Really exited to see the Whitepaper released! Have been waiting on this day since 2013
I must admit I have a hard time getting my head around it though. So perhaps my question is already answered in the paper and I just didn't understand it...
So the Universe is split up in X shards. Each shard is a part of the network contain transaction information, right?
Now what happens if a bad actor (Bob) sets up a lot of nodes that store, say, Shard (2) of the network and by that stores all or at least the majority of that shard.
Now Bob sends a a payment to Alice in shard (3). Alice now asks a node serving Shard (2) if that transaction is valid. But as Shard(2) is controlled by Bob, can't he return false information and thus double spend transactions over and over?
Bob has a few challenges to overcome here:
Challenge 1Bob can never be sure that he controls a shard or a set of them. He can't prevent anyone else from maintaining that shard, nor them being asked about Bob's transactions.
Say Bob constructs an Atom(x) which Alice receives. If there are any nodes that Bob doesn't control, they will also receive Atom(x), either from one of Bob's nodes, or from Alice's or someone else. Bob can't prevent these nodes from receiving it, because he has got to broadcast it to Alice somehow.
Bob later presents Atom(x') which conflicts with Atom(x). Bob can not be sure that nodes that aren't his don't have Atom(x). If they do, when they receive Atom(x') from Carol, they can inform Carol that it is not legit..with proof of Bob's previous transaction.
Challenge 2Bob will have to manipulate his commitments in order to fool Carol and anyone that may have Atom(x'). He would have to create Atom(x) to Alice first, somehow let Alice know about it without Atom(x) information leaking to the network. Later present the Atom(x') to Carol, then submit Atom(x) and the commitment information for him to "prove" Alice was first....double spending x.
Alice might also be part of the ploy.
This is quite the challenge for a number of reasons:
If Bob places Atom(x) into a commitment and makes that commitment known, he is then very likely to be asked to verify that commitment at a future time by a node he doesn't control; Such as when connecting to it, submitting Atoms to it, or when part of a Temporal Proof Provisioning with it.
If Bob doesn't verify any commitments he has submitted when asked, then the node he is connected with will not accept anything from him, nor send anything to him until he does.
If Bob creates two commitments, one which he keeps to himself containing Atom(x) for later use and another without it which he presents to the network. When he eventually presents the original, it will break his commitment sequence in the network.
Recall from the paper that a commitment references the previous one.
Say Bob creates C(2) which contains Atom(x) and keeps it to himself. To preserve his commitment sequence, C(2) contains a reference to C(1).
Bob then creates Atom(x') that is sent to Carol. He can't create C(3), because if he does, he has to reference C(2) which contains Atom(x). To preserve his commitment sequence and for it to be accepted, C(3) also has to contain a reference to C(1).
Later when Bob presents C(2) to prove the existence of Atom(x) BEFORE Atom(x'), there will then be TWO commitments from Bob that reference C(1).
The only way for that to happen is if Bobs nodes are either faulty, or he has manipulated his commitments. Nodes do not modify what they have unless there is verifiable proof that they should. Bob can not have 2 commitments that reference C(1), therefore it can not be proven that Atom(x) was first.
