Temporary rolling DNS checkpoints · Issue #10064 · monero-project/monero
github.com
TL;DR: A malicious mining pool is disrupting the network and could cause deep blockchain re-organizations. DNS checkpoints, which have existed for emergency use in the code since 2014, could preven...

More community input is needed on possible deployment of temporary rolling DNS checkpoints to defend against Qubic attacks: https://github.com/monero-project/monero/issues/10064

Please comment on the GitHub issue and/or click thumbs-up/down emoji reaction.

TL;DR: A malicious mining pool is disrupting the network and could cause deep blockchain re-organizations. DNS checkpoints, which have existed for emergency use in the code since 2014, could prevent deep blockchain re-organizations, but Monero’s blockchain consensus protocol would temporarily be less decentralized.

Advantages

Practical advantages

  • The code for this countermeasure has been in the Monero codebase for over ten years. The countermeasure is ready to deploy now, once final testing, “procedure smoothing” (see below) and successful outreach to honest mining pools is completed.

  • Humans (i.e. the Monero Core Team) could intervene by ceasing or modifying the checkpointing procedure if the checkpointing produces undesirable results.

Principled advantages

  • Rolling DNS checkpoints could keep the Monero network working, with minimum disruption, for the thousands of users who depend on it every day for private peer-to-peer electronic cash.

Disadvantages

Practical disadvantages

  • Rolling DNS checkpointing has never been deployed on Monero’s mainnet before. Something unforeseen could go wrong.

  • Successful checkpointing requires most of the major honest Monero mining pools to voluntarily enable DNS checkpointing enforcement. If the mining pools choose not to, rolling DNS checkpoints will likely be unsuccessful.

  • Maintaining control of the DNS records would require strict security procedures. Two previous security incidents in 2019 and 2023 involving malicious software hosted on getmonero.org servers and theft of community donated funds should be kept in mind.

Principled disadvantages

  • Without a doubt, Monero’s consensus mechanism would be less decentralized if rolling DNS checkpoints were enabled.

  • Monero nodes would temporarily no longer follow the chain with the most proof of work.

  • Mining pools following the DNS checkpoints would be similar to a situation of the majority of mining hashpower coordinating and colluding against a minority hashpower miner. “Majority hashpower cannot collude” may be considered a security assumption of proof-of-work consensus.

  • gogr8@monero.townEnglish
    1·
    1 day ago

    Given that a coordinated attack resulting in a deep reorganization is no longer just a theoretical possibility:

    I firmly vote “Yea” on this proposal, but with the significant proviso that this should only be done if CLOUDFLARE can be kept out of it entirely and completely.

    DNSSEC and the conventional DNS network are resilient without needing the support of any large monopolistic influence as an intermediary in the running of the Monero network.

    • gogr8@monero.townEnglish
      1·
      1 day ago

      Also, FUCK Github and FUCK Microsoft.

      Using Microsoft to discuss decentralization is…not very smart :-|

      Our community will have to do better if we are to have any hopes of keeping XMR decentralized.

  • silverpill@mitra.social
    3·
    6 days ago

    This is a sensible proposal. Leverage existing trust to solve the problem.

    I think a more advanced version of this that doesn’t depend on DNS might even be a good long-term solution. A Proof-of-Authority consensus, perhaps? Qubic have demonstrated that algorithms can easily be gamed, but humans are more complicated.