What is Nostr?
Gregory Maxwell [ARCHIVE] /
npub1f2n…rwet
2023-06-07 03:00:52

Gregory Maxwell [ARCHIVE] on Nostr: đź“… Original date posted:2012-01-31 đź“ť Original message:On Mon, Jan 30, 2012 at ...

đź“… Original date posted:2012-01-31
đź“ť Original message:On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks <michael at ndrix.org> wrote:
> address manager point to the attacker.  If a client has 8 connections
> to the network, a Sybil attack would succeed 1.7% of the time.

Meh, careful not to mixup addrman created issues with preexisting ones
simply related to the number of connections vs the number of nodes.
Even absent addressman someone who can spin up a large multiple of the
current nodes as tcp forwarders to a system they control can capture
all of a nodes outbound connections.

Increasing the number of outbound connections is a very bad solution
to this problem: It invites a tragedy of the commons: you get the
"best" security by setting your number as high as it will let you. Who
doesn't want security? Meanwhile we've come pretty close to running
out of open listening ports already in the past.

There is a much more scalable improvement for those concerned about
the sybil attack (I say those concerned because a sybil attack is not
that fatal in bitcoin— checkpoints prevent a total fantasy chain, it's
mostly but not entirely a DOS risk)...

The solution is to addnode a couple of (ideally) trusted nodes, or
failing the availability of trusted nodes, a few that you think are
unlikely to be mutually cooperating against you.

A single connection to the 'good' network kills isolation attacks
dead, so a couple carefully selected outbound connections its a more
secure remedy and one which doesn't explode the network.
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwet