Let’s assume I’m a bad guy trying to jeopardise Radix. I run 100 nodes, and I noticed that at least 50 of them are assigned to the same shard. Could I perform an attack and, for example, spend whatever resources are in that shard, or give life to some other type of attack?
PS. Hope my question is clear. The more I dig through this project the more I’m appreciating every aspect of Radix.
You could make an attack if you control more than 1/3 total staking value of the network.
But as Bart said: “however if you can within an epoch purchase 1/3 of a single validator set, you can in essence compromise the entire network”
Dan answered: " You could, but you gotta find them, get them to agree, then you gotta trust they don’t just take your money.
Plus they will get slashed if they do anything but abstain to cause a liveness break, so you’d have to cover their stake too plus making it worth their while
Liveness and safety issues only cause issue on anything that touches that validator set. All actions that don’t still run just finr"
You can follow the thread for more information regarding the attack on the specific shards that those validator set validate on the specific epoch: Telegram: Contact @radix_dlt
Still, since all the things is randomized, you will never know which shard your “compromised validator” got assigned to in the next epoch
Thanks, this is very helpful. Starting from the tg thread you linked me, I found other interesting insights. I will write them down here for anyone interested in gradually shedding light on this issue:
From Thomas Anderson somewhere in RADIX DLT Official:
“[…] The point is: the more shards there are, the less it takes to attack a shard. In the case of Radix, I’m not just talking about stake, more on that below. Dan tries to offload this problem by adding nodes to the equation in addition to pure stake. This means that instead of just over 33% stake in a shard, you also have to control about 33% of the nodes in the shard (depending on the stake of the nodes) in order to attack the shard and thus the entire network.”
At first glance, this looks like the solution, but it’s not! And that’s very easy to prove. But we need a little more information. More on that below.
It is important to know that nodes can have very different stakes, so some nodes may only have a few 100k, others millions. This means that you cannot freely split nodes into shards. Consider a shard whose nodes are all only a few 100k stakes. A new million node that joins could directly control the shard and thus attack the entire network.
I just copy-pasted the core of the issue because I don’t have the knowledge to go into further details. I think the fundamental problem should be clear.
1 Like
Shrimp
(A lil big Shrimp in the rough crypto ocean )
4
I keep reading this over and over but somehow it just doesn’t make sense to me.
So you need to control 1/3 of the total staking value of the network, this actually doesn’t sound too secure when I am honest. But the tricky bit is that you need to control 1/3 of the stake in the same shard, and the shards of a node are changing randomly every epoche.
And than there comes another tricky bit that you not only have to control 1/3 of the total staking value of the network but also 1/3 of the nodes.
Exemple: There are 100 Nodes but the staking on the nodes is very unequal 10 nodes carry 1/3 of stake of shard
So you maybe already control the 1/3 of the stake and thus 1/3 of the nodes but not the majority in the total node numbers. So to get control of the shard you still would need to get 20 more nodes in your control
To “attack” just need 1/3, but that only “break liveness” (mean there are no more transaction on that shard).
To “attack” and “write on state” for “controlling a shard” you would need >2/3, “break security”.
So it mean you need to control at least 23 node to conduct a “liveness attack”, and more (maybe >46, the 23 is the number of nodes with the most staking value, >1/3 staking amount of the network) to conduct a “security attack”.
But as I said, every epoch the nodes are randomized, you won’t know which shard the attack you conduct would lie on, so every other shard will live just fine.
Right, you would need to control at least >67% of total staking value.
Exactly. This is also what I understand.
Nodes maybe in a way or another know which shard they’re assigned to, but the problem seems to be the huge random number of variables that control how shards are allocated.
Si, to sum up, 33% for disruption, something like 66% for complete control (?)
You’re right, but that is only possible with sharded Cerberus, current Radix Network haven’t sharded so when someone make 67% attacking it basically control the whole.
2 Likes
Shrimp
(A lil big Shrimp in the rough crypto ocean )
10
Ah so these calculations will only be active from 2024 with Xi’an