Identities and Sybil protection in IOTA

Research & Development Nov 08, 2019

Shirley Ardell Mason, also known as Sybil Dorsett, was an American artist.  

And a sophisticated young French girl.

And a nameless perpetual teenager.

And a talented musician.

And an emotional writer.

And a male carpenter.

Shirley Ardell Mason was a psychiatric patient reputed to have dissociative identity disorder, with 16 different identities.

As people can show multiple personalities, the Microsoft researcher John R. Douceur claims, in his famous article, that the same is also true in distributed systems:  

We argue that it is practically impossible, in a distributed computing environment, […] to present convincingly distinct identities. With no logically central, trusted authority to vouch for a one-to-one correspondence between entity and identity, it is always possible for an unfamiliar entity to present more than one identity […].

Douceur refers to the action of emulating multiple identities as a Sybil attack.  

In IOTA, nodes form a distributed computing environment. With Coordicide, identities are assigned to nodes in order to vote or to gain network access. As such, nodes become subject to Sybil attacks. An effective way to protect against the proliferation of counterfeit identities is the so-called resource testing, where a node must prove the ownership of difficult-to-obtain resources. In the field of distributed ledgers, nodes are required either to prove the usage of their computational power (e.g., Proof of Work) or the ownership of certain collateral (recently, other techniques are investigating how to exploit different resources such as disk space, bandwidth or time).  

Due to the presence of IoT devices, we believe that fighting Sybils purely based on nodes’ computational capabilities would prevent low power nodes from accessing the network. For this reason, we have introduced mana as the main component of the IOTA’s Sybil protection mechanism.  

As we can see from the figure above, mana is a shadow of tokens transferred from A to B by a particular node. Such a node gets an amount of mana equivalent to the tokens transferred. Moreover, note that mana is not a token (that can be traded) but it is linked to the tokens owned. More details about mana can be found in our Coordicide white paper. The usage of mana can apply to several components:  

  • Auto peering: nodes with similar mana will peer with each other to reduce the possibility of node isolation (eclipse attacks);
  • Rate control: network access is guaranteed according to the mana owned;
  • Consensus protocol: in voting protocols, votes are weighted by mana.

It is important to mention that micro or data transactions bring low (if no) addition to mana of the issuing node. In this scenario, it could be beneficial to somehow measure the help nodes bring to the network (e.g., issuing and gossiping transactions, participating in voting). In conclusion, mana is only one reputation indicator. Depending on the use case, additional components may become necessary such as benefits to participate in the network activity (see above) or penalties to malicious behaviors (e.g., spam attacks).  

Coherently with the IOTA philosophy, we are building a Sybil protection for Coordicide in which good behaviors get rewards, while harmful ones are penalized. While the idea is voluntarily kept simple to avoid potential attack vectors, our approach can indeed be considered as an effective solution, and will soon be implemented in GoShimmer.  

If you have questions or you would like to engage directly with us, please join our official Discord Server.  


IOTA Foundation

Official posts from the IOTA Foundation, and migrated posts from old platforms.