Sybil Who? How Encointer Uses Real-world Trust To Prevent Fraud

Encointer - Sybil Who? How Encointer Uses Real-World Trust to Prevent Fraud

A Sybil attack describes a scenario where an attacker subverts a reputation-based system by creating multiple identities. Read on to discover how Encointer uses a real-world web of trust to create a Sybil-resistant system. 

“Sybil” is the name of a 1973 book about the psychiatric treatment of a woman with dissociative identity disorder, which resulted in her manifesting many different personalities. Over recent decades, as peer-to-peer computing has become more commonplace, researchers adopted the term “Sybil attack” to describe a form of computing-based fraud where one entity creates many different identities as a way of gaining outsize influence over a network. 

THE IMPORTANCE OF SYBIL-RESISTANCE

Sybil resistance is a key challenge for many online services, whether in the Web3 or Web2 domain. Take the issue of bots and click fraud, for instance. On online platforms, reputation systems often play a crucial role in influencing user behavior. Think about the last product you bought online or the last hotel you booked. We often seek out user ratings in order to get an overview of a product or service from a less biased perspective, or simply to know whether we can trust someone.

Some companies have tried to game this system, however, by setting up bots to create thousands of fake accounts to upvote their products or burnish their reputations illegitimately. Of course, this is by no means a problem confined to Web3. A recent analysis by the online detection service Fakespot revealed that 42% of the 720 million Amazon reviews studied were fraudulent.

So how could this tidal wave of fake ratings, reviews and voting be stopped? One way to severely curtail this type of activity would be to link each review to an individual person. No normal consumer sits down at their computer and submits thousands of reviews or ratings each day, so in most circumstances it would be no problem to restrict each user to say, 10 reviews per day on a particular platform.

While this seems like a logical solution to the problem of click fraud, however, it merely raises a new question: how can we ensure that a single individual user (or bot) cannot open hundreds of even thousands of accounts to circumvent the 10-review limit? One approach would be to ask all users to provide state-issued identification papers in order to open an account. But while this would enable us to detect when the same person attempts to open multiple accounts, it would come at an unacceptable cost in terms of user privacy.

 

HOW ENCOINTER VERIFIES UNIQUE PROOF OF PERSONHOOD

When establishing Encointer, we were faced with a set of similar challenges to those outlined above. We wanted to create the basis for a community currency that would be accessible to anybody who lived in a particular community, regardless of whether they are in possession of state-issued identification. But we also wanted to prevent the possibility that a single individual could set up multiple anonymous accounts to claim the currency fraudulently. Any scenario where someone can generate multiple identities creates an unacceptable risk of fraud and manipulation, which could quickly result in a crisis of trust in any currency issued on the Encointer platform. 

Thus, we needed a way to minimize the threat posed by Sybil attacks, but asking people to submit a government-issued ID to participate in Encointer’s local currencies would have flown in the face of our ambition to create a truly inclusive financial platform. Beyond the privacy concerns, it would exclude more than a billion people in the world who do not posses a government ID, many of whom are highly economically disadvantaged and would stand to benefit from participation.

Encointer minimizes the risk of Sybil attacks using an identity system called unique proof of personhood. The fundamental concept is simple: it’s an incontrovertible fact that any one person can only be in any one place at any given time. On this basis, Encointer requires that each participant be willing to prove their unique personhood at physical key-signing events. All events are held at regular intervals simultaneously around the globe, thus ensuring that any one person cannot participate in more than one meeting and can therefore only claim their allowance of the Encointer currency once.  

Each ceremony involves a gathering of participants selected at random to convene at a randomly chosen location. Each participant at the ceremony scans the validation code provided by the Encointer app for all other participants, thus validating their unique personhood. 

Creating a requirement to prove physical presence at a given location and time ensures that Encointer is secure against Sybil attacks. As Encointer grows, we will expand our real-world web of trust to cities and locations across the globe. Ultimately, Encointer envisages that this web of trust can become a model and a resource for other Web3 applications and services that wish to operate on the basis of “one person, one account” or “one person, one vote”. 

 

If you’re interested in learning more about Encointer’s technology and how it can help boost local economies, promote financial inclusion, and support the future of Web3 development, then make sure to follow us on social media or drop us a message for an informal chat.