|
78 | 78 |
|
79 | 79 | ## Security Considerations |
80 | 80 |
|
81 | | -Needs discussion. |
| 81 | +The primary failure mode of a DAS scheme is a "data withholding" attack, where a block producer attempts to convince the network some data is available even when the block producer fails to provide the associated data. |
| 82 | +PeerDAS resolves withholding attacks by implementing a (pseudo)randomized sampling scheme that decreases the probability of a successful attack as the size of the network grows for a constant amount of data that must be downloaded. |
| 83 | + |
| 84 | +This intuition can be formalized as follows: |
| 85 | + |
| 86 | +Letting `n` be the total number of sampling nodes (i.e. the size of the network), `m` be the total number of samples possible (cf. NUMBER_OF_CUSTODY_GROUPS in the specs) and `k` be the minimum number of samples that a node must download (cf. `SAMPLE_PER_SLOT in the specs), we have the following bound for the probability of convincing a fraction `\epsilon` of the nodes that some data is available when it is withheld: |
| 87 | + |
| 88 | +\mathbb{P}(\text{tricking } n\epsilon \text{ nodes}) \le \binom{n}{n\epsilon}\binom{m}{\frac{m}{2}-1}2^{-kn\epsilon} |
| 89 | + |
| 90 | +The first term is the number of possible ways to choose a subset of `n\epsilon` nodes whose sampling queries should be satisfied (i.e. the nodes to be tricked). The second term is the number of ways to choose a maximally large subset of samples to be made available to satisfy the sampling queries of the `n\epsilon` nodes without allowing reconstruction of the full data. Finally, for any such choices, the third term is the probability of success, i.e. the probability that the sampling queries of all chosen `n\epsilon` nodes are satisfied by the chosen subset up to the reconstruction threshold. |
| 91 | + |
| 92 | +For mainnet parameters given in the specs and assuming 10,000 nodes on the network, we can compute upper bounds of attack success at various node counts. |
| 93 | + |
| 94 | +| `\epsilon` | `n\epsilon` (nodes) | Upper bound on `P` | |
| 95 | +|:-----------:|:---------------------:|:---------------------:| |
| 96 | +| 0.0 | 0 | 2.36*10^37 | |
| 97 | +| 0.1 | 1 000 | 10^-960.9 | |
| 98 | +| 0.2 | 2 000 | 10^-2607.9 | |
| 99 | +| 0.3 | 3 000 | 10^-4536.5 | |
| 100 | +| 0.4 | 4 000 | 10^-6674.8 | |
| 101 | +| 0.5 | 5 000 | 10^-8995.6 | |
| 102 | +| 0.6 | 6 000 | 10^-11491.3 | |
| 103 | +| 0.7 | 7 000 | 10^-14169.4 | |
| 104 | +| 0.8 | 8 000 | 10^-17057.3 | |
| 105 | +| 0.9 | 9 000 | 10^-20226.8 | |
| 106 | +| 1.0 | 10 000 | 10^-24045.0 | |
| 107 | + |
| 108 | +The table shows that the chance of a successful attack quickly drop to negligible and so PeerDAS is considered secure to withholding attacks. |
82 | 109 |
|
83 | 110 | ## Copyright |
84 | 111 |
|
|
0 commit comments