Second, I totally agree about the vulnerability of Crypti in its current form to DDoS attacks. As I have discussed before, one solution is to split Top Delegate communications with Lite clients and their communications with each other onto separate IP addresses. Top Delegates should have their own darknet where only they know the IP addresses being used for communications to new forge new blocks.
I have my concerns with this. If only 101 delegates have control over the network, it will be very simple to launch a coordinated attack on these. Are there any ways to handle this?
Right now you would have to DDOS all 101 delegates at the same time. Failure of any delegate to forge a block, passes the block to the next delegate in line. If 10 delegates were unable to forge, those 10 blocks would have been forged by 10 other delegates. This 10 delegates would have forged 2 blocks for that cycle. That would only marginally delay the current 6-10 confirms needed for a transaction to be confirmed.
Since 10 blocks were missed, then passed on to other delegates, that cycle would lengthen by 100 seconds for the 101 blocks. Cycle completions are used to check the block chain for forks, add/delete delegates to active/standby mode; and divide the transaction fees earned during that cycle, if any.
In the future versions, it has been discussed that we will be dropping delegates from the 101 club after X number of failed forges, for the next X cycles.