Strong Connections. Part II: Evaluating a Primary Group

Small-scale sybil attack

We’ll define a small-scale sybil attack for the purposes of this post as one where a person gets verified using one group of people, creates another account, gets it verified using another group of people (with little or no overlap to the first group), and repeats this process as often as possible.

Possible solutions to the small-scale sybil attack

The concept of a “Primary Group” (a small group of one’s closest relations) forms the kernel of solving the small-scale sybil attack problem. The only other solution I can conceive of is to use paid agents which are given special status in the graph and then tasked with investigating everyone in their jurisdiction. A primary group would be less intrusive and have better information on-hand than paid agents. There is a problem with the “Primary Group” approach as it currently stands in the whitepaper, however.

The whitepaper considers Group Sybil Rank–which creates a graph of groups–to be the main anti-sybil algorithm. In it, Primary Groups would connect normally with other groups in the graph. The problem with this approach is that if a Primary Group breaks the rules (i.e. doesn’t consist of only close relations), it could still have strong connections to other groups because in Group Sybil Rank the strength of a connection between two groups is determined by how many connections there are between members of the groups.

The primary group connection

As mentioned in the previous post, a “strong” connection is one that is unlikely to be made between an honest person and an attacker. I’ll describe a new type of connection–the “primary group connection”–that’s meant to function as a strong connection and provide a solution to the small-scale sybil attack.

A primary group connection is made between a person that has intimate knowledge about a primary group and every member of the group. Primary group members invite others to make such connections because they’re strong and therefore very useful for getting verified. This type of connection is one-way (just as recovery connections in the previous post): trust flows from the outside person to the members of the primary group.

The person connecting evaluates the group and rates how well it fits the rules for primary groups. Some examples of rules might be:

  • The head of the group must be the mother of the group members
    • unless the evaluator knows of a reason why the mother should not be the head, in which case the following relations should be considered in order (unless they also have reasons for exclusion)
      • someone who acted as guardian to the group members for the longest time
      • the oldest sibling of a group of siblings
      • the oldest friend in a group of life-long friends
  • All potential members of the group must be in the group unless the evaluator knows a good reason for their exclusion.
  • The group must not have any members that don’t belong according to the rules.
  • The evaluation must come from the connector’s existing knowledge about the group and not from new information given near the time of the connection request.

The person must know and have connections to every member of the group. The connection level is updated to “primary group” on the side of the person connecting in (except to the head of the group because the head will also be a member of another primary group).

In addition to rating a group’s adherence to the rules for primary groups, the person evaluates how well they know each person individually. This becomes part of the overall evaluation.

The subjective evaluation determines the strength of the primary group connections. (All connections will be given equal strength.) It’s possible that a low evaluation could prevent connections from being considered “primary group” connections at all.

Conclusion

Based on the general level of accuracy we’ve seen in the use of subjective labels, that the person connecting has nothing to gain from this one-way connection, and that a primary group connection requires an existing connection to each member of the group, it’s highly unlikely that an honest person will be tricked into creating a false evaluation of a primary group. This makes this type of connection a strong connection.

Because each person is allowed to belong to at most one primary group (and be the head of at most one other primary group if the rules allow it), small-scale sybil attacks become much less likely as long honest users understand the rules for primary groups. A small-scale sybil attack in a graph using primary groups would likely require deception at least as complex as what’s required to commit other kinds of benefits or voter fraud against governments.