Sybil Attack - Obsidian Publish

# Sybil Attack 1. A Sybil [[Attack (hack)|attack]] refers to when a system is compromised by an entity that controls two or more different identities on a [[network]]. 2. Sybil attacks are another security vulnerability specific to [[Peer-to-Peer (P2P)|peer-to-peer]] [[decentralized]] networks which are open and therefore allow anonymous entrants. The attack is named after the subject of the book Sybil, which deals with the case study of a woman diagnosed with Dissociative Identity Disorder. The main component of the Sybil attack comprises of creating a large number of [[Pseudonymity|pseudonymous]] identities. Once the identities are accepted as peers they try to gain control of the network and subvert the network from within. The network’s resilience depends on how easy it is to create an identity and be accepted as a peer. As there is no 100% failproof firewall against these types of attacks, the best defense against Sybil attacks is to make it as impractical as possible. 3. If an attacker attempts to fill the network with clients that they control, you would then be very likely to connect only to attacker [[Node(s)\nodes]]. Although Bitcoin never uses a count of nodes for anything, completely isolating a node from the honest network can be helpful in the execution of other attacks. This state can be exploited in (at least) the following ways: the attacker can refuse to relay [[Block(s)|blocks]] and transactions from everyone, effectively disconnecting you from the network the attacker can relay only blocks that they create, effectively putting you on a separate network and then also leaving you open to double-spending attacks if you rely on transactions with 0 confirmations, the attacker can just filter out certain transactions to execute double-spending attacks low-latency encryption/anonymization of Bitcoin's transmissions (with Tor, JAP, etc.) can be defeated relatively easily with a timing attack if you're connected to several of the attacker's nodes and the attacker is watching your transmissions at your ISP Bitcoin makes these attacks more difficult by only making an outbound connection to one IP address per /16 (x.y.0.0). Incoming connections are unlimited and unregulated, but this is generally only a problem in the anonymity case where you're probably already unable to accept incoming connections. Looking for suspiciously-low network hash-rates may help prevent the second one. 4. A Sybil attack is an attack where a single adversary is controlling multiple nodes on a network. It is unknown to the network that the nodes are controlled by the same adversarial entity. For example, an adversary can spawn up multiple computers, virtual machines, and IP addresses. They can create multiple accounts with different usernames and e-mail addresses and pretend that they all exist in different countries. Avoiding Sybil attacks is a difficult problem. In centralized systems they are typically avoided through heuristics that do not provide cryptographic assurance of Sybil resilience. For example, a centralized entity may try to avoid Sybil attacks by requiring that an individual IP cannot create more than a specific number of user accounts in a given time interval. Sybil attacks are avoided in Bitcoin by requiring [[Block(s)|block]] generation ability to be proportional to computational power available through the [[Proof of Work (PoW)]] mechanism. That way, an adversary is limited in how many blocks they can produce. This provides strong cryptographic guarantees of Sybil resilience.