Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: WTF happened to ripple?
by
Monster Tent
on 22/02/2013, 23:16:07 UTC
Quote from: JoelKatz on February 22, 2013, 05:07:55 AM
Quote from: gmaxwell on February 22, 2013, 04:44:33 AM
Quote from: JoelKatz on February 22, 2013, 03:45:00 AM
Quote from: gmaxwell on February 22, 2013, 03:27:55 AM
Is there a similar compact and fairly comprehensive expression of Ripple's security assumptions that could help people reason about the system?
At the highest level -- you are secure so long as the majority of your trust list doesn't conspire. If you have a bad trust list, you can be lied to about what transactions have been applied by the system.
What happens if the majority of each of _their_ (unknowable to me) trust lists conspire?

Something bad must happen, otherwise— My partner and I each run a valditator node make my client trust only those. I know they don't conspire against me. Now my client behind them is totally safe! ...  or not.
You are, of course, completely right. I should be more precise. You are secure if the majority of the nodes on your trust list are secure. This ultimately devolves into the majority of the weight in your effective weighted trust not conspiring.

In your scenario, where you have trusted only two nodes and those two nodes trust conspiring nodes, you can't become convinced a transaction happened without them having that signed transaction to present. You can't rewrite the past. However, you could be duped into thinking a transaction was applied when it wasn't. You will have signed cryptographic proof that you were deceived. (Hopefully in the future, we'll automate collecting and distributing that proof so you only get to conspire once.)

Quote
Quote
Think about it this way though -- if you have a 51% attack against Bitcoin, you have to make fundamental changes in Bitcoin. If you have a consensus breaking attack against Ripple, you have to remove the conspirators from your trust list.
See my example as to why I don't think its so simple. Shutting out a single high hashpower attacker isn't hard and lots of altcoins have done silly things to accomplish it.  But it's pointless because shutting out a single attacker is not useful if the fundamental assumption that a badguy won't have a computing majority is flawed. Likewise, removing conspiring nodes from your trust list is perhaps not all that useful if they were ever able to get there in the first place.
I largely agree. It comes down to the practical question of which scheme will be more robust in the face of a motivated attacker. I don't think any of us really know that yet.




If they conspire once and that one time someone loses 1 million xrp its a flawed system. After all attackers will be motivated to go after clients who hold large balances.