BrightID tackles the problem of Sybil (duplicate account) attacks. By developing a public graph, BrightID has brought about an infrastructure in which different algorithms can be tried to counteract such attacks. Applications will choose what algorithms suit them best to verify their users.
Bitu is the first graph-analysis-based verification method that BrightID offers. The nodes inside the main regions of the graph get verified by Bitu. It recognizes nodes outside the borders of those regions as Sybil accounts. This verification method is based on the fact that when a graph is drawn using Force-directed algorithms, Sybil accounts are pushed away from the main, dense regions to the borders. The reason is that Sybil accounts can not make a significant number of connections with honest ones and can only make connections with each other. That is why they get pushed away from the main regions to the surrounding districts.
In current seed-based algorithms, there is a small number of highly trusted nodes called seeds which have the power of verifying users. Because nodes are verified on the basis of their proximity to the seeds in the graph, such algorithms are very vulnerable to attacks from seeds.
In Bitu, however, there is no seed. In fact, every node is a seed and can verify others as long as they remain in the main regions of the graph. While seed-based methods rely on a minority of highly trusted seeds, Bitu relies on a low-trusted majority.
BrightID is going to face a tough challenge making it reasonably easy for regular users to join but at the same time resist attacks from fake and duplicate accounts. I look forward to seeing them try to meet the challenge!
Verification based on the help of a small number of highly trusted seeds gives users a hard time getting verified. On the other hand, increasing the number of seeds decreases the security of the network against attacks.
Relying on a majority of low trusted nodes instead of a minority of high trusted ones known as seeds enables Bitu to maintain scalability while ensuring security. Bitu enables users to get verified easily through making a single connection with one of the users in the main regions. Thus BrightID can scale its network. And if a user in the main regions tends to create a significant number of fake accounts to verify them by making connections with them, the fake accounts get pushed away from the main regions and even the attacker will get unverified. This prevents large-scale Sybil attacks and guarantees security.
Moreover, Bitu can tackle small-scale Sybil attacks; it enables apps to verify users based on the number of connections. For instance, Gitcoin may require users to have at least 10 “Already known” connections in Bitu. So the higher the required number of connections is, the more secure the app gets. This makes it too hard for Sybil accounts to make enough connections without getting out of the main regions.
An example helps clarify how it works. User X wants to create 10 fake accounts in order to use them in the Gitcoin application. If Gitcoin requires only one “Already known” connection for verification, user X with strong connections to the main regions of the graph can drag those ten accounts into the main regions without the risk of getting out of the main regions. However, if Gitcoin requires ten or more “Already known” connections for verification, user X needs to either connect these ten fake accounts to honest users or connect these ten accounts to each other to reach the minimum required number of connections. Note that honest users don’t make connections with unknown accounts as “Already known” and connecting those ten accounts to each other causes all these ten accounts to get pushed away from the main regions of the graph and get unverified.
Bitu is the first method that tries to tell bots and fake users from real ones through the viewing of the graph. The BrightID graph is available to the public, and everyone can easily distinguish the main regions and the borders by looking at the graph. You can log in to the BrightID explorer and see your own and your connections’ location in the graph. Refer to our Gitbook for more information on how to get verified in Bitu.