Importer

What is a Sybil attack? - 7 Points

The term "Sybil Attack" comes up often when discussing network security with researchers. What is it? How much of a concern is it to the Ethereum network? What are some effective ways to prevent it?



A Sybil attack occurs when one actor acts as multiple separate entities. Because many distributed systems have no form of identity management beyond accounts, and because accounts are trivially created, any actor can create an unbounded number of accounts.

This is a problem if, for instance, you want to implement a voting system, or in other situations where who someone is, or whether two different identifies refer to the same person matters, such as an auction (where allowing the seller to bid on their own items would give them an unfair advantage).

There are several ways to mitigate this, depending on your constraints:

  1. Use a mutually trusted external identity provider to determine who can do things.
  2. Manually authorize which identities are allowed to do things using some out-of-band mechanism.
  3. Require participants to stake something there's a limited quantity of, such as ether, so that they gain no advantage by pretending to be multiple different participants at once.

Option 3 is the easiest to implement in many cases, but isn't universally applicable; for instance, in a system like Quadratic Voting, 100 ether pledged by one person holds less weight than 10 ether pledged by each of 10 people, so an attacker still has an incentive to use multiple identities.


Sybil is a 1973 book by Flora Rheta Schreiber about a woman with sixteen different personalities that has been made into a mini-series.

From Sybil attack - Wikipedia:

The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

And:

In a Sybil attack the attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence.


This site uses data from stackexchange. Source