Anti-Sybil academy

WARNING!

This document is under construction. Upala insights are on the way…

Basics of digital identity

Main challenges

Sybil attack. How to prevent a malicious actor from creating multiple accounts?

Account recovery. Relying on password is not enough. Managing private keys or mnemonics is too complex. Hardware tokens are rare. We need to build a secure system for the unskilled, the absent-minded and the naive.

Incentives. Until widely adopted one cannot call it an identity system. We need a lot of businesses and a lot of users. But why would anybody participate?

It does matter who you are, where you are and who you friends with. We will often use this as a metaphor to shape our thinking when solving these problems.

Sybil attack protection

The sibyl attack problem

Imagine two situations:

1: Alice and Bob are twins. They live in the same flat. Alice is out in the morning and home in the afternoon. Bob is out in the afternoon and home in the morning. They meet different people when they are out but never the same ones. They never invite guests.

2: Isabel is diagnosed with dissociative identity disorder. She has two phones. One has an account registered with her real name. And the other is registered with her alter ego — Sibylla. Isabel is out in the morning and home in the afternoon. There she changes her pale pink standard waitress uniform for a stunning evening gown and goes to a luxurious cocktail party. She gracefully grabs the phone registered for Sibylla. Isabel and “Sibylla” meet different people and never invite anybody to “their” home.

Here Isabel is performing a sibyl attack. We need to “punish” Isabel and “reward” Alice and Bob.

Projects and papers

Links for digital identity enthusiasts. I use this document as personal archive and read-later list. I thought it isworth publishing. It is good source of quality info on digital identity and related topics.

Identity projects

Uniqeness, trust

Storage and access

Mainly concerned with granting access to parts of identity inforamtion.

I categorize project below as ICO-boomers (sorry I may be very wrong):

Recovery

  • keybase
  • gnosis safe - wallet
  • Argent - wallet
  • ZeroPass - recovery based on key splitting. is building a decentralized solution. ZeroPass is building a decentralized password manager.
  • You - You are the password. Decentralized password manager. Uses Phone to login.
  • https://securekey.com/ - funded by world bank
  • https://pillarproject.io/project - “The Wallet is Everything”. Building a wallet with identity strage functionality. No details about recovery except they are planing to use hardware wallets and friends.
  • https://rivetz.com/ - recovery. DUAL ROOTS OF TRUST - software wolutions for splitting keys (expl. SIM card + smartphone secure enclave)
  • EIP2429 - Secret Multisig Recovery. Social recovery using address book merkle proofs.

Zero Knowledge, privacy

  • AZTEC protocol- “Being able to prove that you’re part of a group, without revealing who in the group you are”.
  • https://enigma.co/ - secure computation protocol, where “secret nodes” perform computations over encrypted data.
  • https://status.im/ - secret messaging check it out

Blockchain social networks

  • Akasha - соц сеть от Михая todo
  • Сикорка - Пруф местоположения на блокчейне ethereum. todo

Other

KYC-services

  • Jumio- AI-Powered Identity Verification Services

UBI and decentralized landing


Articles

Sybil attack protection in social networks

Sybil tolerance
Reputation-based

Universal basic income and credit networks UBI

Game theory

Zero-knowledge

Decentralized unique identity