Published há 2 anos • 4 minute read

What is dPoSec and Why Is It Critical to Decentralized Cybersecurity?

Cybersecurity is… complex.  It’s sophisticated, complicated, and employs some of the smartest people on the planet.  There’s only one problem.  Some of the other smartest people on the planet spend their extensive intellect and creativity finding ways to break this security.  Further, cybersecurity is a classic tower defense game.  The tower has to protect itself at all times, in all ways.  The opposing force just needs to find one crack, apply the right force, and boom—the tower is breached.  

Giving up isn’t an option, not with the estimate that by 2025 we face a $10 trillion cybercrime problem.  That’s simply too much money to lose, and this estimate assumes that cybersecurity continues to innovate and improve.  With the odds stacked against us, what options do we have if we want our systems to be secure?

Liabilities into Strengths

There are a few ways we can approach a better solution.  Logically, we could look at the biggest weaknesses of the system and try to strengthen them.  This ends up playing out like a game of “Whack-a-Mole”, but it’s worth a start.  

For one thing, cybersecurity protocols were never designed to serve networks with exponentially expanding endpoints located across the globe.  This year we are estimated to reach 50 billion  connected devices, and in general the more complexity a network contains, the more points of failure.  This has been realized countless times, even in the more robust blockchain models that have promised completely secure networks.

Next, current detection time for a reported breach is 280 days on average.  This gives the thieves a LONG time to get away, spend money, sell stolen records, or whatever else they’d like to do.  And if they live in a fairly long list of countries, there aren’t clear diplomatic ways to even pursue them.

So:  in order for our system to embrace the top cybersecurity challenges, it needs to get stronger instead of weaker as it grows, and reduce breach risk/detection down to zero, or as close to that as possible.  This is no small challenge, but a new Web3 platform named Naoris Protocol claims to have done exactly that with their dPoSec (Distributed Proof of Security) consensus model.  Does it live up to the hype?  Let’s find out.

 

dPoSec (Distributed Proof of Security) 

Naoris Protocol, the team behind dPoSec, doesn’t make these claims lightly, and they don’t tend to hide behind confusing lingo when describing their system.  Dense?  Yes.  Complex?  Yes.  But not ambiguous.  The section on dPoSec, what it is and what it can do, covers a full 10 pages of their 40-odd page whitepaper.  We aren’t going to fully summarize dPoSec here, but we’d recommend you visit their site and read the whitepaper yourself.  

What we can summarize here are the key features and the benefits this model should provide for users.  While it will need to adjust, evolve, and pay attention to upcoming threats, the protocol has been designed to prevent a comprehensive and diverse set of threats, many of which have bested some of the most advanced cyber security systems to date.  

The consensus has been built around a few core principles.  It uses a starting point of Byzantine Fault Tolerance (explained more here).  This helps to ensure that the system can operate even if nearly a third of nodes have been compromised.  It then builds a number of layers into its security to address key challenges faced by decentralized networks of nodes and validators.  Some of these threats include:

  • DoS for a Leader
  • Selfish Mining
  • Feather Forking
  • Bribery Attacks
  • Posterior Corruption
  • Transaction Integrity Protection

It addresses these threats using a number of innovative tools.  Randomizing the potential leader for a given round and publishing the block candidate instantly protects attacks against key validators.  Creating irreversible checkpoints prevents various chain takeover methods.  And a strong use of signature validation and zero-knowledge proofs help protect privacy and prevent the ability to find and compromise validators.  Further, nodes utilize an AI-based swarm behavior to constantly verify all other nodes, creating a constant verification pulse throughout the network.

This is critical for scaling, and the methods used utilize the growth of more and more nodes to cross-check the other nodes in the system, turning potential points of failure into valuable assets.  Here is where the system starts to resemble an “Antifragile” structure, which is critical for growth and for becoming stronger the more stress is encountered.  

More than Security

It is certainly true that these methods create an intensely strong protocol that becomes more reliable as it grows in size.  This is critical, but it isn’t enough.  For a protocol to truly be useful, it needs to maintain fast transaction times no matter how big it gets.  This is a major issue seen with many blockchains, such that even the strongest protocols will be crushed with exponential growth.  Fortunately, the dPoSec has one more trick up its sleeve.  It operates using a series of “Verge Clusters” (see the WP for more detail), which allows two important results.  First, instead of waiting a long time for validation from the network, the protocol reduces the odds of a successful malicious attack so much that the next block in a series can be submitted immediately, and a re-verification of the network’s High Secured Nodes ensures that there are no issues.  Because of this, the network will not face a reduction in transactions per second the way a traditional blockchain will the more it grows.  They have removed this critical bottleneck by moving the security steps upstream, making them scalable, and making them better.  

The dPoSec consensus wasn’t an accident.  It took years of development by those who have seen and done it all, and who understand the critical problems that need to be solved.  We look forward to seeing the dPoSec operational across chains, taking a bite out of that $10 trillion cybercrime figure as quickly as possible.

 

Comentários

Ainda não há comentários ... Comece a conversa!