Author Topic: Hypothetical Discussion: DDOS Attack by a Wealthy Adversary  (Read 1928 times)

0 Members and 1 Guest are viewing this topic.

Offline btswill

  • Newbie
  • *
  • Posts: 1
    • View Profile
After having several great discussions with @fav on the Discord #general channel, I thought it would be nice to repost the discussion here and see if anyone else would like to provide their commentary on this rather academic discussion.

Quote
will-Yesterday at 10:24 PM
so I am new to Bitshares and I am reading the wiki currently and I have a couple questions: But let me preface these two questions by saying, -- i think the system is very well designed and I am impressed with the foresight to use economic incentives to help bootstrap the security of the system. As long the system is built so that rational behavior, on the part of the delegates, will further strengthen the system AND irrational behavior cannot subvert the system -- then it seems like the BitShares is system is by far the superior blockchain.

Now my two questions:

1) continuing on your argument about it costing $35 per second to flood the system. That means it would cost a little over 1 billion USD to flood the network for an entire year ((60secs x 60 minutes x 24 hours x 365 days x $35 per second to flood the network)). I would argue that a DDOS that locked up the network for an entire year would spell the end of the BitShares blockchain (I dont think it would even take an entire year). And banking corporations in the US alone have a significant amount of money to lose (10's of billions per year), so what is to stop these corporations from factoring in a long-term DDOS attack on the BitShares network as a cost of doing business if it only costs ~ $1.2 billion per year to stay in business.

2) other than "persuading others to upvote your node" -- is there any other requirement for being a delegate? I guess what I am getting at is, how is the system protected from a Sybil attack?


-------- to clarify on my comment "And banking corporations in the US alone have a significant amount of money to lose (10's of billions per year)" Banks have a significant amount of money to lose if there is widespread global adoption of a successful blockchain that can truly compete with their institutions on the tx/s metric.

Even if the tx/s moved up to 100,000 tx/s then we are talking about it costing $33 billion USD to bring down the network for an entire year. And as I argued before, I really do not think it require an entire year of attacking the network to destroy the public's trust in the network (especially if their own businesses -- based on the BTS blockchain -- cease to be able to operate during the period of the DDOS attack.

------- clearly this an utmost worst case scenario that is unlikely to occur, but the economic incentives exist for very wealthy institutions (some governments and most banks) to do everything in their power to subvert this new revolutionary technology BUT "By the typical yardsticks, banks have been doing well.

JPMorgan earned $26.5 billion in profit over the past 12 months, the most ever by any major U.S. bank. While trading results reported Friday were worse than analysts’ estimated, second-quarter earnings set a record." - 7/14/2017
https://www.bloomberg.com/news/articles/2017-07-14/jpmorgan-proves-wall-street-bank-profits-don-t-depend-on-traders

Just one bank (granted its the largest bank) had $26.5 billion in profits over a 12 month period (probably not a GAAP Accounting figure - but thats another discussion for another day).

will-Yesterday at 11:09 PM
----- BTW, this discussed threat applies to all public blockchains and is not an attack on BitShares individually.


October 12, 2017

fav-Today at 12:42 AM
$35 does not flood the network, it was just as much as we could hit it with some servers
Our current Graphene could theoretically handle up to 100k txs

will-Today at 12:46 AM
i think graphene is ingenious --- no doubt about that

fav-Today at 12:46 AM
EOS is upgrading it, so we can fork too.

will-Today at 12:46 AM
I was just going off this: Let's say a tx costs 1 cent would cost $35 per second to flood, and that would not bring the network down Even huge backlog would be cleared in minutes

what did you mean by "flood" then
maybe i just misunderstood

fav-Today at 12:47 AM
That was in case someone manages to get in more than say 10k tx/s

will-Today at 12:47 AM
sorry for being a noob and making you explain it twice

fav-Today at 12:47 AM
It's hard to measure, since we couldn't test it despite throwing some heavy load onbit

will-Today at 12:48 AM
could "someone" get 10k tx/s through if they were a voted delegate?
do they have an advantage over other users

fav-Today at 12:48 AM
But witnesses would either start blocking the spam, or committee would increase the fees as a damage control

will-Today at 12:49 AM
would increasing the fees screw the network?

fav-Today at 12:49 AM
No witnesses are just full nodes processing
No, increasing the fees would stop spam... Or make us billions in fees

will-Today at 12:49 AM
if the fees had to be increased long term would it screw the network

but billions in fees means nothing if people lose trust in the network's ability to control the spam
that trust would be worth trillions once adopted

so the fees would be kinda meaningless at that point

ShadowMan-Today at 12:51 AM
interesting discussion 

fav-Today at 12:51 AM
It would just be short term, there's always the bandwidth idea steem uses to prevent spam for example

will-Today at 12:51 AM
i think the bandwidth control idea is a good one

fav-Today at 12:51 AM
Increase fees - stop spam - implement protection - lower fees
Anyways good talk. Gtg to work now :)

will-Today at 12:53 AM
alright thanks for the response and discussion

------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Next Day:
Continuing on the discussion regarding the rate limitation model as is used in STEEMIT
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
will - Today at 1:37 AM
had a brief email exchange with a special someone today and he seemed to think the rate limiting model was a better line of defense against spam as opposed to raising fees.
just fyi

fav - Today at 2:03 AM
Yes, but we can't implement rate limiting without dev work. Fee increase would just a Band aid solution

will - Today at 1:06 PM
how much would it cost (how much work would it take to have a rate limiting implementation ready to go
I just see any downtime on the network as a huge threat
if the network has fees that make it effectively unusable by the participants -- then it might as well be down and offline because no one is going to use it

fav - Today at 1:09 PM
you should really open a thread on bitsharestalk.org #DONE ;)
to get input

will - Today at 1:09 PM
I would argue that there is a cost (loss of trust and reliability of the network) if fees are increased
Ok i will do that

fav - Today at 1:10 PM
and increasing the fees to 50 cent per transaction would not shut down the network or wallet.

will - Today at 1:13 PM
no it probably wouldnt affect the p2p smaller transactions, but I am thinking into the future. Assuming there are large enterprises relying on the exchange and processing one thousand transactions per second. They have built a business on relying on this exchange to process their transactions at 1 cent or 10 cents per transaction
but someone starts to attack the exchange and the devs say "oh we will just raise the fees to 50 cents" representing a 500 to 1  increase (in the case of 1 cent transactions) and 50 to 1 for the latter
their trust is almost immediately wiped away

fav - Today at 1:14 PM
larger enterprises would sponsor larger datacenters as witnesses. EOS allegedly can upgraded graphene to 1m TP/s
the more money flows in, the more we can scale graphene

will - Today at 1:16 PM
ok so a larger enterprise can have their own witness. is the throughput limited by the weakest witness node?
a witness node that is not a large datacenter

fav - Today at 1:17 PM
you can bet that there are only big datacenters running the chain at this point

will - Today at 1:17 PM
forgive me because I am actually asking questions here as we are getting a little beyond my technical knowledge
ok because the community would be demanding it at that point....... and thus vote for those nodes

fav - Today at 1:18 PM
exactly

will - Today at 1:18 PM
ok that makes sense
hey thanks for answering all these questions
I really appreciate it


I think one of the revolutionary things about the graphene protocol is the focus on incentives and how these incentives can be used to encourage network participants (delegates and witnesses) to act in a way that is self-interested and also beneficial to the network.

This thinking allows the network to reduce latency by having a smaller group of honest nodes supporting the network, we can trust these nodes because the most self-interested behavior for them is to support the network in an honest way.

While blockchains like Ethereum design the system to be "trust-less" via a technical design (every node is verifying the current state at every block), this security comes at a cost. I would argue that it is an unnecessary cost if one can design the incentives correctly -- as has been done in the graphene protocol.

I am excited to hear the community's commentary on this subject

AND PLEASE POKE HOLES IN MY ARGUMENT AS YOU SEE FIT !!!!!! -- DISSENTING OPINIONS ARE THE MOST IMPORTANT OPINIONS[/size]