The first section is based on a very simple model. Each subsequent section adds progressively more factors.
This calculator demonstrates a few principles of the SAFE network design:
Security increases as network size increases.
Security increases as churn increases (ie as vaults join, leave or are relocated in the network).
Successful attacks are a matter of when, not if. Success is based on
'chance' rather than a binary 'attacked' vs 'not attacked' result.
This is a natural consequence of the non-deterministic vault naming
used by the network.
The calculator is not a complete model of the network
security. Refer to the Notes at the bottom of the page
for more information.
The minimum number of vaults per group is
and maximum is
The chance of the interrupt joining the target group is 1/? (call this probability 'p')
The chance of the first interrupt not joining the target group is 1-p
The chance of the second interrupt not joining the target group is (1-p)2
The chance of the nth interrupt not joining the target group is (1-p)n
The chance of the nth interrupt joining the target group is 1-(1-p)n
Interruptions delay the attack and reduce the chance
of a successful attack, but does not necessarily altogether
prevent it or set it back to square one.
The utility of controlling a group is not calculated. Greater utility motivates an attack.
The cost of an attack is not calculated. Larger costs reduce the motivation to attack the network.
The feasibility of an attack is measured by comparing the utility with the cost. This calculator does not determine the feasibility of an attack.
Data-chains allow groups to assess the honesty of other groups. Therefore successfully abusing control of a single group often requires control of more than a single group.
This calculator does not account for other means of controlling specific vaults, such as bribery or secretly distributing malicious vault software. These attacks may be more effective than attacks on the joining algorithm.
This calculator does not measure the difficulty of spreading the attack after a group is compromised, or the likelihood of recovery from a compromised state back to the original uncompromised state.
The target group grows in size as attacking vaults join it, increasing the quorum size for the group. This increases the difficulty of an attack, but is not included in this calculator.
Attacking vaults should target a particular 'end' of the group (the high names or low names) rather than the middle so that if a split occurs during the attack the malicious vaults end up in the same group. The added difficulty of targeting a particular portion of the group is not included in this calculator.
When vault ageing is introduced, joining a group as a quorum member will take longer than simply being allocated a name by the network. This greatly increases the time taken to perform an attack and decreases the chance of success.
Offline attacks to the relocation algorithm are not included in the calculator.