> You can prevent nodes from connecting to you (no inbound connections), such that you choose (randomly) which nodes to connect to. Choose a sufficiently high node count, and you’re almost certain that you don’t select a group of coordinating malicious nodes.
This sounds suspiciously like either a) choosing who to trust in advance, which negates one of the few benefits of blockchain-based cryptocurrencies that I accept exist (even if I don’t value it highly); or b) relying on random numbers being both fair and not being tampered with, even though over-reliance on that is one of the common failure modes with cryptography in general.
>b) relying on random numbers being both fair and not being tampered with, even though over-reliance on that is one of the common failure modes with cryptography in general.
If you are interested I was an author on a paper which looked at the probability of choosing bad nodes, how an attacker could manipulate this and what bad things an attacker can do once they partition you from the network. Many of the countermeasures and security enhancements we proposed are now in Bitcoin making the network harder to attack.
> Could someone surround my node with malicious nodes and put me on a forked chain?
Thanks for this paper, it’s a really excellent read and explains the eclipse attack really well. I would love to track down some similarly structured papers.
> relying on random numbers being both fair and not being tampered with
You can easily validate that a block is valid and has the correct PoW. For this to work an attacker needs to be mining valid blocks (expensive) and partition the bitcoin network in a way that nodes can't talk to each other (mission impossible). Then the attacker needs to make use of this split chain so that a double spend can occur. I wouldn't be that worried.
This sounds suspiciously like either a) choosing who to trust in advance, which negates one of the few benefits of blockchain-based cryptocurrencies that I accept exist (even if I don’t value it highly); or b) relying on random numbers being both fair and not being tampered with, even though over-reliance on that is one of the common failure modes with cryptography in general.