An attractor for sybil resistence

(please read this post on attractors before you read the below one xD )

The case for building a primitive for sybil resistance (sockpuppet account resistence) is very strong IMO.

  1. One-token-one-vote systems are inherently plutocratic, giving themselves over to capital over time. But one-human-one-vote systems are democratic.
  2. The majority of the world’s financial lifes are based on their communities + jobs, not their capital investments. If web3 projects want to onboard the majority of humanity into them, they will need to find ways to be more truly democratic.

So how do we move the ecosystem from one-token-one-vote to one-human-one-vote?

We create an attractor for sybil resistance. Simple right?

An attractor for sybil resistance (say, a crypto-economic system that created sybil resistence) would increase the economic payoffs for becoming more sybil resistent. And it would be ambivalent to or even repellant of one-token-one-vote or sybil attacking behavior.

Just like ETH2 is in a stable equilibrium that it is cheaper to defend than it is to attack, this sybil resistent attractor would need to consistently make it cheaper to defend than to attack the attractor to remain stable.

I think the way we do that is by building protocols that make it easy for everyday people all over the world to prove humanity. According to ppl in the know, there are four workable ways of doing sybil resistance.

  1. Nation State Identification
  2. Biometric (eye scanning, fingerprints)
  3. Web of Trust
  4. Presence-based

So basically the attractor actually looks like this.

Why would people in this possible action space want to bother verifying their identity via these methods? They need some reason to want to use the system.

I think we need to help these people with their Job To Be Done.

Some examples of Jobs to be Done:

  1. Contribute via QF on Gitcoin.
  2. Claim my UBI.
  3. Claim an airdrop.
  4. Vote.

So lets update our attractor diagram:

Now lets talk about the incentives for the people in this possible action space to remain entrapped by the status quo. These mostly have to do with risks associated with using proof of personhood/sybil resistance protocols.

  1. “arent all web3 projects scams?”
  2. “what if my identity is stolen?”
  3. “what are the privacy implications?”
  4. “will i actually get this job done?”

Let us again update our sybil resistance attractor:

Let us revisit our initial criteria for the type of attractor we want to build. Is it stable? eg is it reliably cheaper to defend than it is to attack?

Finding System Stability

It needs to be:

  1. Cheap/Easy to legitimately use.
  2. Expensive to falsify.
  3. Expensive to bribery attacks.

I believer that we’re now adding a new criteria to this attractor.

But is the system stable? Well I think that in order to be stable, it needs to have stable (eg recurring/legitimate) sources of capital backing the rewards for the jobs to be done in the system.

Eg capital that comes from those who have sustainable/legitimate sources of funding (governments, profitable DAOs, organizations with a high lindy) and not fly by night sources (3AC, FTX, ICO scammers).

Eg capital that wants the cost of forgery of the identities in the system to be high enough to accomodate their use case. (eg if I checkout on Gitcoin Grants with a $100 match, then I should have a least $100 cost of forgery for my identity. If I get checkout with a $1k match then I should have at least $1k, and so on… )

I also think that it’s important that this system has network effects because exponential growth will allow for the good things bout the system to get better on an exponential curve

Unfortunately, any system that a solid attractor of legitimate users will also be an attractor of illegitimate users. And since sybil resistence is an infinite evolutionary game illegitimate users are likely to evolve their attack methodologies over time.

For this reason, it will be important to have good data science & attack response. I define good here as privacy-preserving, not capturable, not easy to collude + effective at staying 1 step ahead of the illegitimate users.

I also think its important that the identity mechanism + attack remediation layer is plural. Systems that rely on one identity mechanism are monocultures, and thus subject to more fragility + more capture. A system with plural identity mechanisms is desirable because it creates less fragility + less capture.

Hint: If you can go to a village and bribe 100s of people to scan their biometrics once + sell their lifetime identity to you (the attackooooor), you are not collusion-resistent! A more time-delimited approach may be necessary. And if you rely only on one single implementation of biometrics implemented by one team you are not plural!

If we can accomplish the above, I think we can safely go to the detractors or defenders of the status quo that we’ve legitimately answered their concerns:

  1. there are legitimate web3 projects
  2. my identity will be respected
  3. my privacy will be respected
  4. i will get the job done + be on my weay.

Such an attractor would be meta-stable (stable provided it is subjected to no more than small disturbances.) with the first layer of attributes.
and would be stable (stable to most disturbances) with the 2nd layer of attributes.

Is anyone out there building this?

Feedback welcome.

The concept of stratification could help. As Sybil attackers start fresh identities, they use these new identities by building artificial history to extract value or gain influence. As the number of identities increase, the building of artificial history becomes more expensive, so their identity networks and goals get entangled. This is why data analysis works for now. With AI building these identities, it will become exponentially cheaper. Agents will have to disguise their goals not only with random history, but also with history that resembles human agents in order to have a smaller footprint. Stratification could help decrease the impact, but unfortunately, it mirrors the way human networks work, making building a stratified network without bias difficult. Gitcoin’s Passport stamps are trying to achieve this to some extent.

The single score used to define levels and their benefits is too permissive and some grading is needed. As mentioned before, “the majority of the world’s financial lives are based on their communities and jobs, not their capital investments.” Therefore, why not add contributions for the stratification of levels and stamps? Contributions could be technical or non-technical.

As stated on Gitcoin’s website, “the more you verify your identity, the more opportunities you will have to vote and participate across the web3.” Adding contribution levels to stamps will be similar to stratifying stamp benefits based on how human social networks work.

1 Like

With AI building these identities, it will become exponentially cheaper.

I think that AI identities are exponentially cheaper for cost of forgery based on Turing Tests or activity history checks. But I also think that they are not that very impactful with respect to stamps that rely on (1) biometric verification (3) web of trust mechanisms…

I agree that AI changes the game broadly speaking tho. Would love to see more research on how exactly it changes the attractor dynamics.

Therefore, why not add contributions for the stratification of levels and stamps? Contributions could be technical or non-technical.

could you say more about what this looks like?

eg are we talking about a marketplace that makes it easy to fork, edit, propose, and curate/upvote a plurality of scoring mechanisms?

eg in this plural world you have

  1. GitcionDAOFDDScoringMechanism
  2. SupermodularScoringMechanism
  3. BrightIDScoringMechanism
  4. RandomAnon42069ScoringMechanism
  5. and so on an infinitum


One level would need to be complete to get to the next. For example, SuperModularScoring would be used only after Gitcoin’sDAOScoring is complete. So, levels are formed from fully stamped agents on each level.

Contributions in the form of POAPs, or IDs like BrightID, which have the useful property of bringing off-chain events on-chain, could add to this. For example, having a specific POAP could be a requirement to qualify for the next scoring system. Some scoring systems would be harder, and the result would look like a pyramid.

Stratification can be a good thing but can also be something terrible. The levels would need to be carefully selected by the community to prevent bias (For example not everyone can attend some event in Europe). A scoring mechanism with stratification in place could better allocate resources and make Sybil attacks more expensive.

It could work not as a marketplace, but as a forum that lets you fork, edit, propose, curate, and upvote/downvote a plurality of stratified scoring mechanisms.

1 Like

i could see a linear/progression relationship between scores… but i also think plurality is an important attribute of the system too. eg maybe i think Gitcoin’sDAOScoring as a default is fine, but my community has special requirements, so I build my own lineage of stamps/scoring CommunityXScoring permissionlessly.

This is a great point. When there is a plurality of scoring algorithsm they’ll need to be ranked against our values (fairness, accuracy, inclusivity, etc) or curated in some way. There’ll also probably need to be a way to filter out the spam/nonsense scoring algorithsm.

thats fair. we’d need some sort of curation/ranking on top of it, need to think more about what that would look like and what the tradeoffs are between convention/customization. my gut says the protocol should be customizable + the app/product level can lean towards convention.