Does IDV really solve Sybil attacks

andy · 2018-05-29 11:45:17 UTC

The “Overview of White Paper 2.0 Part 1”, demonstrates a valiant attempt at resolving the issue of Sybil attacks. It makes sense to attribute one vote to one account but what would stop the following

A large BOScoin wallet holder splits their holding in lots of 40,000 and distributes to a set of new wallets. They then distribute access to the wallets to trusted individuals i.e. close employees, family etc, then act in unity when voting thereby creating block voting.

Also, for IDA what personally identifiable information is transmitted and who sees it? If it isn’t stored on the blockchain surely that means that the personally identifiable information must transfered to the BOScoin team and therefore the system becomes centralised by default?

Please correct me where I am wrong.

scott · 2018-05-30 01:19:23 UTC

The intended goal for our voting protocol is to give voting rights to as many people as possible in the ecosystem but still limit it to one person per vote. We’re separating node rewards from voting with our Human Identity Authentication/governance model. We are attempting to further separate node ownership from voting, to ensure a sybil attack is very unlikely. If we give voting rights to many more people in the ecosystem, then it further strengthens our voting system, and makes it even less likely a sybil attack could be pulled off successfully. The costs, coordination, and trusted humans available would make it unlikely.

scott · 2018-05-30 01:23:20 UTC

the Iris https://simple.wikipedia.org/wiki/Iris_(eye) is scanned by our application, and the data is digitized and stored on the blockchain but encrypted via homomorphic encryption. This information never is decrypted, when you authenticate yourself, you take a current Iris scan, and the application validates your current Iris with the one on file, but by never decrypting the original file, so it is never compromised.

andy · 2018-05-30 14:52:55 UTC

Very interesting, thanks for explaining Scott. Theoretically would you agree that it still possible for individual voters to coordinate as cliques or is the current distribution of accounts broad enough to avoid coordination in voting?

Is there a minimum stake required to take part in voting if you looking for as many people as possible and it’;s seperate to nodes?

The Iris scanning approach sounds like genius, effectively, your eye becomes your key (for voting). Would there be specific hardware requirements or is that too far down the line to answer?

Chef_Bedo · 2018-05-30 22:02:20 UTC

I was also curious if extra hardware was required for iris scanning but up until now nothing has been released so keep an eye out in the upcoming White papers

scott · 2018-05-30 23:43:16 UTC

The discussion forum is the place for open discussion on the proposals, so yes, people will influence others decisions. People will lobby for their side of the argument on whether to vote yes or no to any proposal.

Blockquote
The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks.

Our human identity authentication and homomorphic encryption protocol will prevent people from forging identities because you have to be an individual human being. It is very difficult if not impossible to use software alone to pretend to be hundreds of human beings with unique Irises.

A person with a million BOS could divide their BOScoin into individual wallets, and then give control of those funds to people, who would then vote together either for or against a proposal, but that is alot of money to trust to a third party to gain 1 more Vote, and with our system, we are attempting to have many voters, so the weight of that 1 votes become very small, at a huge cost to the person who owns the BOS. Also, because we have the Iris information, and that isn’t being changed, the congress can ban individual humans from the network if they are bad actors. You aren’t changing an email address or IP address to bypass our security.

The developers and ARIST are working on our human identity authentication protocol, and these are Masters and PhD level researchers, and not a couple of undergrads working out of their garage. No system is 100% effective, but we can make it very difficult to game our voting protocol, and if caught make it very costly to the person(s) attempting to vote multiple times.

scott · 2018-05-31 00:09:39 UTC

Our homomorphic encryption and Human Identity authentication protocol hasn’t be published. It is being developed by experts in the field, and integrated into our blockchain protocol. The code will be open sourced, and open for review by anyone, so when we have a working testnet, and our governance protocol is integrated then you can review the code. No security is 100% effective, but with good testing and design we can make it very difficult to game our voting protocol.

andy · 2018-06-01 10:14:35 UTC

Really interesting stuff, i do agree with you that the idea of splitting a wallet creates a counterparty risk for the original holder which would disincentives the strategy. The 1 person 1 vote approach is true democracy, great work team