Overview
This document describes the threat model for ComputeNet, including security assumptions, potential attack vectors, and mitigation strategies.
Security Goals
ComputeNet aims to provide the following security properties:
- Correctness — Verified results are computationally correct
- Integrity — Results cannot be tampered with
- Availability — The network remains operational
- Censorship resistance — Jobs cannot be arbitrarily blocked
Trust Assumptions
The protocol makes the following assumptions:
- At least 2/3 of validator stake is honest
- Cryptographic primitives are secure
- Network can eventually deliver messages
- Clients can verify proofs correctly
Threat Categories
Validator Attacks
- Incorrect computation with false proofs
- Collusion between validators
- Selective job execution
- Result manipulation before attestation
Network Attacks
- Eclipse attacks on individual nodes
- Network partitioning
- DDoS against validators or coordinators
- Message replay or reordering
Cryptographic Attacks
- Proof forgery attempts
- Signature manipulation
- Hash collision exploitation
- Side-channel attacks on proof generation
Economic Attacks
- Stake manipulation
- Bribery of validators
- Front-running of job results
- Resource exhaustion attacks
Mitigations
Key mitigation strategies include:
- Cryptographic proofs for all computations
- Economic penalties (slashing) for misbehavior
- Multi-validator attestation requirements
- Randomized validator selection
- Rate limiting and resource controls
Draft Analysis
The threat model is under active review. Additional attack vectors and mitigations may be identified through security analysis.