https://knightli.com/en/tags/identity/ Recent content in Identity on KnightLi Blog Hugo -- gohugo.io en Tue, 05 Jul 2022 00:00:00 +0000 https://knightli.com/en/2022/07/05/sybil-attack/ Tue, 05 Jul 2022 00:00:00 +0000 https://knightli.com/en/2022/07/05/sybil-attack/ <p>A Sybil attack is an attack in which one real entity creates many fake identities and uses them to influence a distributed system.</p> <p>The name comes from the idea of one person appearing as many people. In a network, forum, voting system, blockchain or peer-to-peer system, the attacker may register many accounts, nodes or addresses. If the system treats each identity as an independent participant, the attacker can gain more influence than they should.</p> <h2 id="why-it-is-dangerous">Why It Is Dangerous </h2><p>Many distributed systems assume that &ldquo;more participants&rdquo; means &ldquo;more independent opinions&rdquo;. A Sybil attacker breaks this assumption.</p> <p>For example, an attacker can:</p> <ul> <li>create many fake accounts to manipulate voting;</li> <li>run many fake nodes to influence peer discovery;</li> <li>generate many blockchain addresses to farm airdrops;</li> <li>flood a reputation system with fake reviews;</li> <li>make a small group look like a large community.</li> </ul> <p>The core problem is that identities are cheap to create, but the system gives each identity value.</p> <h2 id="common-defenses">Common Defenses </h2><p>There is no universal solution. Different systems increase the cost of identity in different ways:</p> <ul> <li>proof of work: identities require computing cost;</li> <li>proof of stake: identities require locked capital;</li> <li>account verification: identities require real-world proof;</li> <li>reputation systems: influence grows slowly over time;</li> <li>rate limits: new identities cannot act too quickly;</li> <li>graph analysis: suspicious clusters can be detected.</li> </ul> <p>Each defense has trade-offs. Strong verification improves resistance but hurts privacy. Proof of work wastes resources. Proof of stake favors users with more capital.</p> <h2 id="in-blockchain-systems">In Blockchain Systems </h2><p>Sybil resistance is central to blockchain design. If one computer could create unlimited voting nodes for free, consensus would be easy to manipulate.</p> <p>Bitcoin uses proof of work to make influence depend on hash power rather than account count. Proof-of-stake systems use locked stake. Airdrop projects often add behavior analysis or identity checks to reduce fake accounts.</p> <h2 id="summary">Summary </h2><p>A Sybil attack is not about exploiting a software bug. It exploits weak identity cost. When creating many identities is cheap and each identity receives trust or reward, the system is vulnerable.</p> <p>The key design question is: how much does it cost to become &ldquo;one participant&rdquo;?</p>