risk assessment: attack vectors and prevention strategies

[LGro]

First off, interesting approach to resolve the energy issues with proof of work and to entangle social and technical structures (especially with respect to trust) more closely.

What do you think about adding possible attack vectors and matching prevention strategies to the white paper or the documentation? A solid risk assessment seems like a crucial part of a project that aims to create a new economy.

Particularly interesting might be to start with the role of FairCoop, chain administrators and the FairCoin developer team, since they take the role of a central authority in this ecosystem through allowing CVNs and issuing the respective smart-cards. Additionally, since the number of CVNs is targeted to be around 50 with a current maximum of 100, the people running those nodes might be especially exposed to attack/manipulation, posing an effective target to manipulate the proof of cooperation mechanism.

[FatherMcGruder]

@LGro @thokon00 I am curious to understand the implications of a compromised or malicious CVN. What is the worst they could do, ignore transactions? Also why is there a limit to the number of CVNs?

[mmoya]

FatherMcGruder, a malicious CVN can ignore transactions but that only matters when is it its turn to create a block. Not to say that it will be removed from the blockchain as soon as detected.

The limit is because each CVN is expected to cosign each block. There are latency, block size, etc... I don't know the ultimate reason for 30, it seems a sweet spot between security and convenience. @thokon00 can explain better how that number was calculated.

[rasos]

I do not really see an authority in Proof-of-Cooperation:

• The hardware FASITOs can be provisioned by the CVN operator him/herself, all source code is online. To simplify the onboarding of new CVN operators, we offer to ship them pre-seeded.
• Chain admins execute, what a general assembly decides (block parameters or on/offloading of CVNs). Currently 5 out of 8 chain admin have to sign together within one block. If the chain admins would refuse or would not be available, the ultimate resort is a hard fork, to be decided by the assembly of the FairCoin users, provisioning a new group of trusted chain admins.
• CVNs are not more exposed than other nodes. Any blockchain or p2p network can be threatened by DDoS. A few hundred nodes are easy to calm down with some effort, but such an attack may not last longer than some hours or days if you have a lot of budget for renting CPU power. After such an attack, the node network will automatically recover and continue. In case of repeated massive DDoS attacks, some CVN operators could connect directly with parameter -connect=IP1 -connect=IP2 to a trusted node or via VPN.

I would see it like this: FairCoin is a blockchain with democracy built in. One could say the authority is the democratic sovereign of the FairCoin users, decisions are made in the general assembly.