Sybil Attack
The Sybil attack in computer security is an attack wherein a reputation system is subverted by creating multiple identities. A reputation system’s vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically. As of 2012, evidence showed that large-scale Sybil attacks could be carried out in a very cheap and efficient way in extant realistic systems such as BitTorrent Mainline DHT.
An entity on a peer-to-peer network is a piece of software that has access to local resources. An entity advertises itself on the peer-to-peer network by presenting an identity. More than one identity can correspond to a single entity. In other words, the mapping of identities to entities is many to one. Entities in peer-to-peer networks use multiple identities for purposes of redundancy, resource sharing, reliability, and integrity. In peer-to-peer networks, the identity is used as an abstraction so that a remote entity can be aware of identities without necessarily knowing the correspondence of identities to local entities. By default, each distinct identity is usually assumed to correspond to a distinct local entity. In reality, many identities may correspond to the same local entity.
An adversary may present multiple identities to a peer-to-peer network in order to appear and function as multiple distinct nodes. The adversary may thus be able to acquire a disproportionate level of control over the network, such as by affecting voting outcomes. In the context of (human) online communities, such multiple identities are sometimes known as sockpuppets.
What is the Formal Model of Sybil Attack?
The model used in the Sybil Attack paper is a simple one. It consists of:
E entities = c(correct) entities + f(faulty) entities
correct — entities that follow the protocols and rules setup in the network honestly(whose honesty is verified).
faulty — entities whose behavior are arbitrary and can’t be predicted. They don’t honestly follow the protocols and rules in the network.
A communication cloud: A very general cloud through which messages between different entities travel.
Pipe: to connect an entity with the communication cloud
What problems can Sybil Attack cause?
Attackers may be able to out-vote the honest nodes on the network if they create enough fake identities (or Sybil identities). They can then refuse to receive or transmit blocks, effectively blocking other users from a network.
In really large-scale Sybil attacks, where the attackers manage to control the majority of the network computing power or hash rate, they can carry out a 51% attack. In such cases, they may change the ordering of transactions, and prevent transactions from being confirmed. They may even reverse transactions that they made while in control, which can lead to double-spending.
Over the years, computer scientists have dedicated a lot of time and research to figure out how to detect and prevent Sybil attacks, with varying degrees of effectiveness. For now, there’s no guaranteed defense.
How does the Bitcoin network prevent Sybil Attack?
Bitcoin network uses the Proof of Work(POW) consensus algorithm to prove the authenticity of any block that is added to the blockchain. A considerable amount of computing power is required to do the work which provides the incentive to the miners to do honest work and no incentive for the faulty work.
Giving different power to different members — This is on the basis of reputation systems. Members with different power levels are given different reputation levels.
Cost to create an identity — To prevent multiple fake identities in the network, we can put a cost for every identity that aims to join the network. A point to note is that it makes more sense to make it infeasible to operate multiple fake identities at the same time rather than creating new identities. Multiple identities can enforce security, anonymity, and censorship prevention.
Validation of identities before joining the network –
Direct validation: An already established member verifies the new joiner of the network
Indirect validation: An established member verifies some other members who can, in turn, verify other new network joiners. As the members verifying the new joiners are verified and validated by an established entity, the new joiners are trusted to be honest.
In general, many blockchains use different “consensus algorithms” to help defend against Sybil attacks, such as Proof of Work, Proof of Stake, and Delegated Proof of Stake.
These consensus algorithms don’t actually prevent Sybil attacks, they just make it very impractical for an attacker to successfully carry out a Sybil attack. For example, Bitcoin’s blockchain applies a specific set of rules to the generation of new blocks.
One of the rules is that the ability to create a block must be proportional to the total processing power of the Proof of Work mechanism. That means that you have to actually own the computer power required to create a new block, which makes it very difficult and costly for an attacker to do. Since mining Bitcoin is so intensive, miners have a very strong incentive to keep mining honestly, instead of attempting a Sybil attack.
