
Who Watches the Watchmen? Sybil-Resistance in Proof of Personhood Protocols - nabla9
https://arxiv.org/abs/2008.05300
======
macieklaskus
This paper is really about solving a fundamental problem in decentralized
identity, which is to combine the characteristics of self-sovereignty, privacy
and Sbil-resistance, which seems to exclude each other.

I previously proposed formalizing this problem as Decentralized Identity
Trilemma ([http://maciek.blog/dit](http://maciek.blog/dit)).

~~~
dane-pgp
The paper even references that post directly in footnote 8:

> Those three requirements, sybil resistance, self-sovereignty and privacy-
> reservation, compose the "Decentralized Identity Trilemma".[7][8]

> [8] ‘Decentralized Identity Trilemma’, Maciek, 2019.

------
dane-pgp
Of the systems listed in the paper, the only one I'd really heard of was
BrightID, and it still seems like potentially the best. The FAQ on their
website is a good introduction[0], but the paper seems rightly cautious:

"To control for Sybil attacks BrightID runs GroupSybilRank, a modification of
the SybilRank algorithm, to estimate the anti-Sybil score of the network
participants based on affinity between groups. Proposed to be used as the
official BrightID anti-sybil algorithm, the effectiveness of this algorithm in
the presence of multiple attack vectors, remains to be proved."

Unfortunately, just proving personhood is only the first step in deciding
someone's reputation, but it seems like a good basis to build some proper
decentralized trust systems from, for example [1].

[0] [https://www.brightid.org/faq](https://www.brightid.org/faq)

[1] [https://adecentralizedworld.com/2020/06/a-trust-and-
moderati...](https://adecentralizedworld.com/2020/06/a-trust-and-moderation-
system-for-the-decentralized-web/)

~~~
macieklaskus
The problem is that the more successful the system becomes (i.e. it's used for
more valuable use cases) the more incentive there is to attack it. There needs
to be a dynamic analogous to Bitcoin where the resources that go into securing
the network grow along with the value of the network.

------
pmiller2
For those of us not familiar with the term (as was I before a few seconds
ago):
[https://en.wikipedia.org/wiki/Sybil_attack](https://en.wikipedia.org/wiki/Sybil_attack)

------
wizzwizz4
Conjecture: a Sybil attack can always be performed if bootstrapped by some
humans.

~~~
jhardy54
My friends voted on it and we decided that Sybil attacks are impossible.
Nothing to worry about, please move along.

~~~
dane-pgp
But none of my friends know any of your friends, so I ignore their votes.
Admittedly that means that any sort of consensus reality breaks down online,
but hey, it's 2020 and we are where we are.

~~~
jhardy54
Subjective social networks are the future. :~)

------
Schwarzenegger
Great article! Idena is leading the way for decentralized human protocols with
more than 3660 nodes. [https://idena.io/](https://idena.io/)

~~~
cmeacham98
Quickly skimming the site, it seems like Idena validates identity by having
all users solve a turing test at the same time.

I fail to see how this ever scales. Surely as the user count increases it
becomes extremely difficult to get all the users to be ready to validate
themselves at the same time?

~~~
macieklaskus
This, plus who knows how long we can rely on the Turing test.

~~~
Bil_AI
The current data on language-neutral AI-hard tests (analogous to Winograd
Schema Challenge (save the textual representation) reasonably concludes that
the current AI apparatus cannot sustainably achieve a human-level score (92%
or above) on the FLIP-like tests as are used by Idena Network. FLIP creation
by humans probably offers more protection from any of the bots and AI
recognition schemes available as of now. Let's see what the future brings in
this yet unknown realm.

------
ssss11
Do SSI (self sovereign identity) systems such as Sovrin solve this?

~~~
macieklaskus
No, Sovrin does not provide a source of scarcity. If you need to do KYC it's
not SSI.

------
Edmond
[https://certisfy.com](https://certisfy.com)

uses plain PKI certificates to solve identity and information verification in
general.

~~~
dane-pgp
For some values of "solve" and "in general".

> Certificates are information verifications issued to you by Certisfy
> partners.

> Certisfy partners:

> * Police departments.

> * Government agencies, ex DMV, SSA, IRS.

> * A notary public.

> * A school, college, university

~~~
Edmond
Keep reading, you'll see that these are not problems except for "perfect being
enemy of good" rigidity.

The fact is the internet is in need of a privacy-friendly information
verification solution that scales...when it comes to approaches for achieving
this I think the more the merry.

------
angelbar
I watch them on Primevideo...

