Web Of Trust and Sybil Attack

Post Reply
phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Web Of Trust and Sybil Attack

Post by phelix »

biolizard89 wrote:
phelix wrote:
sudoquai wrote: 5) I could make a diagram - i've thought this idea would be clear. I mean a Facebook-Like "Like" System. Example: You've collected over Namecoin 1000 Likes (maybe for FreeSpeech or whatever). That means 1000 Likes are assigned from different /id Names to /id biolizard. Now somebody is going to register a new name. Instead of destroying NMC the wallet decides to give the fees to all people with likes in the NMC network. The one with the most likes will get the most. That means, that NOT you only as a developer is getting fees, the system decides dynamically who is getting the fees by looking up Likes assigned to /id Names. Everybody has the chance to get the fees. This would be a big game changer - don't underestimate this suggestion.
+1

It's like distributing fees via a web of trust. One would have to take action against a Sybil attack but I think it should be feasible.

Note that IMHO squatting in Namecoin is overstated. So far squatters seem to be quite reasonable. The much larger issue is that so little people actually use .bit domains.
How are you proposing stopping a Sybil attack? The proposal as stated is incredibly vulnerable to such an attack.
Agreed, it would be difficult/dangerous to make this so rock steady to base a protocol on it. I am thinking about determining a wot-core by using magic seed nodes or node age. Starting from this core the sybil nodes should only be able to gather few trust connections. I just found this: http://www.math.cmu.edu/~adf/research/SybilGuard.pdf
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web Of Trust and Sybil Attack

Post by John Kenney »

Sorry, I think it sounds dumb. You'll have to explain what you mean by 'magic'? The paper is good, but I don't see anything about any magic mentioned. It relies on having identities, so that WoT votes can be tied together & analysed, anonymous WoT votes are pretty worthless.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web Of Trust and Sybil Attack

Post by phelix »

John Kenney wrote:Sorry, I think it sounds dumb. You'll have to explain what you mean by 'magic'? The paper is good, but I don't see anything about any magic mentioned. It relies on having identities, so that WoT votes can be tied together & analysed, anonymous WoT votes are pretty worthless.
By "magic" I mean certain nodes that are always trusted. It might not be pretty but I don't see any other way.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web Of Trust and Sybil Attack

Post by John Kenney »

phelix wrote:
John Kenney wrote:Sorry, I think it sounds dumb. You'll have to explain what you mean by 'magic'? The paper is good, but I don't see anything about any magic mentioned. It relies on having identities, so that WoT votes can be tied together & analysed, anonymous WoT votes are pretty worthless.
By "magic" I mean certain nodes that are always trusted. It might not be pretty but I don't see any other way.
That's what I was worried you'd say, that's a more centralised system, those nodes become the authority.

It's really hard to keep a decentralised network resistant to Sybil attacks. To stand a chance we need to be able to link votes from each individual voter (nodes, whatever, namecoin already uses 'nodes', so I think 'voters' keeps it clearer), so we can easily see voter x voted for a,b & c, then some analysis on voting patterns would be possible, along with voters voting on how reliable each voter is (or was in the past, at least).

That paper you linked is worth studying, it has some ideas for how that analysis could be done.

If votes can't be easily identified as coming from the same voter, then I'd say it can't be done. Possibly each vote from the same voter could be signed with the same key, or known set of public keys? I think it'll need a namecoin or nmcontrol patch to make that easier, which is why I didn't continue with my 'wot' proposals before, but it seems possible with a patch or two.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web Of Trust and Sybil Attack

Post by phelix »

John Kenney wrote:
phelix wrote:
John Kenney wrote:Sorry, I think it sounds dumb. You'll have to explain what you mean by 'magic'? The paper is good, but I don't see anything about any magic mentioned. It relies on having identities, so that WoT votes can be tied together & analysed, anonymous WoT votes are pretty worthless.
By "magic" I mean certain nodes that are always trusted. It might not be pretty but I don't see any other way.
That's what I was worried you'd say, that's a more centralised system, those nodes become the authority.
Depending on the application it might also be possible to use yourself as the magic seed.
It's really hard to keep a decentralised network resistant to Sybil attacks. To stand a chance we need to be able to link votes from each individual voter (nodes, whatever, namecoin already uses 'nodes', so I think 'voters' keeps it clearer), so we can easily see voter x voted for a,b & c, then some analysis on voting patterns would be possible, along with voters voting on how reliable each voter is (or was in the past, at least).

That paper you linked is worth studying, it has some ideas for how that analysis could be done.

If votes can't be easily identified as coming from the same voter, then I'd say it can't be done. Possibly each vote from the same voter could be signed with the same key, or known set of public keys? I think it'll need a namecoin or nmcontrol patch to make that easier, which is why I didn't continue with my 'wot' proposals before, but it seems possible with a patch or two.
In the simplest case the votes would be part of the value of an ID so they would be inherently linked to the voter.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

sudoquai
Posts: 166
Joined: Fri Dec 20, 2013 2:48 am
os: linux
Contact:

Re: Web Of Trust and Sybil Attack

Post by sudoquai »

phelix wrote: Agreed, it would be difficult/dangerous to make this so rock steady to base a protocol on it. I am thinking about determining a wot-core by using magic seed nodes or node age. Starting from this core the sybil nodes should only be able to gather few trust connections. I just found this: http://www.math.cmu.edu/~adf/research/SybilGuard.pdf
I am not sure if we really need a protocol solution in terms of the namecoin protocol itself - isn't it possible to pick up the solution from http://onename.io or http://identi.fi to combat sybil attacks?

Identities in http://onename.io can be verified by using their social identities (Twitter, Facebook, Google+, etc.) - i think http://identi.fi is doing it similar. And as far as i know domob mentioned somewhere in this forum, that some people are asking for including more social addys in the /id field. Would this be a good starting point to combat sybil attacks? As John mentioned, this would be a disadvantage for anonymous identities with less social addys. However it is discussable if a /id with less social contacts on common social portals is trustable enough for a vote.

We would have a lot of positive synergy effects this way:
  • *Renewal fees can be spread over the whole network, simply by looking at the highest likes for a particular id/ (or maybe even /d, just compare it to Facebook, a page is simply liked for whatever)
    *Nice incentive for the Namecoin community in terms of earning Namecoin simply by likes (most likes will get the biggest piece of the "fee-cake")
    *Renewal fees are not burned anymore, would be a longterm solution to keep the whole namecoin supply
    *If good .bit sites can be liked, there is a higher interest of making good content for .bit sites, will help driving a higher interest to .bit domains
I think your thread https://forum.namecoin.info/viewtopic.php?f=2&t=1988 fits good to this one, phelix ;)

Regards,

Sudo.
NameID: id/sudo.wonder >>> Namecoin @ Facebook: https://www.facebook.com/namecoin.org

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web Of Trust and Sybil Attack

Post by phelix »

sudoquai wrote:
phelix wrote: Agreed, it would be difficult/dangerous to make this so rock steady to base a protocol on it. I am thinking about determining a wot-core by using magic seed nodes or node age. Starting from this core the sybil nodes should only be able to gather few trust connections. I just found this: http://www.math.cmu.edu/~adf/research/SybilGuard.pdf
I am not sure if we really need a protocol solution in terms of the namecoin protocol itself - isn't it possible to pick up the solution from http://onename.io or http://identi.fi to combat sybil attacks?
For the record: I don't want to change the protocol, I want to stick to the current protocol. This is mostly a thought experiment :mrgreen:
*Renewal fees can be spread over the whole network, simply by looking at the highest likes for a particular id/ (or maybe even /d, just
compare it to Facebook, a page is simply liked for whatever)
This would be a protocol change and this is what I meant would need a rock steady solution.
*Nice incentive for the Namecoin community in terms of earning Namecoin simply by likes (most likes will get the biggest piece of the "fee-cake")
"Proof of trust".
*Renewal fees are not burned anymore, would be a longterm solution to keep the whole namecoin supply
*If good .bit sites can be liked, there is a higher interest of making good content for .bit sites, will help driving a higher interest to .bit domains
[/list]

I think your thread https://forum.namecoin.info/viewtopic.php?f=2&t=1988 fits good to this one, phelix ;)
IMHO the burned coins are a simple yet secure and efficient solution. They just make the other coins more valuable.

But maybe somehow paying for being trusted (="likes") could be used on a higher level to give an incentive to actively use a wot or .bit domains.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web Of Trust and Sybil Attack

Post by John Kenney »

phelix wrote: In the simplest case the votes would be part of the value of an ID so they would be inherently linked to the voter.
That's going to limit the number of votes any one identity can have. I think we need another namespace for votes & a way to securely link those votes to identities stored in id/. If we can agree on a method to do that we could link id & d too, so id/ holds the contact details for the owners of .bit domains. Something like the vote or d/ record being signed by a specific key listed in id/

I posted a thread about this a while ago... https://forum.namecoin.info/viewtopic.php?f=5&t=1785

I don't think it'll need a fork, maybe it'll be possible to do something with nmcontrol.

Post Reply