Protection Against Sybil Attack

In the blockchain context, a Sybil attack is one in which an attacker subverts a system by creating myriad identities to run nodes, and applies them to gain a disproportionately large influence over the network. Alternatively, the attacker may run one node but attempt to operate that under multiple identities.

Blockchains such as Bitcoin's PoW are theoretically vulnerable to the variant of a Sybil attack, a 51% attack aka Double Spending. Such blockchains’ susceptibility to attack is proportional to the hashing power. Any agent that can hold 51% of the hashing power of the network, can overcome the security of that network. However, Blockchains such as Bitcoin are essentially protected from attack, because, to be economically viable, the market cap of the currency must be both sufficiently valuable to justify the cost of obtaining that hashing power, and affordable to the attacker.

In a double-spend attack, a malicious actor attempts to spend their funds twice. Say Bob has 10 tokens and attempts to send 5 tokens to Alice and 6 tokens to Jill. While Bob → Alice and Bob → Jill are both valid transactions initially, this validity depends upon the status of the other transaction. It might be that both of these transactions of equal nonce both succeed in being entered as events – which is unlikely due to internal procedures – however, both transactions can not be confirmed thanks to the aBFT consensus algorithm.

aBFT determines the event’s order, which is equal on all the nodes unless more than 1/3rd of nodes are malicious. First, the order of events is determined, and only then are the transactions executed. This means that there must be an agreement that Bob sent tokens to Alice first or to Jill first. Whichever the agreement falls upon, let’s say the 5 tokens sent to Alice for this example, this event will undergo a successful transaction.

The Bob → Jill transaction attempt will be rejected because its nonce was already "occupied" by the Bob → Alice transaction. Agreement on timing is everything.

Last updated