Group Size Calculator

How much effort does it take to control a group on the SAFE network?
This calculator estimates the security of the Close Group Consensus mechanism used by the SAFE network
The first section is based on a very simple model. Each subsequent section adds progressively more factors.


This calculator demonstrates a few principles of the SAFE network design:
Security increases as network size increases.
Security increases as churn increases (ie as vaults join, leave or are relocated in the network).
Successful attacks are a matter of when, not if. Success is based on 'chance' rather than a binary 'attacked' vs 'not attacked' result. This is a natural consequence of the non-deterministic vault naming used by the network.
The calculator is not a complete model of the network security. Refer to the Notes at the bottom of the page for more information.

Network Specification

The minimum number of vaults per group is and maximum is
Groups contain an average of
To reiterate, some groups on the network will be small in size and some will be large, but on average groups will be medium in size (as calculated above).
The total network size is thousand vaults
This makes for a total of
Quorum required for group consensus is
The attacker requires control of to control an average sized group
In the worst case scenario, the attacker requires control of to control a small group
The attacker is able to join (and decide to stay or leave) the network at a rate of joins per second

Simplistic Analysis

Consider a simplistic approach, where each consecutive vault to join the network is coincidentally located in the same group
The worst case scenario where in a row join an identical group will happen with a chance of , ie a frequency of once per
At an attack rate of ? joins per second, the worst case scenario would happen once in
Using the same simplistic approach, the chance of in a row joining an identical average sized group is , ie a frequency of once per
A successful attack on an average sized group would happen once in

Non-Consecutive Joins

Consider a more realistic scenario where an attacker accumulates attacking vaults, ie each vault retains their membership once joined to the target group.
This means the attacker doesn't require consecutive joins as simulated above.
This is still a fairly simplistic approach, since it ignores non-attacking vaults that coincidentally join the target group (or leave it or are relocated to it).
The first join always ends up in a group. This becomes the target group.
This leaves still to join the group to achieve quorum
The attacker aims for a percent chance of controlling an
This means each individual vault must retry joining the network until they have a chance of being relocated into the target group
Each vault will take to have ? percent chance of successfully joining the target group
This means the attacker must perform on average for a ? percent chance of controlling a group
This attack takes

Chance of Interruption

Other vaults will be joining, leaving and relocated in the network at the same time the attack is happening.
What is the chance of this activity interrupting the attack?
New vaults join at a rate of vaults per day
Existing vaults permanently leave at a rate of vaults per day
The network automatically relocates long-lived existing vaults after days
This gives a relocation rate of
The overall interruption rate on the network is or
There are in the network during an attack on an (which takes ? days)
The chance of an interruption to the target group during an attack is
Interruptions delay the attack and reduce the chance of a successful attack, but does not necessarily altogether prevent it or set it back to square one.


  • The utility of controlling a group is not calculated. Greater utility motivates an attack.
  • The cost of an attack is not calculated. Larger costs reduce the motivation to attack the network.
  • The feasibility of an attack is measured by comparing the utility with the cost. This calculator does not determine the feasibility of an attack.
  • Data-chains allow groups to assess the honesty of other groups. Therefore successfully abusing control of a single group often requires control of more than a single group.
  • This calculator does not account for other means of controlling specific vaults, such as bribery or secretly distributing malicious vault software. These attacks may be more effective than attacks on the joining algorithm.
  • This calculator does not measure the difficulty of spreading the attack after a group is compromised, or the likelihood of recovery from a compromised state back to the original uncompromised state.
  • The target group grows in size as attacking vaults join it, increasing the quorum size for the group. This increases the difficulty of an attack, but is not included in this calculator.
  • Attacking vaults should target a particular 'end' of the group (the high names or low names) rather than the middle so that if a split occurs during the attack the malicious vaults end up in the same group. The added difficulty of targeting a particular portion of the group is not included in this calculator.
  • When vault ageing is introduced, joining a group as a quorum member will take longer than simply being allocated a name by the network. This greatly increases the time taken to perform an attack and decreases the chance of success.
  • Offline attacks to the relocation algorithm are not included in the calculator.


There's a discussion of this calculator.
The code is available for review or submitting issues or pull requests.

Further Reading

Security of Close Group Consensus is a very well discussed topic.