Sybil resistance is the outcome of more comprehensive digital identities. This article explores how attestations can unite the ecosystem and create a future that’s resilient to Sybil attacks.
Sybil attacks exploit weak identity mechanisms, thriving wherever there's money to be made or value to be extracted. In a Sybil attack, a malicious user creates multiple identities to manipulate a system or network, like voting systems and airdrops. Poor Sybil resistance can jeopardize a protocol or community.
The recent Arbitrum Airdrop is a prime example: one address used 866 addresses to receive 1.4M ($1.9M) $ARB. Coindesk further reported that nearly 48% of all tokens were distributed to users who controlled multiple addresses.
Despite efforts to detect and prevent such attacks, bad actors continue to find ways to exploit the system. The key to overcoming this issue lies in adopting an offensive approach to Sybil resistance, which focuses on strengthening eligible users rather than just detecting malicious ones or patterns.
These aren’t sophisticated schemes either; the attackers anticipate eligibility criteria and generate hundreds of quality accounts that may be eligible based on on-chain behavior. At the root of all these attacks is an undefined single exploiter.
“Did you know? The name "Sybil" comes from a famous case of dissociative identity disorder (DID) in the 1970s, where a woman named Shirley Ardell Mason had an alter personality named "Sybil".
At its core, a digital identity is a collection of attestations made by various entities over time, representing different facets of an individual's life. Your first identity is when your mother names you. She attested to who you are. Then over time different entities and individuals attest to various facets of your life - if they trust you, your grades at school, the government attesting to your passport, and more.
Attestations are digital records signed by an individual or entity that can be about any type of information. By using attestations and privacy-preserving technologies like ZK, we can create more Sybil-resistant digital identities, significantly increasing the protection of projects from identity exploits.
Ethereum Attestation Service (EAS) can be used to make attestations and build an aggregated representation of a wallet address's digital identity.
Achieving 100% Sybil resistance may seem out of reach and it is, but with a progressive approach and the use of attestations, projects can continue making massive improvements toward this goal. By starting with simple verifications and gradually building more comprehensive identities, we can develop a more Sybil-resistant future.
We can begin building more comprehensive identities and require attestations for eligibility with simple identity verifications, such as:
Phone verification attestations
Social account verifications like Twitter
ENS ownership verification
Attesting to people and things you trust
These simple verifications alone are not enough to prove someone's personhood. Just look at how well the verified checkmark is working for Twitter.
To create a more complete digital identity, we can attest to one's behaviors and achievements, such as:
Attendance at community events or hackathons
Proof of contributions in a DAO
Proof of skill
Proof of residency
Ultimately, as more partners integrate attestation technology, we'll be able to attest to digital identities and provide better proof of personhood and Sybil resistance with:
Identity services verifying one's driver's license or passport
Government attestations to one's citizenship
KYC providers attesting to an address passing their compliance check
Banks attesting to one's financial stability
It’s important to recognize that these types of attestations would be made with privacy-preserving technologies such as zero-knowledge attestations and private data attestations using merkle tree proofs.
Not all identity data needs to live on chain. For example, a government could attest to a simple hash of the passport number and its current status.
Following this approach, we can create a compelling, comprehensive view of an individual's identity, making it increasingly difficult for Sybil attacks to succeed.
Many projects are already working on Sybil-resistant mechanisms that can benefit from the interoperability of attestations made on EAS.
The Ethereum community must coordinate to develop a more sybil resistant future. Trying to solve sybil resistance alone will be a fragmented and never-ending uphill battle. By working together, we can begin attesting to many different facets of one’s identity and allow greater composability and interoperability in determining the eligibility of addresses in a more secure and customizable way.
This interoperability of attestations will enable projects to selectively choose which attestations matter most to them for sybil resistance and authorizations. Some examples in the future may require:
Gitcoin Stamp attestations
POAPs and proof of attendance at certain community events
Sismo ZK badges
Worldcoin Orb attestations
Proof of Humanity attestations
Disco Data Backpacks
Lens Profile Information
Greater adoption of attestations will be propelled by Layer 2 ecosystems like Optimism, incentivizing and coordinating builders to experiment and create more secure, robust digital identities for Sybil resistance.
These types of attestations could be aggregated into a single attestation. For example, you may attest “isHuman” to addresses that are eligible if they have X, Y, & Z attestations.
We envision a future where relative trust is the norm, just like in the physical world. In doing so we can purge any big brother scoring system that exists today.
In this world, all identity platforms and online communities are attesting to different aspects of one's digital identity, and individuals can also attest to the relative trust they have with one another.
This allows individuals and entities to generate their own relative reputations and risk scores for a subject address, enabling projects to calculate their Sybil-resistant rules and determine which attestations are required.
As a community, we need to work together to develop a more Sybil-resistant future. By collaborating, we can create a diverse range of attestations, enabling better composability and interoperability in determining the eligibility of addresses in a more secure and customizable way.
Get started by creating your first attestation, attesting to someone who is your friend. This simple attestation allows one address to attest a "bool"
isFriend to their friend's ENS address.
Try it on:
Learn More About EAS