At the moment we don’t have much in the implementation that actively avoids these kinds of attacks. If protocol messages are dropped then this will interrupt the bootstrap and path setup processes, which also is a kind of damage limitation. If a bad actor selectively dropped traffic but kept passing protocol messages then that’s much more of an issue. In that case the logical thing to do is to try and route via another peer that may take another (albeit slightly less direct) path. Partitioning the network is also quite difficult because all it would take is a single set of good paths through the network for the spanning tree to converge on the real strongest key.

Key generation is an interesting point though - right now generating ed25519 keys is cheap and it may be possible to flood the network with lots of nodes, but it still doesn’t really constitute a complete attack, as other genuine nodes may still end up making routing decisions that repair the path. We will need to study it more and simulate it.

We do have an entire list of scenarios to work through but some of these will hopefully be solved at the Pinecone layer and others will be solved at the Matrix layer (i.e. right now full-mesh federation, like what Matrix has today, is wholly impractical for P2P so we will need to do better).

This is by no means a finished product - it’s effectively a research project at this stage and we still have a lot to do to reach the P2P Matrix goal.