status

ADA is the best protection against Sybil attacks

Published 30.3.2023

Cardano is a Peer-to-Peer network. This means that anyone can run their own node, which is easy, cheap, and requires no third-party approval. Have you ever thought that a single entity could run multiple nodes? In theory, there's nothing to prevent it. The question is what someone could gain by doing so. If an attacker running many nodes under one identity could gain some competitive advantage over other nodes, this would be a so-called Sybil attack. Peer-to-Peer networks must be able to resist this attack. Cardano uses ADA coins to prevent Sybil attacks and maintains the security and integrity of the network.

TLDR

Blockchain decentralization must be based on expensive resources and not on the ability to run a node or create a wallet (account). The number of nodes in the network is completely irrelevant to decentralization. There are thousands of pools and 1.3M stakers in the Cardano network. This is the decentralization of the Cardano network, but it is important to remember that an individual can have multiple staking wallets or run multiple pools. The ADA holder does not need to run a full node and can participate in the decentralization of the network through the wallet and get rewarded for it. On-chain governance should work very similarly to block production. DReps will have as much decision-making power as the stake they get from delegates.

Why must decentralization be based on an expensive resource?

In general, a Sybil attack is a type of online security attack where a single entity creates multiple fake identities or accounts on a network or system to gain an unfair advantage or control over it. The goal of a Sybil attacker is to control a significant portion of the network, allowing them to influence decisions, manipulate data, or disrupt the network's functioning. In the context of blockchain, a Sybil attack can be implemented through the creation of multiple wallets or by running multiple nodes. It depends on what the attacker's goal is and what advantage he wants to gain.

In the case of decentralized networks, Sybil attacks are particularly problematic as the blockchain is fundamentally an open network and there is no centralized authority (or hierarchical structure) with the mandate to verify the identity of participants.

The defense against a Sybil attack in blockchain networks is to decentralize the key functionality and decision-making around an expensive resource. Cardano uses ADA coins because it is a resource with a capped number that is in demand and therefore has a certain market value.

Anyone who wants to gain decision-making power in the Cardano network must own ADA coins. This is why Cardano uses ADA in Proof-of-Stake network consensus and why voting rights in Catalyst and soon in the Voltaire era are tied to ADA (1 Lovelace = 1 Vote).

Bitcoin's defense against Sybil attacks is based on hash rate, so it is dependent on electricity and ASIC hardware. Only miners have decision-making power in Bitcoin. The miners delegate powers to the pools.

Satoshi Nakamoto wrote in a Bitcoin white paper that voting rights must be tied to a hash rate and not to a node (IP address). If voting rights were based on IP addresses, it would be no problem for an IT expert to temporarily create a large number of nodes (allocate IP addresses) relatively cheaply and gain a strong decision-making position.

Neither network consensus nor governance can rely on nodes. This is because it is not possible to ensure that a single person will run only a single node. Governance built on node-based voting would be easily manipulated.

How to measure the decentralization of blockchain?

Note that the decentralization of blockchain networks is based on the distribution of expensive resources, not on the number of nodes in the network. A common mistake made by newcomers is to assume that the number of nodes determines the degree of decentralization. This is because they confuse the terms of decentralization with a distributed network. A distributed network consisting of a large number of nodes is important for data availability, integrity, reliability, etc.

The number of nodes cannot serve as a measure of decentralization, since we do not know who runs the nodes and theoretically it could be a single entity. If there were 10,000 nodes operated by independent individuals and they had voting rights, a Sybil attacker could create 12,000 nodes. By that, he could easily and cheaply gain the upper hand.

A node (in the case of Bitcoin, a non-mining node) cannot have a significant position in network consensus or governance. This would make the network vulnerable.

In a Cardano network, the degree of decentralization must be judged by the number of pools in the network (there are thousands of them) and the number of stakers (~1.3M). However, even this figure is not accurate as an individual may have multiple wallets from which she stakes ADA coins. An individual may even operate multiple pools.

The Sybil attack on the level of stake pools is made infeasible by requiring stake pool operators to allocate a certain number of ADA to each individual pool they register. It is not easy for an attacker to create hundreds or thousands of pools and hope to get the required number of delegations for an attack.

Regarding the number of stakers, from a network perspective, it is not possible to know how many individuals use multiple wallets for staking. If the voting right was tied to a wallet (staking key), the Sybil attack could be committed very simply by the staker splitting the ADA coins into multiple wallets.

Let us add that in the Bitcoin network, decentralization must be measured in the same way, i.e. by the number of pools and the number of miners. Miners are those who own ASIC miners and spend money on energy. They have skin in the game, unlike the node operators.

In both PoS and PoW networks, individuals do not have the same status in terms of decentralization, as money can buy a larger share of power. This is essentially unavoidable if the principles of openness and decentralization are to be respected. Anyone with an expensive resource has their skin in the game. One way to look at it is that whoever invests more in their position has a greater interest in the security and prosperity of the network. Any attack or network problem only threatens the property of those who have skin in the game. They're the ones holding the expensive resource.

On the other hand, the reality is that money can buy such a strong position that it makes it possible to commit some form of attack on decentralization.

Note the difference between Proof-of-Stake and Proof-of-Work networks. In the Cardano network, all ADA holders have decision-making power. Holders are also stakers. In the Bitcoin network, only miners hold the decision-making power, but they don't have to be BTC holders. Most BTC holders are not miners, so they have no rights.

In the context of decentralization, note also that ADA and BTC holders do not need to run a full node. They just need to have a wallet. ADA holders don't need to run a full node and only through the wallet can they participate in decentralization. BTC holders would need an ASIC miner to do this and would have to pay electricity expenses.

On-chain governance

Ideally, a hierarchical structure should not arise in a decentralized network. In practice, however, it is impossible to achieve such a state. In a Cardano network, blocks are produced by pools. Pool operators are significantly fewer in number (thousands) than stakers (over a million). Thus, there is a certain structure in which pool operators have a stronger position since they decide whether to mint a block when they become slot leaders and what transactions to put in the block (in theory, they can filter transactions at will).

Stakers delegate ADA coins to chosen pools, so it's they who largely control Cardano.

On-chain governance will work very similarly. Delegation Representative (DRep) will want to get delegations from stakers to have a stronger position in Voltaire's decision-making. Some DReps may have a stronger position than others as they will get more stake from delegators. Is that fair? Shouldn't all DReps have the same voting rights? For example, each DRep who gets a 50M stake would have 1 vote.

If that were the case, there would be no Sybil protection. If a DRep was anonymous (had multiple Twitter accounts, for example) and managed to get 50M stakes for each of their identities, one person would have more votes for multiple DReps.

The only solution would be to require DRep not to be anonymous or even have his real identity verified. This would bring many complications. From my point of view, it is best to approach DReps in the same way as pools.

Conclusion

Decision-making power cannot be distributed reliably in a decentralized way to individual people, so it is necessary to choose the best possible solution. To decentralize a Peer-to-Peer network, an expensive resource is required, as only those with skin in the game can gain power. It's important to risk something, like a financial loss. It does not matter if an individual splits the stake into multiple parts, as his skin in the game (financial investment) will still be the same. Using a finite expensive resource is the best defense against a Sybil attack in a decentralized world. There will only be 45,000,000,000 ADA coins, so it's a finite resource. Anyone holding a stake in the Cardano network may never lose it even if a rich person comes along and wants to buy a stake. If you don't sell your ADA coins, you have your stake forever.

Featured:

Related articles

Did you enjoy this article? Other great articles by the same author