[submission] Sybil defense

[okdistribute]

The Design Problem

Someone tries to impersonate someone else! How can you tell the person you're talking to is /really/ the person they say they are? The most common attack vector here is someone pretending to be someone you know quite well, usually including changing their nickname, display name, and other profile characteristics to be the same.

The Design Solution

Different providers have different user experiences for handling this.. not sure if these are all different patterns or the same pattern with varied levels of severity?

1. Timer. Discord provides a timer (1 day) by default for these links. The benefit here is that hopefully the invite links would only be sent to known parties, and any potential leak of an invite code to an attacker would then expire and they would not gain access. I don't know of a decentralized app that is doing this right now but I bet it exists somewhere.
2. One-time use invites. Magic wormhole provides invitation links that only work once, and if there is a failed attempt, the invite connection is broken and must be re-established with a new invite password. This is also called PAKE (or improved SPAKE2).
3. Revocation. Creating a chain of invites & moderators that can be revoked in the case an attacker is inside. TACO is an example implementation.
4. Walkaway keys. In cabal, this method is essentially how to dis-invite in the app level A new channel or room is created and only sent to individuals who the issuer wants be included (i.e., minus the device that should be dis-invited, the sybil attacker).
5. Nickserv. This is how IRC prevents sybil attacks. You could use a 3rd party service (like email) and a cabal bot that verifies user nicknames based on their registration and password (or if you want to go blockchainy instead of email, some private key zero proof crypto stuff).
6. QR code verification is related, can be used to verify the person's identity in addition to these other methods.

Category

Identity