(disclaimer: I had early access to the white paper for review)
Sybil attacks are not really directly applicable here since each node in the system picks its own quorum slices (basically the set of nodes that it trusts). There is no notion of global reputation and nodes do not need to know every other nodes to participate. Looking at the definition of quorum intersection[0] section 4.1 should give you a sense of the conditions that are required on the choice of quorum slices for the network to function properly (quorum intersection ensures safety)
The proof exposed in the paper guarantees safety and liveness for the network provided a certain number of reasonable conditions are held true. What that means is that an attacker cannot force on intact nodes (definition p14) invalid transactions nor prevent the network from making progress.
That being said, (at least in the version I reviewed) there is no guarantee provided with respect to ensuring that all valid transaction will eventually make it into the network. Indeed a set of highly trusted nodes (present in a lot of quorum slices) could attempt to preempt a specific set of transactions X (originated by edge nodes) by opportunistically broadcasting valid transaction set V_i for each successive ledger entry i that explicitly do not include the targeted set of transactions X. Under raw SCP as described in the paper and for certain topologies this preemption could be real and this is the closest I can think of a Sybil attack. It's important to note that we still have liveness and safety in that case.
I believe the same kind of attacks to be plausible with the Bitcoin network and I know protection mechanisms against it are currently being evaluated by David, Jed and the rest of the team. I will let them share their progress when they think it's right. I also hope they will correct me if I stated anything inaccurate here!
> I believe the same kind of attacks to be plausible with the Bitcoin network
This isn't anyone elses understanding. Can you suggest a mechanism by which it would be possible for a minority conspiracy to perpetually exclude a transaction in Bitcoin?
In Bitcoin we can make a pretty concrete statement about computing power that one can reason about; the blocking attacker will not be successful without a majority of it.
Whats the similar statement for 'trust' which is sufficient for security? Obviously "attacker is partitioned from the network" is sufficient, but not very plausable. I'm sure there is a better statement possible, but its not clear to me what it is.
Why wouldn't this be plausible? Let's say one day China had enough of Bitcoin, and used their essentially limitless resources to gain enough hashing power at will, to block transactions or rewrite them or what have you. Entirely plausible with Bitcoin (in this case, China doesn't care about the coin reward and therefore is not a "rational attacker" as the popular game theoretic model of Bitcoin security presupposes).
Now let's look at the Stellar model in this same situation. We've got a bunch of large company nodes that are probably Gateways (for the sake of argument say JCB, Wells Fargo, Barclays, and Bank of Brazil). We've got a ton of other nodes that belong to research universities, and then we have a bunch of "non-profit" or hobbyist or whistle blower nodes. There's a nice graph topology between all of these. Then one day China comes along and decides its had enough. How does it attack the network in this case? By hacking enough organizations to take control of their nodes? Seems a bit more unlikely than it gaining 51% of hashing power on the Bitcoin network...
> Let's say one day China had enough of Bitcoin, and used their essentially limitless resources to gain enough hashing power at will, to block transactions or rewrite them or what have you. Entirely plausible with Bitcoin
That's the Maginot Line attack, at Tim Swanson calls it. The more realistic attack is that China just hacks into five data centers and serves a warrant to another ten. An interesting property of the PoW incentive structure is that there is actually fairly little incentive to protect oneself against hacks, so I would not be surprised if it was fairly easy.
> By hacking enough organizations to take control of their nodes?
The key point in Stellar consensus is that even if enough nodes are hacked, then users can just stop trusting them and switch to other nodes, and so the network would "route around" the damage. With Bitcoin PoW, there's no way to exclude an attacker from participating; you have to accept their work just as much as everyone else's.
Maginot Line attack, I like that. And yep, that's basically the point I've been trying to make in my posts. IMO Bitcoin isn't "trustless" - you need to implicitly trust those with hashing power aren't colluding to screw you.
If you had a prisoner's dilemma game where people were trading and anyone could create currency then all would defect and create currency. By making substantial expenditure of energy the cost of defecting, the game loses its prisoner's dilemma quality. This is what makes bitcoin unique IMHO. Other systems have no structured way to create currency that doesn't rely on a particular party not defecting. There's tit-for-tat, but increasing the price to defect works so much more neatly.
Sybil attacks are not really directly applicable here since each node in the system picks its own quorum slices (basically the set of nodes that it trusts). There is no notion of global reputation and nodes do not need to know every other nodes to participate. Looking at the definition of quorum intersection[0] section 4.1 should give you a sense of the conditions that are required on the choice of quorum slices for the network to function properly (quorum intersection ensures safety)
The proof exposed in the paper guarantees safety and liveness for the network provided a certain number of reasonable conditions are held true. What that means is that an attacker cannot force on intact nodes (definition p14) invalid transactions nor prevent the network from making progress.
That being said, (at least in the version I reviewed) there is no guarantee provided with respect to ensuring that all valid transaction will eventually make it into the network. Indeed a set of highly trusted nodes (present in a lot of quorum slices) could attempt to preempt a specific set of transactions X (originated by edge nodes) by opportunistically broadcasting valid transaction set V_i for each successive ledger entry i that explicitly do not include the targeted set of transactions X. Under raw SCP as described in the paper and for certain topologies this preemption could be real and this is the closest I can think of a Sybil attack. It's important to note that we still have liveness and safety in that case.
I believe the same kind of attacks to be plausible with the Bitcoin network and I know protection mechanisms against it are currently being evaluated by David, Jed and the rest of the team. I will let them share their progress when they think it's right. I also hope they will correct me if I stated anything inaccurate here!
[0] https://www.stellar.org/papers/stellar-consensus-protocol.pd...