Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to han

consensus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to han

From:	Christian Grothoff
Subject:	Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?
Date:	Mon, 30 Jun 2014 16:25:56 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0

The real issue is a different one:

How do you distinguish the claim of a Sybil attacker that he (and his
100 Sybils) were present and that 10 good peers were absent, from the
counter-claim that the 10 good peers were present and the Sybils were
absent?

Decentralizing the choice of location and even privacy-preserving range
queries (who is close) are relatively easy to do with crypto, at least
by comparison ;-).

My 2 cents

Christian

On 06/30/2014 04:17 PM, Michael Rogers wrote:
> In its current form the proposal relies on a central entity that
> collects registrations, schedules meetings and gives points to
> identities that participate in meetings. I wonder whether the central
> entity can be removed.
> 
> Cheers,
> Michael
> 
> On 30/06/14 15:04, hellekin wrote:
>> A very interesting contribution of Carlo on Sybil attacks and how
>> to avoid them in an end-to-end system.
> 
>> == hk
> 
> 
>> -------- Original Message -------- Subject: [SocialSwarm-D] Kill
>> the pseudonyms just to handle sybil attacks? Date: Mon, 30 Jun 2014
>> 13:57:50 +0200 From: carlo von lynX
>> <address@hidden> To:
>> address@hidden
> 
>> The scare that is being mounted concerning sybil attacks is making
>> people think of radical solutions like impeding people to group
>> their contacts into multiple identities, as described in
>> http://forum.ethereum.org/discussion/1064/proposal-for-a-1-on-1-identity-system-protocol
> 
>>  Unless you care to have a Faceboogle-like feature of enforcing
>> one key for one person, that is not needed. Sybil attacks are a
>> problem solved at least in the GNUnet DHT if not in other advanced
>> DHTs out there.
> 
>> There is a very nice video of the 30c3 GNUnet Mesh presentation
>> that is sitting on the c3voc server, waiting to be uploaded to
>> http://cdn.media.ccc.de, that explains very well how sybil attack
>> protection works - and it isn't even using any of the dozen social
>> methods that have been proven to work in various papers.
> 
>> So if you see anyone promoting their server-hosted technologies
>> mounting nasty sybil attacks on end-to-end technology in
>> comparison hit them in the face with some well-nurtured facts.
> 
> 
>> ++++ Content of the web page follows, so you don't have to expose
>> your interest ++++
> 
> 
>> Proposal for a 1-on-1 identity system protocol.
> 
> 
>> Having an identity system that more or less guarantees that each
>> person can only hold one identity at a time would allow many things
>> that would otherwise be vounerable to sybil attacks to be built.
> 
>> The method i'm proposing relies on having meetings organized where
>> people authenticate each other.
> 
>> Let's call the code/procedure an identity contract.
> 
>> It would work like this:
> 
>> 1. Register an name in the identity contract 2. Give your
>> approximate positional data, this can be updated as you move
>> around.
> 
>> 3. A few days before the date, participants in the contract are
>> randomly grouped together based on location, and get invited to a
>> channel to communicate a meeting point.
> 
>> 4. The people thus invited (maybe around 10-20 people, depending on
>> how many are registered in this area) gather to the agreed upon
>> meeting point.
> 
>> 5. At the meeting, each participant signs a statement saying who
>> they met at the meeting, so that every person is signed by at least
>> one other who was participating in this meetup.
> 
>> 6. The contract registers that the meeting was successful, and
>> gives everyone involved one identity point.
> 
>> This protocol relies on the fact that you cannot be in two places
>> at once, and as long as you participate in a majority of your
>> meetings, everyone can be sure that the identity you chose is your
>> only identity within this system.
> 
>> I have not been able to see any obvious attacks on this system,
>> but maybe i'm missing out on something? Would love to hear your
>> comments. -- SocialSwarm mailing lists:
>> https://socialswarm.net/en/participate/ Websites:
>> https://socialswarm.net/  https://wiki.socialswarm.net/ Liquid
>> Feedback:                       https://socialswarm.tracciabi.li/
>> Digitalcourage, Bielefeld, Germany
>> address@hidden
> 
> 
> 
>

0x48426C7E.asc
Description: application/pgp-keys

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?, hellekin, 2014/06/30
- Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?, Michael Rogers, 2014/06/30
  - Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?, Christian Grothoff <=

Prev by Date: Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?
Next by Date: [GNU/consensus] [wiki] Call for Participation
Previous by thread: Re: [GNU/consensus] Fwd: [SocialSwarm-D] Kill the pseudonyms just to handle sybil attacks?
Next by thread: [GNU/consensus] [wiki] Call for Participation
Index(es):
- Date
- Thread