Blockchain developers aren’t the first humans to face identity verification problems. In the book of Exodus, Moses finds a peculiar bush that is on fire but not engulfed in flames. When it’s revealed that the burning bush is God delivering a message to his people, Moses asks quite reasonably: how will they know it’s really you who sent me, when I tell them? It turns out that not even God is above identity verification.
“Tell the people of Israel: I AM has sent me to you.” Exodus 3:14
When it comes to incentive programs, the problem is that there’s an inherent tradeoff between the virality of the program and its resistance to identity fraud. Anyone can create an algorithm that distributes a novel crypto-coin to every person in the world. Without any additional layers of security though, such network would easily fall prey to a Sybil attack. Put another way, fake identities would be created for the attacker to gain more rewards than they are fairly owed. Designing a system that is both viral and resistant to such attacks is a holy grail.
Do you remember the DARPA red balloon challenge? They sponsored a competition to find red balloons, and a team from MIT solved it in just a 8 hours using recursive incentives. Anyone who found a balloon for MIT would win $2000, and anyone who referred a balloon finder for MIT would win $1000. Even if you referred someone who referred someone who referred someone…you’d win some amount of money in return. The truth is that MIT was lucky that it solved the challenged in only a few hours, because Sybil attacks were most certainly on the way.
As Babioff, Zohar et al clearly pointed out, the system had the unintended consequence of incentivizing the creation of false identities to extract undue rewards. For example, if Alice knew where a red balloon was located, she could create two false identities, “Bob” and “Carol,” and claim to have been referred by them. She could add to her reward without doing any additional work.
Many of the “needle in a haystack” problems we’re tackling are best solved by an ad hoc viral network. Finding the right employee, for example, is easiest when you have a large group of people (i) applying and (ii) spreading the word about the job opening. As networks grow, though, it becomes harder to remain resistant to a Sybil attack. Therefore, one of the fundamental goals of nCent is to discover the point at which the virality of a network is maximized relative to acceptable levels of identity fraud. In reality the answer is really a set of answers depending on the properties of the particular incentive program being discussed.
A common challenge of an incentive program is to maximize network membership while minimizing the opportunity for fraud. This property is one of the most under-appreciated aspects of Bitcoin — and what makes it such a powerful system.
When a Sybil attack occurs, a large part of the network doesn’t contribute new information. It is instead dominated by one actor who creates numerous nodes simply to ensure that they reaps the rewards if someone finds the solution. The very incentives that can lead a network to rapidly grow can therefore also lead to its demise. Additionally, the attacker in the red balloon case would be able to receive upto twice the reward they deserve (instead of just $2000, they can collect almost $4000 in added chunks of $1000+$500+$250+$125.5 etc). This can dispirit the efforts of the honest participants, and cause the network to fail. So you see, identity verification ends up being the limit of virality.
nCent is actively working on identity and other related problems such as collusion and fraud detection. There are a number of interesting ways that we’ve come up with for securing our native blockchain protocol. We explain some of our approaches in Beware of Sybils Not Bearing Proof of Work and our upcoming whitepaper. See our upcoming posts for more information, or contact us to learn more!
Think you have new ideas about how to approach identity verification? We’re all ears. E-mail me directly at [email protected] to discuss!