HN2new | past | comments | ask | show | jobs | submitlogin

If that's the case and there is no cost, I still don't get how this is resistant to sophisticated and well-resourced sybil attacks. What's to stop someone from just firing up 10,000 nodes in the cloud?


No one listens to these 10k newly created nodes. If they all add each other to listen to each other they essentially create a fork as soon as they divert somehow from the rest of the network and no one would care. The attacker then has full control over the fork but again no one listens to it so its pointless.

You would need to convince a majority of nodes to listen to your nodes and stop listen to the nodes who dont listen to you. There is zero reason why anyone would do this. Even if you could bribe some to do it, it would likely never be close to 80% and it would be incredible hard to hide the attempt.

The number of nodes for each node to list to would need to drastically increase. If we do the math with 10 nodes to gain 80% control you would need to add 40 nodes so there is a total of 50 nodes and you control 80% of them. If you are one of the 10 nodes its obvious you would never add 40 new nodes in a short time. There is no benefit form adding many nodes anyway the goal is to have the most reliable and de-central nodes list possible not as many as possible.

https://xrpl.org/consensus-protections.html#sybil-attacks


10,000 nodes are only as powerful as the amount of trust the rest of the network lends to them. If nobody trusts those nodes, they will have no impact. If the nodes all trust each other and a single outside node trusts one of them, that node is worth 1 vote, not 10,000.

Under the Stellar Consensus Protocol, the people you trust is your 'quorum slice.' If you take a transitive closure of trust over all slices, you'll arrive at the set of nodes you rely on. The most trusted nodes will appear in a lot of quorum slices, and essentially form a core trusted quorum. An algorithm similar to PAXOS is run by all nodes, but the results in the core quorum will override outer nodes until consensus is reached.

Thus as long as no malignant nodes are in the core quorum, they will not impact consensus. If a node confirms something contrary to what everyone else confirms, you know it is malignant. And in the rare case that a malignant node becomes highly trusted (which would mean it isn't acting malignantly), then confirms contrary, Stellar prioritized safety and will come to a halt until trust graphs are readjusted to remove the bad actor (which removal can be done automatically if it's provably acting malignantly, i.e. signing invalid messages.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: