble right now here on the forum. An exciting and enlightened bubble indeed!

We all know now that through PARSEC the SAFE Network is going to be built soon. I have no doubt. But the recent announcement of PARSEC can be compared to the earthquake no one, except a few nutty scientists, sees under the ocean.

What follows is the tsunami!

Yet for those on shore, just before the giant wave hits the beach at a blinding speed, the day seems calm and sunny and relaxing.

Thus, out of nowhere, suddenly everything changes.

The great thing, in my opinion, is the fact that MIADSAFE is so far under the radar, that no one is going to see it coming, until it is too late. The network will crush everything in it’s path, and then the sun will come out, and life will begin a new.

It’s going to be a brave new world; and yet we did our duty, and endeavoured to warn those lazy poops on the beach; but they had thier heads in the sand, searching for lost bits of BTC. Cheers!

All great discussion so far but it seems largely to fit under the one on security points of SAFE re PARSEC (which I’m not trying to discourage), but it is really boiling down to whether SAFE close group consensus model can be bootstrapped and maintained.

But just for grins I’m going to try to pull it back to the OP for this topic a bit, to try to peel the pieces apart.

It has finally sorted for me that it is most appropriate to say that “SAFE uses PARSEC as a mechanism to arrive at close-group consensus.” Its mathematically-demonstrable level of BFT is up to 1/3+1 bad actors. I’m not sure what other consensus algorithms have a mathematically-proven ratio like this. We’re used to talking about 51% attack, etc., but I’m now seeing that that is not at all the same.

Someone correct me if I’m wrong, but the 1/3+1 is the level needed to disrupt consensus. It would take more like 2/3rds to do more proactive stuff like change data without cryptographic keys, etc.

In general PARSEC is a better means of sharing data in a way that makes it faster and more efficient to arrive at that agreement as to ordering of transactions, plus it’s open-source (that’s a huge part of the package).

My original intent of the OP was to understand how PARSEC may be useful to other projects. What I’m starting to understand is that perhaps we should discuss the level of proof that any other consensus algorithm operates within.

Additionally, I think we need to distinguish between a consensus algorithm (e.g., PARSEC) and a consensus mechanism (e.g., close-group with proof of resource). For instance, Bitcoin uses proof of work as its consensus mechanism. Does it even have something we could call a consensus algorithm? I really don’t know, but peeling these things apart seems to help it all make better sense to me.

Is the distinction between a consensus mechanism and a consensus algorithm a useful differentiation?

[I’m going to have to be away from the computer for a few hours, so have fun!!]

A suggestion for a future publication:

SAFE PARSEC: Security, Sybil, and Autonomy.

It wouldn’t cross my mind that the NSA would have the slightest interest in attacking the SAFE network, at least until it was far too big to be attacked.

OTOH competing projects in this space would most likely have an interest in disrupting things, and some of them have considerably more economic resources available to them (FiIecoin anyone?), so that could be a problem. Also, if any exchange allows shorting of safecoin then the threat could come from anyone with enough economic resources, since the profit from a successful attack could vastly outweigh its cost.

Until we can calculate the approximate total economic cost to nurture a node to the elder stage then there’s no point in thinking much about it. IMO the key will be to find the right balance between high-cost of attack, and keeping it accessible to the hobbyist SAFE enthusiast to run an elder (decentralisation).

Surely SAFE has enough honest members in its community, so that keeping the elder barrier low enough for them will harness a greater proportion of economic investment in the honest side?

The alternative is to keep it centralised (i.e. Maidsafe elders only) until the network grows enough to safely expand it to non-Maidsafe elders. This is similar to what other networks are already doing (the centralised bootstrap strategy).

@fergish I know you were trying to bring this thread back to OP topic, sorry.

So PARSEC is not so much a security model but rather a way to reach consensus in a mathematical proven way.

What I can gather is that other consensus systems are slower and not 100% proven. So I gather there maybe edge cases in them where consensus is unreachable at times due to the conditions at the time. EG a communications glitch and not enough nodes receive or successfully sent responses in order for consensus to be reached. Or that there might be edge cases where just one or 2 bad nodes (5 or 10%) could disrupt or swap the consensus reached. Or at least this cannot be proven to never happen. Thus PARSEC with its mathematical proven system the implementer can be certain that as long as they can keep the bad nodes under 33% then consensus will be valid

So now the other projects need ways to secure their consensus units preventing that 33%+1 of bad actors. Some use proof of stake, maybe centralised nodes for 67% or whatever. Thus the effectiveness of the security will affect the effectiveness of PARSEC in their system.

In effect PARSEC gives security of accurate consensus but does not give security of keeping bad actors out. It may help identify them if they act bad before gaining 34% but other parts of the system are needed to remove them or prevent them in the first place.

And we must always be mindful that the 33% figure also includes adverse internet conditions where packets can be lost, delayed and that links can go down. So to disrupt a section may not require 34% bad actors because some good actors maybe very temporarily silenced. Of course in these cases it is a temporary condition but PARSEC mathematically proves that if the bad-actors + temporary silenced/affected nodes is less than 34% then all is good.

Thanks, @neo. That is a good summation and addresses the most blurry aspect of the OP. I’m going to seek further input, but this clarifies A LOT.

@pierrechevalier83, after reading the whitepaper (and I need to read it again) one thing that seemed to stand out is that N/3 (thus 2N/3 as well) seem to be selected by yourselves and not determined by the maths. I gather it was chosen so as the algorithm can work efficiently. But from my initial reading/glancing is that you could have chosen 0.4*N (thus 0.6*N) and it would have most likely worked. But maybe not as efficiently.

OR was there a requirement that it was N/3 ???

The N/3 figure comes from the fact that we reduce the byzantine consensus problem to signature free binay byzantine consensus.

It was proved that there is no signature free consensus agreement that works in the presence of >= N/3 byzantine node:
Reaching agreement in the presence of faults.
M. PEASE, R, SHOSTAK, A N D L. LAMPORT

That’s what I asked myself from the beginning.
If, inside a section, all members have the signatures of all the participants, why not use signatures that would mean reaching consensus even with n/2-1 byzantine nodes?

PARSEC is a protocol that is

• resilient to N/3 - 1 Byzantine nodes
• highly Asynchronous (there is a single weak synchrony assumption that’s made for the concrete coin. We don’t think it’s impossible to remove this assumption. We just don’t have a fully asynchronous idea yet and the assumption is so weak that the difference with full asynchrony is mostly theoretical and not practical)
• consensus can be reached with O(N*log(N)) communications
• consensus can be reached in O(log(N)) gossip events seen by each node
• simple: there is no need for complex schemes such as signature sharing
• open: we are developing it in the open for every project that is interested

It’s quite unique in having all of these properties, each of which is near optimal.

Now, in theory, there may be a protocol that is resilient to N/2 - 1 nodes and keeps the other properties, but in practice, no-one ever described a solution that’s even near.

If anyone can find such a solution, and they also decide to develop it in the open, we will be the first team to jump ships

I disagree that the NSA will not take interest in maidsafe. Bill Binney described that they rejected to use very efficient programs to defend the country, and instead, they chose inefficient programs to go on the offensive and collect all the data in the world. They can’t act on that data in a meaningful way to help most people, so they help themselves and a few oligarchs. Maidsafe will seriously damage their “business” model, and I would be surprised if there are not already people in the NSA working diligently to subvert or defeat maidsafe somehow.

If they can even understand it without it seeming like 20-some pipe dreams all built on top of each other amid 200 weird-ass ‘other crypto projects’. You know it’s bad when the average FUDer actually helps us detract attention in the long run until it’s too late for them and just right for everyone else.