Author Topic: A good map for showing delegate distribution with different numbers  (Read 3358 times)

0 Members and 1 Guest are viewing this topic.

Offline monsterer

We have minimized profit potential because witnesses cannot steal funds, change history, and have a 100% probability of getting caught.   We have minimized "destructive attacks" by being able to recover quickly (faster than the average bank holiday).

A single block producing node can double spend continuously for 24 hours before getting caught.

edit: But since this discussion is centered on the number of witnesses, not what each one can do - the primary reasoning has to be centered around the likelihood of collusion among the block producers (which is unrecoverable in the worst case) and political vulnerability, IMO.
« Last Edit: September 24, 2015, 04:37:55 pm by monsterer »
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline bytemaster

Since the code cant change because all nodes are running same code, a tx withholding attack would require 51% of delegates.

Voting out other delegates would require a large percentage aswell of the marketcap.

A price feed attack is possible to have a few delegates and send bad data to the chain (but i think this is mitigated by averaging all feed prices submitted and only accepting feed prices within a band?) however this would be expensive to do and you always run the risk of loipsing your access to delegate position before you are successful.

Price feed attack is also MINIMIZED by having a force-settlement delay and daily limit on forced settlement.   It uses the MEDIAN price feed so 49% can be completely off and it wouldn't matter.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline bytemaster

If all nodes are on ONE server that means there are NO users.    Every user can run a full node and there is no limit to the number of full nodes. 

Please realize that running a full node even without producing blocks still provides security by creating a PUBLIC record that is disseminated widely in real time.   Once that record exists in enough places that it can not be easily erased it becomes irreversible.

Web wallet?

The only 'permanent' record is generated by those in charge of producing blocks. Nodes can only choose from a selection of histories, but never produce history on their own.

edit: really no idea why I'm telling you this, as you are clearly aware of it

There are two roles:   EXTENDING HISTORY and SECURING PAST HISTORY

Securing past history only requires a RECORDING device operated by as many people as possible.
Securing the extension history is mostly focused around CENSORSHIP prevention

All full nodes behave as recording devices with VERY SMALL windows for reversal in the event of a missed block and can be very decentralized.    Every hosting wallet provider, every exchange, every gateway, every large merchant, and every paranoid user participates at this level and there are no artificial limits.   There is no need to pay for full nodes because those who have them are the only ones who need them for their business.

All witness nodes serve as history extension role and the primary goal is to ensure that block production continues without censorship of transactions or disruption.   There are two different factors here:

1. Software / Hardware Redundancy  -  https://en.wikipedia.org/wiki/Redundancy_(engineering)
2. Human Redundancy
3. Political Redundancy

From a purely hardware/software point of view each witness should be have multiple nodes on the network in different locations and a watchdog that will switch between them if one fails.   A single "witness" running nodes in 3 data centers around the world would likely provide  all of the hardware/software redundancy the system needs.   

So now we are talking about Human Redundancy / Political Redundancy.    This gets into the probability that an INDIVIDUAL witness will become corrupt or coerced.  Lets start assigning some real estimates on these numbers.

Things that impact the probability of being corrupted/attacked:

1. Profit Potential
2. Likelihood of Getting Caught
3. Ability to Recover

We have minimized profit potential because witnesses cannot steal funds, change history, and have a 100% probability of getting caught.   We have minimized "destructive attacks" by being able to recover quickly (faster than the average bank holiday).

The point of all of this is that there is no point on increasing costs to maximize one aspect of security when it is already well beyond the weakest link.

In our case, the weakest link is IP packet filtering, domain seizing, etc.     

That said, our witness system actually has an opportunity to be secure against that because witnesses can form a "DARKNET" that is very reliable and then the government can play "wack-a-mole" with all of the gateways that popup for light wallets to connect to.

At the end of the day we need to look at the big picture and develop systems that can operate in the LIGHT OF DAY without any realistic threat that they will be shutdown by government, not because the government couldn't but because the government doesn't want to.     

The trick to defending against government is to make the POLITICAL COST of the attack higher than the technical cost.    Technically the government could kill anyone it wants to at any time.  The best protection against that is to be "pure, innocent, and widely loved by the people".    Technically the government could shutdown the internet, but they won't because the POLITICAL costs are too high.   




« Last Edit: September 24, 2015, 03:14:06 pm by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
Since the code cant change because all nodes are running same code, a tx withholding attack would require 51% of delegates.

Voting out other delegates would require a large percentage aswell of the marketcap.

A price feed attack is possible to have a few delegates and send bad data to the chain (but i think this is mitigated by averaging all feed prices submitted and only accepting feed prices within a band?) however this would be expensive to do and you always run the risk of loipsing your access to delegate position before you are successful.
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline monsterer

If all nodes are on ONE server that means there are NO users.    Every user can run a full node and there is no limit to the number of full nodes. 

Please realize that running a full node even without producing blocks still provides security by creating a PUBLIC record that is disseminated widely in real time.   Once that record exists in enough places that it can not be easily erased it becomes irreversible.

Web wallet?

The only 'permanent' record is generated by those in charge of producing blocks. Nodes can only choose from a selection of histories, but never produce history on their own.

edit: really no idea why I'm telling you this, as you are clearly aware of it
« Last Edit: September 24, 2015, 02:04:35 pm by monsterer »
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline bytemaster

Node distribution has nothing to do with:
- how trustworthy DPOS is

So, if all nodes are located on the exact same server, this is not a problem?

...and if all nodes are located on island which suddenly bans crypto, this is also not a problem?
Those are extreme cases that certainly will not happen .. at least i will give my vote to prevent that ..
else, I agree ..

If all nodes are on ONE server that means there are NO users.    Every user can run a full node and there is no limit to the number of full nodes. 

Please realize that running a full node even without producing blocks still provides security by creating a PUBLIC record that is disseminated widely in real time.   Once that record exists in enough places that it can not be easily erased it becomes irreversible. 

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Node distribution has nothing to do with:
- how trustworthy DPOS is

So, if all nodes are located on the exact same server, this is not a problem?

...and if all nodes are located on island which suddenly bans crypto, this is also not a problem?
Those are extreme cases that certainly will not happen .. at least i will give my vote to prevent that ..
else, I agree ..

Offline monsterer

Node distribution has nothing to do with:
- how trustworthy DPOS is

So, if all nodes are located on the exact same server, this is not a problem?

...and if all nodes are located on island which suddenly bans crypto, this is also not a problem?
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
In the P2P network you cannot distinguish block producing from non-producing nodes.

Yet probably most of them have to be publicly known for anyone to trust DPoS in the first place.  Otherwise it's basically saying, please destroy me with your black swan attack after I put my life savings in.  This is another reason I was pushing for that collateral bid system in the post below, because people have to know that in a case of mass voter apathy, valid candidates are still selected and not a bunch of zombie delegates:

https://bitsharestalk.org/index.php/topic,18584.0.html
Node distribution has nothing to do with:
- how trustworthy DPOS is
- a black swan event
- funds put somewhere on chain
- voter apathy

this really is only about propagation of transactions and signed blocks .. nothing else ..

Offline r0ach

  • Full Member
  • ***
  • Posts: 93
    • View Profile
In the P2P network you cannot distinguish block producing from non-producing nodes.

Yet probably most of them have to be publicly known for anyone to trust DPoS in the first place.  Otherwise it's basically saying, please destroy me with your black swan attack after I put my life savings in.  This is another reason I was pushing for that collateral bid system in the post below, because people have to know that in a case of mass voter apathy, valid candidates are still selected and not a bunch of zombie delegates:

https://bitsharestalk.org/index.php/topic,18584.0.html

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
In the P2P network you cannot distinguish block producing from non-producing nodes.

Offline r0ach

  • Full Member
  • ***
  • Posts: 93
    • View Profile
Since the monero node map usually hovers around 100, it's a good visual indicator to look at to see what BTS distribution would look like with different delegate numbers.  Seems like it takes 100 just to get Australia, Africa, or South America on the map at all.  Even with 91 showing currently for me, only about 25-27 or so aren't directly under US, UK, or EU control, where shutting them down wouldn't be trivial by those three government coalitions working together.  This is a problem not just inherent to Bitshares, but many distributed cryptos.

https://monerohash.com/nodes-distribution.html