Archne (A Sybil) 1644 1648 by Diego Velasquez How do you protect a growing network from fraudulent activity? On the one hand, creating incentives that lead to fast is the holy grail of design, but fast growth comes with the danger of a malicious actor seeking to reap rewards without doing any work. This is the . A so-called occurs, for example, when someone creates fake accounts to cheat a referral system. growth network inherent tradeoff between virality and fraud Sybil attack How feasible is it for someone to create multiple fake identities and successfully commandeer a network? That depends on the network and its incentives. “Work” in this context is defined as something valuable for the network, which will vary from network to network. One of the most important factors is how much verifiable work one must perform in order to be eligible for a reward. In the , for example, work is either locating a red balloon or referring someone who locates a red balloon. It’s easy to verify when someone finds a red balloon. It’s harder to verify that someone has referred the search to someone else as opposed to a fake account. DARPA red balloon challenge To help safeguard against Sybil attacks, some networks require “proof of work.” For example, we recently launched , nCent Labs. Like the , we offered a recursively calculated prize for people who created a winning logo or referred people who created a winning logo. , since logos created by bots or algorithms stick out like a sore thumb. They require that participants submit some form of work that can be verified in order to be eligible for rewards. This makes the cost of a Sybil attack much higher. a contest to find the best logo for our company red balloon challenge This work can’t be easily faked A would-be Sybil attacker did not dispirit our network. In the same vein, we recently launched a crossword puzzle contest called on our . (It’s not too late to participate!) We’re offering rewards to participants who solve an nCent-inspired crossword puzzle. The clues are lifted from . . Knowing the correct word requires reading and solving clues. The closest a bot could come to replicating this would be to output every word in that has the same number of letters as the active clue. But we only allow a finite number of answers for each person. wordCent telegram channel our litepaper This contest is Sybil resistant because it’s difficult to fake an answer to a crossword puzzle the litepaper That’s why wordCent can’t be easily Sybil’d. An effective proof-of-work system asks for work that is moderately hard to produce but easy to verify. When an attacker can’t dodge the work necessary to earn the rewards, attacking the network becomes prohibitively costly. Beyond a viable proof-of-work system, network designers can also increase the cost of a Sybil attack by incentivizing rewards in favor of certain networks topologies. For example, one could refuse to reward “deep graphs” which have properties more likely to be indicative of fraud. A deep graph is a chain of nodes in a network where each node in the chain has exactly one parent and exactly one child node. One solution is If deep graphs are eligible for rewards, then Sybil attackers can more easily commandeer the network by linking their fake accounts in a one-to-one chain. requiring a node to have more than one parent or more than one child in order to be eligible for a reward. In practice, there is empirical research on what kinds of tree shapes arise organically in a social network. We can use this research to incentivize behavior that conforms to organic growth at both the individual and communal level. Forcing a complex network shape could deter Sybil attacks Perhaps one day a practical and reliable decentralized identity solution will emerge, but until then we are left with more centralized identity stores. There is a tradeoff between the cost of requiring identity versus virality. One approach is to require identity verification to claim an earned but unpaid reward. By requiring, say, a parent and child to also pass an identity verification for the node to be paid the reward, the cost and variance of a Sybil attack becomes higher. Combining this with a requirement for identity to be linked to a device, such as a phone, further increases the cost to attackers. Identity is a full solution to the Sybil attack. We are actively working on problems at the intersection of behavioral economics and computer science in designing sybil resistant incentive markets on blockchains. If you are interested in learning more about our work, contact me at kk@ncnt.io . To stay in the nCent loop, hear me tweet and join our international telegram channel .
