You are viewing a single comment's thread from:

RE: Fact: Steemit Sybil Attacked the Steem Blockchain

in #steem5 years ago

Justin could vote for 1 real account + 29 community witnesses and still use his power fully.

And that would not have been a Sybil attack. He also could not take over the chain with this approach unless those 29 witnesses agreed with him. In that case, it would have been done according to the proper design of DPoS (again, not a Sybil).

Yes, he only needed 20 (technically only needed 15) to do what he wanted to do. The moment "pseudonymous identities" were used to accomplish this, it became a Sybil attack. You are a technical person who has been in this space a while and you of all people should understand this. I don't think it's at all helpful to deny what took place. What is helpful is calling it exactly what it is and figuring out how to prevent it in the future.

To your point, there are other attack vectors also demonstrated here (bribe attack, centralized custodial stake without skin in the game, etc), but the real one which broke Steem, IMO, was this Sybil attack where fake accounts were able to act as a single individual. As you say, it's supposed to be Sybil resistant. It was not in this case.

Sort:  

I just think we disagree on the overall definition of sybil attack. Creating 19 new accounts didn't give him extra influence in the network, because influence = stake, and their stake actually decreased from creating these new accounts.

If for you creating 20 puppet accounts is a sybil attack ... well then so be it, it won't be the first word that's butchered by laymen because of misunderstandings.

The ultimate level of "influence in the network" is full control which requires more than one account. It wasn't just creating multiple accounts that made this a Sybil attack. As you've already mentioned, Steem has fairly good protections against that attack. It's the combination of stake and creating multiple pseudonymous identities which made this attack possible and that is, to me, undeniably a Sybil attack. I'm confused why you're stuck on this point because multiple pseudonymous identities was clearly required to pull this off. Those accounts were not real people. They were one person pretending to represent 20 different entities. DPoS is designed to have individual block producers, not one producer pretending to be individual block producers. These 20 accounts may be running in the same datacenter or even the same server for all we know!

From: https://steempeak.com/dpos/@dantheman/dpos-consensus-algorithm-this-missing-white-paper

Under normal operation block producers take turns producing a block every 3 seconds

How is it "taking turns" if they are all the same person in control because of this Sybil activity pretending to be multiple, separate accounts?

The DPOS algorithm is divided into two parts: electing a group of block producers and scheduling production. The election process makes sure that stakeholders are ultimately in control because stakeholders lose the most when the network does not operate smoothly. How people are elected has little impact on how consensus is achieved on a minute by minute basis. Therefore, this document will focus on how consensus is reached after the block producers have been chosen.

The election process failed because exchanges don't have skin in the game. They didn't vote with their tokens so they don't care if it impacts the token price negatively.

I think this document didn't spend enough time on the election process as that's where this Sybil attack became a reality.

Your views are interesting. I guess I'm just an extremist when it comes down to language. I agree he managed to optimize his 'effective power' if you count it in # of blocks mined, and he earns STEEM by mining blocks.

But, it's important to remember that we have no way to verify identity on a decentralized network. It's all based on human judgement. Justin did 20 very obvious puppet accounts, using chinese numerology, because he isn't too bright. He could have used his employees names / pictures to open semi-legit nodes that he still would have controlled (like he does on TRON). Who is to say that there is/was always really 20 real node owners in the steem top 20? Maybe WitnessX is secretly controlled by WitnessY, it's impossible to prove currently because of the inavailability of a working decentralized identity tech.

That's why I won't change my definition of sybil-attack, otherwise all current systems are not sybil-resistant and the term becomes useless.

Maybe WitnessX is secretly controlled by WitnessY

And you wouldn't consider that a form of Sybil attack? To me, that's the very definition of it, and it's not a matter of scale which determines the identity.

IMO, very few systems (if any) are sybil-resistant. Some are wide open to it, and some have some protections which can still be bypassed under extreme or unusual circumstances. Maybe it's better to release a false assumption than to claim this wasn't a sybil attack. The term, to me, is still very useful, regardless of scale employed because the identifying characteristic of a pseudonymous identity is the problem. We want distributed, decentralized systems, not centralized systems pretending to be otherwise.

I don't see the point of saying that STEEM got sybil attacked. It doesn't play in STEEM's favor, even though it's not really the case. You don't need 65M steem to execute a sybil attack xD

But basically, you think it's better to ask everyone's passports like voice so we could be 'more sybil resistant'? Or reduce the number of max witness votes to 1?

The point is if it got Sybil attacked, we have to improve how we validate witnesses as actually being individual entities. To launch as successful Sybil attack (to date), apparently you do.

No, I don't think "everybody" but maybe some type of advanced reputation system for witnesses that have some kind mechanism for determining the likelihood that the witnesses are individually controlled or part of a sybil attempt.

I've been thinking about some of this stuff for a while: https://twitter.com/lukestokes/status/1236697082653822978

I don't know if 1t1v or max votes of 1 is the answer, but I hope something is better than what we have now.

I agree @lukestokes , this will help to brainstorm different ways to avoid this situation in the future. Perhaps placing an obligatory restriction that witnesses could not be created on same datacenters, same servers, etc.

Perhaps a rule on the smart contract similar to PROSPECTORS Gold game that their is like a police. So, when someone makes an attack like this one or similar types, all the stake being powered up is frozen for lets say 1 year, or even according to the type of attacks, it gets frozen more or less amount of time. Your thoughts?

Coin Marketplace

STEEM 0.32
TRX 0.26
JST 0.040
BTC 97628.16
ETH 3611.02
USDT 1.00
SBD 3.42