Resent Payment Field with airSlate SignNow

Resent payment field

what up youtube patrick here and today i want to talk about spam because it's been in the nano news a lot lately so first let's get into some basics so as everyone knows nano has no transaction fees if i send you 1.1 nano you receive 1.1 nano now that does not mean that nano has no cost because how else do you prevent people from spamming the network right otherwise i could just send millions and millions of transactions clog up your hard drive clog up the network and that's where proof of work comes in it's basically just a mathematical guessing game to prove that you've put some time and effort into your transaction and that it has some value being transferred uh here you can see a picture of a block or the fields inside of a block and one of those fields is work and proof of work is kind of hard to create but easy to verify which makes it perfect for a system like nano in the place of a transaction fee in nano's case proof of work is typically pre-computed meaning that when you hit send on your wallet the transaction is broadcast instantly because the proof of work was already done and then once you hit send the proof of work for the next transaction starts to be done in the background and that's really nice because normal humans aren't sending hundreds of transactions right up right after each other it's usually maybe a couple transactions a day a few minutes apart sometimes days apart so on and so forth so that kind of matches how humans make transactions right whereas a bot or a script that's doing proof of work or that's trying to do transactions constantly will have to keep doing proof of work over and over at that point of time which kind of slows them down currently proof-of-work can be done client-side yourself on your own machine if you have the right wallet or more typically if you're using natrium or nalt one of those like a mobile wallet they usually outsource the pow to a system like distributed proof of work depow or boom pow or p2p pow is a new one or p2 pal and they can do that they're basically subsidizing the power cost for you because one it's pretty cheap for them and two the a lot of mobile app stores consider pow to be mining and against their store policies so there's kind of some restrictions there but anyways that's the basics of nano and proof of work so let's get into some of the spam related activity from recently what are the concerns the biggest concerns are saturation where the attacker does so much transactions that the network is clogged right and it takes longer for you to make your own transactions basically the network is full uh uh then another concern is ledger bloat right if they're making millions of transactions are they filling up hard drives and making it basically more expensive to run a node potentially fees because like we just talked about services typically subsidize the proof of work effectively for usually mobile apps or mobile nano wallets and if the pow costs go up does that make it more difficult for them to subsidize could be uh centralization is another concern mostly tied to the ledger bloat piece if the ledger size gets too big and uses up too much hard drive space then it becomes too costly and only a few people can run a node theoretically right not everyone can afford terabytes of storage another potential issue is just naturally improving hardware moore's law right every year new graphics cards come out that makes it easier and easier to do a proof of work at least the base proof of work another concern for some people is distributed denial of service or just regular denial of service uh in combination with other maybe attack vectors like maybe you ddos a bunch of of nano nodes to try and uh double spend or something could that be a spam related concern for some people yes but we'll talk about the mitigations and answers to these and also potential potential future solutions to some of these also for reference before i take a look at this chart um i did the math based on average u.s electricity prices and a 1080 ti which is formerly a top top in the graphics card now it's probably mid to high since it's about two generations back but doing the math for that you could basically get 5 500 proof of work for one dollar assuming you've already paid for the graphics card and you're just doing it at cost which comes out to basically two one hundredths of a penny per transaction so pretty low but that gives you some idea of what we're working with so that is a cost right but it's not particularly high so an attacker with hundreds of dollars or thousands or millions of dollars could spend the money to do a lot of proof of work right is that a concern uh and so this has come up actually i'm just going to skip to the next slide because it has this a little bit bigger so one of the concerns lately has been nano has been under repeated spam attack normally we hover at maybe under 10 confirmations per second but lately we've been hitting 100 150 200 in constant bursts and when you look at those transactions they're basically zero value transactions like one raw which there's 10 to the 30 raw in a single nano it's a i don't know how to describe that number but it's massive but so they're doing a very very very small amount of nano and they're just spamming thousands and thousands of transactions uh you might have seen one of my twitter posts where they dropped 60 000 blocks transactions in like 10 minutes basically so nano is repeatedly being hit by these spam attacks lately so what's the actual impact and what what's the concern or the concern that we talked about before how much is it really impacting nano so i'm going to walk through all these different charts shout out to nano ticker for these which is they're very beautiful and great a great helps in visualizing what's going on so this top chart is the total number of transactions where here at the time of the screenshot there were 64 million 900 000 blah blah blah nano transactions total but you can see these little jumps here these little bumps that coincide with when the spam happens because boom they've dumped another ten thousand hundred thousand transactions on the network that the network has has to process and the total number of transactions goes up here this chart is the one that we probably want to focus on and it shows the uh blocks per second bps so how fast the is actually just broadcasting out transactions versus cps how fast the network is confirming transactions so you can see here that there was a spike at like 150 175 maybe 200 bps and then a little bit why a little while later cps was at over 100 so at first glance some people get concerned by the gap between bps and cps because that means okay a bunch of transactions are dumped on the network but they're not processed immediately and that's partially true but there's some caveats here one is almost by physics there's a limit to how many transactions per second a single account can do because it takes 250 milliseconds normally for a transaction to confirm and you can't confirm the second transaction in a chain before the first one right you have to do the first one then the second one the next one because they're chained together that limits you to about four transactions per second per account so what do attackers do to get around that well they create hundreds of accounts stage them with a little bit of nano and then they make transactions so that they can increase the total transactions per second and that's partially what's happening here even when they make thousands of accounts though usually they're they're not one-to-one mapping the accounts to spam so there's still a little bit of a discrepancy between bps and cps of course the other reason for discrepancy between bps and cps is when the network hits saturation right for reference the nano network in prod the main net can do between 160 to 240 cps before it hits saturation somewhere in that range because it varies by type of spam number of nodes out there hardware on the nodes but somewhere in that range once you hit that the network as a whole starts to slow down this is pretty similar to bitcoin and it's mempool right where an attacker could send a whole bunch of zero zero fee transactions they fill up the mempool and then people have to start paying higher and higher fees or they could do one cent bitcoin fees to fill up the mempool even more and push the fees higher same concept for nano but with proof of work so in most cases the goal or the hope is to stay below saturation so that everyone's transaction all the legitimate people's transactions process normally but with enough proof of work and a motivated enough attacker you can hit saturation and that's just a fundamental limit of you you have this much available network capacity cpu memory hard disk whatever the constraints are and humans attackers spammers even legitimate users are always going to try to use as much of that as possible at some point right so that's where pushing scalability becomes really important for nano and really any cryptocurrency i guess so moving on to some of the other charts this is an important chart to keep an eye on just because it gives an idea of the network is saturated or not another important one is this block confirmation time as you can see we usually hover around less than 500 milliseconds i think 250 milliseconds average according to this or 270 something like that with some spikes whenever there's a spam attack but there are some caveats with this chart because this takes all transactions into account including the attacker spam which has to be uh has to be confirmed in order remember so if there's like the 10th transaction in the attacker's chain and we're waiting on the first nine that increases the average even though in reality for most people legitimate users their transaction times are still at 200 milliseconds and you can see that in this bottom right chart here so this chart shows the nano ticker node makes repeated health check transactions basically from germany to norway and it times those transactions so normally and even during spam you can see even during these spikes it's still around 200 milliseconds maybe 400 milliseconds we'll i'll show a different graph in the future however when we really hit saturation that's when this uh this chart or these transactions also start to climb so when the network is truly maxed out essentially normal transactions start to get affected more and more so here you see we spike to seven seconds basically uh here it was like two seconds for these test transactions so how do we combat that well that's where dynamic proof-of-work and proof-of-work prioritization come in and i'll talk more about that in a future slide an attacker usually computes their proof of work at the base level right because they want as many transactions as possible as cheaply as possible to fill up the network a normal human user can easily do proof of work plus one like a little bit more difficulty to move to the front of the line and that's usually what users and services do during a saturation event and that's basically in my view that's going to be the biggest long-term solution to spam is basically making it so that normal users aren't really affected during saturation that's how bitcoin works right even when the mempool is full and fees are ten dollars plus if you pay a fifteen dollar fee you get moved to the front of the line and you're right in that next block the next uh batch of confirmations right and that's basically what nano is mimicking but with proof of work however over these last few days there have been some issues with proof-of-work um prioritization and this is not a new issue it wasn't just um discovered because of the spam it's a long-term known issue and the devs improve the proof-of-work prioritization every patch basically or every new release because the the challenge is different nodes can receive transactions at different times and when you're when the network is saturated it's difficult for everyone to communicate what transaction they want to confirm right at the same time right so it takes some work and some tuning to get better and better and they're going to continue focusing on that so those are probably the four charts that you care about most here on this chart of course there's we have max versus average and this chart is kind of interesting this is one that i like to keep an eye on with older node releases because what would happen during high spam events is some nodes would actually crash or die and fall off the network but as you can see here even during the spam the number of nodes stays pretty flat there's a little bit of variance which is expected from a few nodes that maybe run out of storage or they don't have enough specs to keep up and they fall off the network but they're not truly crashing they're just slowing down in most cases they're just slowing down until they can resync back up um but what's interesting with this particular graph is notice this huge spike of nodes to a thousand nodes just briefly that could be a sign of a simple attack where someone is trying to spin up a ton of nodes to see if they can impact the network some way that doesn't affect nano really because of open representative voting and the the weight required to confirm transactions so just spinning up more nodes doesn't make make it easier for you to try and process it or try and confirm a bad transaction but it that is just an interesting observation here so here's zooming into one of those spikes we can look at it a little bit more in this case there's a gap between bps and cps at the beginning which could be one the natural limitation of account based spam right if the spammer didn't create enough accounts then their their tps or cps is effectively capped but it could also be and it probably is here that the network hit saturation at this point so like 175 ish it looks like maybe we hit saturation and so the attacker was spamming bps but the network couldn't quite keep up so cps was a little bit lower then as the spam dropped like right here where it crosses over the network starts catching up because it has resources again and notice that again connected peers is pretty flat that's a good sign no nodes are like dying or cross crashing off the network and also notice that for the most part everyone else's transactions normal transactions are still in that 200 to 400 millisecond range however there is a spike when saturation is having issues and this particular node had to wait 25 seconds for their transaction to be confirmed which is high but it's also this is nano doing pretty good at handling the spam and recovering right there's always going to be an upper limit there's always going to be a time or a point where you hit saturation and that's when confirmation times climb keep in mind though of course this is still many orders magnitudes faster than bitcoin even under the spam attack so that's a good sign but this is something that could be improved and will need continued focus on here's another spam attack from recent times but notice this time the bps and cps pretty much matches meaning the network probably didn't hit saturation and again you can see that confirmation times didn't really climb for anyone in this case this looks like a big spike but the the scale has shifted from 200 milliseconds to like 400 milliseconds so still extremely fast transactions for almost everybody even at the the broader um median block confirmation times which remember includes the attacker's transactions that we're waiting on the ordering the ordering starts to play a role uh even then the median is still what 300 milliseconds it does climb to like eight seconds but that's probably mostly on the attacker or the spammers account so not bad that's that's the current state of the network we can never truly solve spam right ddos and spam has been an internet problem since the beginning of time but we can make it so that one the cost to the spammer is high enough that it's not really worth the effort at the same time though you can't really make the cost so high that it affects legitimate users at least at the base because then then what's the point but i think it's possible to find a balance between this the time and effort it takes a spammer versus the gain they get out of it right if we if we nail proof of work prioritization and make it so that anytime a legitimate user does a little bit more pal they're they're actually at the front of the line and processed instantly then the spammer is spamming for nothing right they're maybe bloating the ledger a little bit they're wasting some resources but at the end of the day it's not really having an impact nano has gotten better over the releases but we're not quite there yet so that's something that the devs are aware of and they have focus on if you want to participate in the conversations check out the official forum discussions or discord where this has been discussed countless times and colin lemay who and the rest of the nano foundation are aware of it and they're making progress in that direction so recapping the current solutions we have dynamic proof of work and proof of work prioritization which like i said can always be improved uh pruning is coming it's actively in the beta network and will help for the storage cost piece of things it doesn't solve every issue because for example the attacker can send transactions to a bunch of different accounts instead of the same account and that's a lot harder to prune but also moore's law already as is plays a role uh viren varan i don't know how to pronounce his name published a google sheets calculator that you can play with i'll put a link to in the description where even if you don't include pruning shows that moore's law alone okay moore's law is the argument or the theory that every 18 to 24 months computing resources basically double um storage memory cpu so on and so forth and that's held true for many years with a little bit of deviations but more or less that's the case so using that alone variant created this calculator that shows that in the short term yes storage storage cost jump up a little bit but even without pruning moore's law brings those back in line to something that's affordable for most people uh there's also so on the the user side the user experience side there's distributed proof of work which is different from dynamic proof of work remember dynamic proof of work is when the proof of work thresholds change from like base level of one to a two times multiplier five times multiplier that's something different distributed proof of work is a system that a lot of apps like natrium or mobile based wallets use to offload their proof of work because they can have you could have multiple gpus multiple people contributing to that service and it cost the wallet minimal amounts so remember so i did the math and at cost if you're using you average u.s electricity prices is 13.9 cents per kilowatt hour that's two one hundredths of a penny per transaction and that doesn't even account for uh people who have much cheaper electricity across costs across the world and they can contribute to these services so the theory is that as nano gets more used as the services scale because they have more users they're able to monetize more and they're able to continue subsidizing the pow cost maybe that's not always the case but of course you could always do your own proof of work if you really want to contribute your own pc's work or you can pay a fee that's an option and then don't forget even as is a one terabyte hard drive costs about a hundred dollars so if you're running your own local node like in your house or in your own data center like maybe binance might run their own node uh you could get two billion transactions effectively for a hundred dollars what does that equate to 115 days of straight 200 confirmations per second which the attackers haven't got close to because that's that's a much higher cost so that will shut out some low end hobby nodes but remember that nano doesn't need everyone to run a node to be decentralized we just need enough nodes and enough distribution that it's infeasible to collude or try to double spend all those attack thresholds so for example imagine you had a hundred billionaires all running their own nano node right because they want access to the digital gold standard that is nano while yes that may be kind of less decentralized than today where we have hoppy nodes it's still pretty decentralized because you have a hundred unique entities participating in consensus kind of like bitcoin mining pools right now there's like three or four big mining pools that make up the majority of uh bitcoin's consensus percentage or distribution and it's still decentralized because you have that separation what about future solutions because this doesn't solve everything have we as we've seen there's still a little bit of concern with prioritization uh with hitting saturation how cheap it is for an attacker so on and so forth uh so what can we do well there's dynamic proof of work and prioritization optimization that can constantly happen uh and it is happening the v22 beta includes some of these changes and it's probably going to continue forever right you can always tweak things to make it a little better pruning can get a little better and more granular so the basic level of pruning is just one block per account you just need the latest confirmed transaction for every account right but you can get much more aggressive than that you can say even for pending transactions those ones that are hard to prune in the traditional way maybe we don't need the pow field to be stored on the database after we've confirmed it right after we've logged it on our node maybe we can strip that to save some space maybe there's um yeah there's different things that you can play with right and you can check out the official forums for a lot of discussion and brainstorming on this um along those same lines there's also different kinds of proof-of-work we could do we could say maybe for lower transaction sizes you increase the proof-of-work we have to be careful of this because we want nano to be accessible to the whole world right but there's different variables like that we can play with something that xrp does and we could brainstorm or consider is minimum account balances maybe you need to have 20 nano in account okay that sounds way too high but in theory you could consider those things i i personally don't like the minimum account balance thing but you could play with the right balance and maybe come to a solution that node operators would agree on a big one for me that i would like to see is pre-computing limits because most of the spam attacks we're seeing right now are not from gpus actively running in parallel because that's kind of costly like you actually have to have 10 gpus constantly doing proof of work whereas now you can have one gpu and it just computes for a few hours and then dumps it all at once so maybe we make it so that every hour or every day you have to do a new kind of proof of work so even if you pre-computed before it gets cancelled effectively and you have to do new pre uh new proof of work um to kind of help mitigate some type of spam there of course with all of these things there's some implementation issues they may not be feasible others may be feasible or there could be pushback see the forums for discussion there's a lot of smart minds working on this there's a lot of potential solutions and we'll probably and will probably need a combination of them but that's something to keep in mind and then one something that colin mentioned that caused a lot of drama and concern was legal action so i want to stress that legal action is not the solution and it won't work in most cases and a lot of people don't like to see it they think oh it's an open decentralized network let people spam which is true to some extent but if you already know the limits of the network you're not getting much out of just spamming it over and over again right but okay for argument's sake we'll say let people spam what could happen and is one of many uh potential mitigations not the mitigation is that some services who are using nano as a backbone say maybe visa or natrium or whatever if they are measurable measurably impacted by spam and the spammer has said hey i'm spamming to take down the network something like that there is historical court precedent depending on your jurisdiction where they can be sued and um action is taken against them of course that's not the solution we shouldn't rely on that these other things are much more important but that is a valid action that some people can take in the certain circumstances that's something that can be used as as a deterrent for some people right blizzard actually did this before when they were being constantly ddosed by uh some spammer or attackers they found one they took him to court and they won the court case because the spammer said i'm doing this to harm the network effectively or even if they didn't say it there was enough evidence that that happened but of course like i said that won't work in most cases the spammer's not going to tell you i'm doing this to hurt the network there's not going to be evidence you won't know who it is and the network should be resilient right one note though what does resilient mean nano it's almost impossible to guarantee in every certain circumstance that legitimate users will always have less than one second transaction times it's just not possible physics comes into play even credit card networks in the past have had issues right where you go to the store like oh sorry our machine is down now we don't want that for nano and we want to be as scalable as possible as resilient as possible but as long as nano nodes don't crash and they can catch up that is our real goal and we should make it as difficult as possible for spammers to affect legitimate users uh one concern that some um people bring up with ledger bloating is bootstrapping right if you have a huge ledger it becomes more and more difficult to catch up or if you're starting a fresh node to actually sync the whole ledger and verify transactions for yourself so one thing that's kind of unique to nano is because of the block lattice data structure and because of open representative voting you really only need the most recent confirmed transaction roughly there's some caveats but the most recently confirmed transaction in every blockchain to continuously and trustlessly validate transactions on the network uh what i mean what i mean by that is when a transaction comes in you compare it against the previous most recent transaction and say oh is the amount being transferred valid is the proof of work valid blah blah blah does it look good right if it looks good and it gets confirmed that new transaction becomes the latest transaction and you can basically get rid of the old one right and then you keep doing that so you're only storing that one transaction per account so in theory what you could do is have a form of bootstrapping where you straight up reach out to the representatives and just pull the latest version and you confirm those right you ask all the different um representatives up front which this causes some some people don't like this idea because they think it's not really trustless not trustless enough because you you have to kind of hard code some uh representatives up front but i'll i'll ask people to remember that the only thing that really matters in a decentralized payment network is that you're able to pay and transact with whoever you want to transact with right if i'm trying to transact with you you have an incentive to give me the valid ledger right and even if you gave me a bad ledger the worst that would happen is we would be on separate parallel networks from the real nano network right it'd be like banana versus nano so it would be different balances if you made a transaction on one network it wouldn't affect the other so really it's like a temporary delay at worst because eventually you'll find oh i'm on the wrong network let me go to the real network and so on and so forth that's why i think top-down bootstrapping could be a good solution for the bootstrap sync issue and of course giving more scalability to nano is another potential solution especially in combination with everything else right the the higher the cps limits are for the network the more difficult it is for an attacker to hit saturation and affect everyone else so optimizations there which there's some interesting discussion on again the forum reddit discord optimizations there can push nano a long ways so anyways this has been a long video i'll stop it there uh hopefully that helped you feel free to ask me questions i think maybe in the future there might be some interest in just having a live stream or a community panel where we just discuss and brainstorm and talk about what's happening what issues are so on and so forth so i'll consider that uh if you made it to this point in the video let me know i'd be quite surprised if anyone does but as always if you have any questions comments or concerns let me know peace