Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: WTF happened to ripple?
by
tacotime
on 24/02/2013, 00:55:59 UTC
Quote from: gmaxwell on February 22, 2013, 05:40:20 AM
Quote from: JoelKatz on February 22, 2013, 05:07:55 AM
I largely agree. It comes down to the practical question of which scheme will be more robust in the face of a motivated attacker. I don't think any of us really know that yet.
I can agree with that.

I'm still not sure that I've internalized the implications of your model in ripple, though I now think my initial understanding of the basic technicalities of were at least not totally incorrect.

I find it interesting that it's easy to describe topologies where you are insecure even though _all_ of your peers are honest and most of the network is honest:

Code:
                      /---- Honest0
                       /---  Attacker
         /------moron1 ----- Attacker
         /   /    |    \---- Attacker
         /   |    |    /---- Attacker
      you----|--moron2------ Attacker
         \   |    |    \---- Honest1
         \   \    |    /---- Honest2
         \------notmoron --- Honest3
 
In this graph there are 7 honest validators (honest*,moron*, and notmoron), and 5 attacker controlled identities. All of your direct peers are honest.  And yet you're exploited— Every validator you trustlist sees an attacker controlled majority even though only 41% of the total validators are dishonest.

So the Bitcoin security assumption (most hash power is honest) is not strong enough to make ripple secure if translated to comparable terms ('most trusted nodes in the system are honest').

How do your cryptographic signatures that show if someone misbehaved distinguish between them misbehaving vs trusting someone who misbehaved?  Couldn't I protect my reputation by attacking by simply arranging to trust dishonest sockpuppet nodes?  If I can't then isn't there considerable pressure to only trust the same nodes everyone else trusts?


This is the major problem with ripple.  Someone with a botnet can form thousands or tens of thousands of validated nodes and operate them as normal for months on end, then suddenly command them to reject certain transactions as invalid.  It doesn't even have to be a lot of transactions, just small ones that majorly benefit the botnet operator, and this could be performed very easily with no one catching on to it for some time.  You've created a "one IP one vote" system, something that is warned against in the original bitcoin protocol specifications.  If the chain lives long enough we'll all see why.  Sybil attacks are cheap and the threat of them is real.