Some random questions

These are some questions that were asked recently in telagram by user ChicoBermuda

  1. What is the liveliness threshold of he secret node network?

  2. How many nodes are involved in a computation?

  3. Can computations finish if a node goes offline?

  4. Why is ENG used to pay for computations instead of ETH or Dai? Based on the Q&A in “Secret Nodes — Everything You Need to Know!”, this sounds like an unecessary bottleneck and a way to force demand for ENG where it’s not needed

  5. Can network privacy be subverted if I control some plurality of ENG or secret nodes? What’s the easiest way to attack the network (seriously)?

1 Like
  1. I’d argue that if you assume no eclipse/DoS attacks, the threshold is t<n (t is number of compromised workers, n is the number of nodes). Does this mean we have a better threshold than is even possible in theory (depending on the model, the limit in byzantine systems is normally t<n/3)? Of course not, it’s just that we rely on Ethereum for consensus, so as long as Ethereum is live, our network is live.

If you assume eclipse attacks on the p2p layer, then like all other networks, we should have an optimal threshold which is t<n/3, but we haven’t modeled this directly and I don’t know of a project that has.

  1. Currently - one worker per secret contract per epoch.

  2. They will timeout and will have to be resubmitted in the next epoch by the user.

  3. Why is ETH being used instead of BTC? Independence from ETH is important for several reasons - ability to argue about economics/security in a closed system; ability to be agnostic to ETH (this will be a must have when we have our own chain).

Dai is even more complicated and requires a lot of other house of card assumptions (e.g., centralized oracle). Since Enigma operates with a fee market, the stability of the token is less relevant.

  1. You have access to more data in theory the more ENG you hold, but you’d need to break SGX in those systems to be able to actually attack the system.
1 Like

1&2 (cont.). What happens to the computation in an eclipse attack? Having to DoS a single node to (a) keep aborting the computation (b) resulting in that node being economically punished for “not participating” is a very wide attack vector.

  1. With general purpose computations, it seems impossible to impose an economic mechanism to guarantee that an attack is “never worth it” because the value of the underlying data is unquantifiable. There is an assumption that the cost of acquiring enough ENG to run/subvert 1/3 nodes must be greater than the implicit value of all data computed in the network, but because the data is unquantifiable, value accrual to ENG is not proportional to the value of the data. Thus, such an attack could be worth it to an adversary. Thoughts?