Protocol for Asynchronous, Reliable, Secure and Efficient Consensus [pdf](docs.maidsafe.net) |
Protocol for Asynchronous, Reliable, Secure and Efficient Consensus [pdf](docs.maidsafe.net) |
It will be interesting to see what other networks besides SAFE adopt this consensus mechanism.
As I understood, after quick scan of the paper, consensus is achieved by simple majority vote.
So if I setup 10,000 docker containers running malicious nodes, I could take over the network and forge any blocks I want.
What I am missing?
There are many consensus algorithms that are not POW and they work perfectly fine, we cite some in the paper. Many require trusted nodes etc. and that is not so great, however, the work in this field of distributed consensus is increasingly popular. If you duckduckgo for BFT or PBFT algorithms and derivations you will find plenty. This one is very asynchronous and requires no trusted setup phase or threshold signature mechanism, making it an attractive choice.
In its plain form, as described then if you managed to get over 1/3 nodes on the network you could defeat consensus. Its use in SAFE is for valid voting nodes and then you would a much larger proportion than 1/3 of the network. Not only that, but they would have to be online and well behaved for longer than the existing network nodes. It is then much more expensive than a 1/3 attack.
Hope that helps.
Still need to dig deeper into it, and would love to hear other peoples' evaluations, but at a first glance, PARSEC could actually be a serious player in the DLT game.
So proof-of-work is inherently resistant to sybil attacks while PARSEC on its own isn’t, so to tell the story properly the random but deterministic relocating of nodes needs to be included.
If smarter people than me can mathematically verify the PARSEC algorithm as valid, it may lead the way for a radical change to the way information is propagated, secured and validated.
In the case of SAFE, you can generate as many nodes as you want, but they must be valid nodes (doing the work that the network asks of them) for a long time before being promoted to a status that allows them to participate in consensus of a section. Any misbehavior on their part results in demotion or failure to be promoted. So each node would need to be a legitimate contributor to the network, with all that that entails, before being promoted to a status where their later misbehavior would matter. You would be creating real nodes, that used real bandwidth and real CPU resources and did real work that benefits the network, in order to infiltrate your evil nodes into the network. So, not an insubstantial cost to you.
Your nodes will be assigned into sections randomly, so it will be very difficult for you to manage to get multiple nodes with voting status, into a single section, and staggeringly difficult to get enough such that your nodes constitute 1/3rd of that section. Of course, exactly how difficult depends on network size (number of sections).
Finally, even once a node is assigned into a particular section, it will be reassigned to another random section at some interval, further decreasing your ability to take over a particular section.
Doesn't that on the flipside also mean that given enough time your malicious nodes will end up in the same section, allowing for a take over of that section?
This is not too dissimilar to what happens with CPU-only PoW consensus networks. Easy to attack in the beginning but less so as the network grows.
It will be interesting to see how the SAFE network will be bootstrapped. I'm sure there will be a significant number of malicious players waiting in line to disrupt it early on.
If it works, and I believe it can, IMHO this network will be one of the most important developments in decentralised systems in the past decade.
Since all nodes change sections randomly, like air molecules, they should remain randomly distributed, provided the network size is large enough. For a small network though, one can imagine you could get lucky eventually. Like other decentralized networks, security and size are related.