BrightID verification is based on person to person connections. This creates a social graph. Attackers create duplicate accounts (sybils) and connect them to the graph, hoping to pass them off as real people.
Yellow nodes represent a sybil attack. Green nodes represent seeds, which help to identify the honest part of the graph (blue nodes).
Verification methods analyze the structure of the anonymous graph of connections. People need to be sufficiently connected to the honest part of the graph to become verified. Analysis methods find the “honest part” using seeds or pre-trusted people.
- All communities should have access to seeds.
- Suspicious connections to seeds are pruned.
- Seeds are manually checked for honesty. Ideally, this is decentralized.
Sybil attackers try to connect their sybil accounts to honest users in order to have more connections to the honest part of the graph and get verified.
In order to prevent social engineering attacks, any connection that will increase the likelihood of a sybil getting verified should be prevented. The honest target should be motivated and equipped to prevent such connections.
Aura hosts the best motivated, best equipped, and most capable sybil defenders. Sybil defense moves from casual BrightID users to elite Aura players. Sybil attackers are forced to target highly skilled Aura players rather than BrightID users.
Aura players have “skin in the game.” Mistakes by professional players cost them future earning potential.
Aura is resilient against fraud. If an energy flavor becomes corrupted, other flavors are waiting to take its place. The market for apps needing uniqueness verification determines which flavors are the most valuable.
The economics of Aura drive global scalability. Apps seeking to expand into regions lacking verification can reward energy flavors that cover those regions. On a local level, the need for BrightID verification drives well-connected users to learn to become Aura players.
Based on observations of BrightID user participation, we can divide users into two categories.
App users represent 95% of users. They’re interested in BrightID as a way to use or enhance a particular app they care about. They’ll do what they need to do to get verified and not much else.
Inquisitive users represent 5% of the user base. They use apps, but also become interested in how BrightID works. Once they’ve been verified, they begin to explore what else is possible with BrightID. They’re capable of noticing attempts by other users to exploit the system. They think about how attacks might succeed and how they might be prevented.
Aura players consist of inquisitive users. They assign honesty points to those they know well. This contrasts with normal BrightID users, who in most cases only label how well they know someone and don’t try to assess their honesty.
Aura players send each other energy, which represents the power to verify other BrightID users. This results in an inner graph composed of Aura players and an outer graph of the rest of BrightID users.
Becoming verified through Aura is simple for regular BrightID users. They don’t need to use Aura; they just need to connect to at least one Aura player. The player will rate the honesty of the user using the tools available to them.
It may take time for a new BrightID user to find an Aura player that knows them well enough to rate their honesty. The time will reduce as the number of BrightID and Aura users grows.
The Aura interface is a set of tools to help players judge BrightID users’ honesty and assign energy to other players.
Players look at their mutual connections with other users. If expected “already known” connections are missing, this could be a sign of a sybil attack, and a player will withhold honesty points.
Players look at inbound and outbound energy flows for players they assign energy to. Players are responsible for the energy they give to immediate downstream players, and should cut off energy to suspicious players.
Players are alerted to changes in activity from immediate downstream players. This could include changes to their inbound and outbound energy, or to the group of BrightID users receiving honesty points from them. Players should cut off energy to suspicious players.
A team of sybil defenders can create an energy source and brand it, turning it into a new flavor of energy. A small fee paid in $Bright prevents spamming new energy flavors.
The energy team that controls the source restarts each analysis round with all the energy of that flavor. It then flows as allocated by Aura players.
Members of an energy team manage themselves. It takes a two-thirds majority vote to add or remove an energy team member.
Only energy team members start with energy at the beginning of analysis rounds. Energy then flows downstream to recipients managed by allocating energy through the Aura interface.
Each energy source has its own flavor, and its flow is independently calculated.
Players choose up to five energy flavors for their personal energy composition. Energy received by a player in a flavor not in their composition is absorbed (not passed on).
Apps choose verification methods that include one or more energy flavors in their analysis. Only included flavors can help players verify other users.
Flavors therefore compete with each other for usage by players and apps.
Each flavor of energy comes with a reward bucket to which anyone can add $Bright to be regularly distributed to players proportional to the amount of that flavor of energy they hold.
This system provides an easy way to pay for effective sybil protection by Aura players.
App creators can sponsor the best players by adding rewards to high quality energy flavors that factor into the analysis methods they use.
Creators or early proponents of a new energy flavor can add to its reward bucket to encourage early adoption by players.
- https://nymity.ch/sybilhunting/pdf/Yu2006a.pdf ; https://github.com/BrightID/BrightID-AntiSybil/wiki/Anti-Sybil-Systems ;
- Aiding the Detection of Fake Accounts in Large Scale Social Online Services | USENIX ; Improving Sybil Detection via Graph Pruning and Regularization Techniques ; https://www.researchgate.net/publication/303789185_Trust-Based_Sybil_Nodes_Detection_with_Robust_Seed_Selection_and_Graph_Pruning_on_SNS ;
- SybilRank uses far fewer resources in the Aura social graph because the power iteration only flows energy through the inner graph of Aura users. Other BrightID users are connected by a single hop to the inner graph. Verification depends on the honesty ratings given to a user and the energy levels of the players giving them those ratings. (Only Aura players have energy.) This is a simple calculation that can be done on the fly when a user requests a verification.
- Fees are paid to the non-profit fund for Aura research and development.
- Via power iterations as in SybilRank.
- This integer is a global Aura constant that can be adjusted based on real-world analysis.
- The depositor determines the flow rate of the reward. For example, they could deposit 1000 $Bright to be distributed over 10 days. A small percentage of the reward is sent as a fee to the non-profit Aura fund to pay for the maintenance of the reward system and Aura’s research and development. Early depositors could be rewarded via attention streams.