This article forms part of a 2-part series exploring Sybil Attacks, Sybil Resistance, and mechanisms that form part of the solution in the fight against Sybil attacks.
You’ve seen it before. You’ve lived through the pain, even if you’re not consciously aware of it.
It looks something like this: the thousands of spam emails that sit collecting digital dust in the deep archives of our Gmail. The uncertainty around the validity of Wiki articles, knowing that malicious actors can go in and change them on a whim, to the annoyances of someone gaming that recent online giveaway using three different company emails, so that they get three entries instead of one. And the all-too-familiar way of cheating an online voting system. These are all symptoms of this class of problems in everything we do online, influencing practically everything in the decentralized world.
This problem — that through the power of technology and the internet, a single human actor can pose as dozens or potentially hundreds of unique accounts simultaneously — is not new to the web, nor is it fully solved yet.
This is commonly known as a Sybil Attack.
Understanding the problem is the first step to addressing it effectively – a core milestone to making cryptocurrency and decentralized applications widely usable and available for all humanity.
A Sybil attack is an attack on a computer network where an individual gets around the reputation and account system rules by creating many alternative identities and using them to gain a disproportionately large influence.
It came from the book “Sybil,” a case study of a woman diagnosed with a dissociative identity disorder. The idea is a single individual posing as multiple unique actors. The core problem here is that this poses a direct threat vector in distributed governance models, online reputation systems, or any other digital system where one-person-one-action is a vital axiom to uphold.
“How do we solve the scenario where anyone can create multiple wallets and pose as multiple users? The rate at which money and resources are pumped into web3 projects, especially during a bull market, creates incentives for money-grabbing founders to do this exact thing. Identifying and being able to prevent Sybil Attacks is one of the most important pieces to solving in order for crypto to become usable for the average person.” – Kevin Owocki
How can you adequately run direct democracy models if single malicious actors can suddenly gather the voting power of hundreds of individuals, skewing votes in their favor? And what if the results of these votes involve allocating significant sums of money?
Even something as simple as a referral reward mechanism, where an individual is rewarded for helping grow an ecosystem by bringing in new participants, is subject to exploitation via Sybil attacks.
Sybil resistance is still an active area of study in decentralized systems and online environments. Non-personhood approaches to Sybil resistance includes Proof of Work, Proof of Stake, and Proof of Project (economic barriers to entry). Through the lens of personhood Sybil resistance, it’s about moving towards one-person-one-vote instead of one-dollar-one-vote.
No decentralized system we have ever built has ever been able to stand up to Sybil attacks in a truly meaningful way. And “solving it, need not and should not force us to give up our privacy.” – Bryan Ford
Some of the main approaches of Sybil resistance, depending on the principle you leverage, are: government paper trail/identity, biometric identity, social network/trust network, and presence-based. Yet still, none of these are the silver bullet — they each still contain their own trade offs.
Let’s dive a little deeper:
While this may seem to be the domain of network nerds or technical geeks, Sybil attacks (and Sybil resistance on the part of networks) is a central and core obstacle that the cryptocurrency and blockchain worlds will need to resolve and manage for if they are to reach the grand heights and visions that we all believe they can.
Some of the questions we should be asking are: how do we create a more democratic environment? Do we want one-person-one-vote or one-dollar-one-vote to prevail? How do we opt for maximum participation and inclusion? How do we want to approach identity and personhood? And how do we do all this and still preserve privacy?
If you’d like to dig deeper into Sybil attacks and beyond, check out this podcast with Bryan Ford and Kevin Owocki. For a deeper dive into the mechanisms behind Sybil resistance, keep an eye out for episode 2 of this series coming out later this week!
– Team Gitcoin
Thank you to Eric and MathildaDV for creating this piece.