On Feb 5, 2008, at 1:25 PM, Matthew Toseland wrote: > On Tuesday 05 February 2008 19:05, Robert Hailey wrote: >> For a "quick simulation", I think this is an excellent demonstration! >> However, I think that there are two major errors. >> >> First, there is an equal chance of nodes from either network >> swapping. >> In the freenet network (since swapping is done through the network) >> it >> is not equal (if for no other cause than the scarce links between the >> two networks). More on this below. > > His simulation doesn't deal with this? There are two mechanisms that > would > limit it: > - The limit on swaps per second per link. We won't accept a swap > request if > we've had one within the last 900ms. However, this may be too > lenient a > limit, we could increase it. > - Swaps are routed as random possibly looping walks.
What I mean is that a node is more likely to swap with another node on it's same well-connected network. I don't know how much so. In the sim it the chance of any node swapping with any other node is the same. >> Once I added the joins to the two networks on your sim, I noticed >> that >> the networks would "bunchup", but not split the keyspace. However, >> I'm >> not sure the lack-of-keyspace-split helps either side of the argument >> as these swaps are are applied to stable/mature networks to begin >> with. What this demonstrates is more the merging of two large >> networks >> (e.g. freenet-china and freenet-usa finally get linked up), and that >> they maintain there keyspace. > > Define "bunchup" ? It seems to be luck of the draw, where the connections are between the two networks. Many times one network will catastrophically be absorbed into the other (keyspace-wise), other times it is split into 3 or 4 segments. > This is IMHO a very significant result: > - Link-based swap pressure causes the two networks to keep their own > separate > keyspaces. I don't know... the pressures you mentioned (900ms and walking loops) are not in this sim, it is swaptheory-only. Link pressure *could* help keep a steady state, but I think it would only make the attack slower to both deploy and recover from; unless of course it becomes so slow that it is overcome by the location-randomizing of nodes in the network. > [...] > - It is not a viable attack to dangle a large virtual network off a > few > connections. I think it is, and particularly so (1) the larger the virtual network, and (2) the fewer the links into the real net. > Unfortunately there are other viable attacks on swapping (read > the Pitch Black paper, last year somebody appears to have deployed > it with > considerable success although some of our problems were certainly > due to > churn). On my todo list. > - An escape-route mechanism may be interesting, however given the > limited > capacity it may be simplest to just rely on chance and ULPRs > propagating the > most sought after content? The problem with this is those few > requests which > cross the border will probably have low HTL when they get there, so > if the > content isn't popular on the other side it might not be found. So > maybe we do > need some sort of mechanism - but we will need a way to ration the > scarce > resources according to popularity. >> >> Speculating about the swap probability... >> >> ASSUMING that the keyspace would be split (i.e. as the networks grow >> up together) [which I still don't think is the case], > > What happens as we get more and more links between the networks? > Catastrophic > merging? What about a few high capacity links? Etc.. more work can > be done > here. From what I have run so far, the more links the slower the merging (and/or the more likely it is to arrive at an ackward-but-stable state). -- Robert Hailey
