Sybil attack on Holo-fuel!

In general, there’s no way to ensure that people would “cancel” or “nullify” their negative balance accounts, sort of leading to an uncontrolled, unmanageable inflation!

Looks like there’re a great many trade-offs being made here… Mutual credit seems like a double edged sword!

Well, in short, in a mutual credit system there may be some negative credit limits or not. In your referenced answer, I think Paul is talking about a mutual-credit system where there are none, and in that case it is the decision of every recipient of the transaction whether to spend it or not.

In mutual credit systems where there are negative credit limits, like holofuel, that’s simply managed by the validation rules of the DNA. The most naive way to achieve this is saying “get me all the transaction history of this agent, sum the transactions they’ve made, and see if they are above the credit limit”. Here we as happ-devs have some flexibility as to what rules and mechanisms we want to implement.

1 Like

But those rules don’t at all matter if one person can create a million accounts anyway!

1 Like

Sure, which would lead the developers of the mutual credit DNAs to want to develop a solution that doesn’t allow one person to create a million accounts. Which means, in this case we must know that a person is a person. How do we now that? That would have to be location and context specific solution.

Here in (mildly socialist) Sweden everyone has an app on their phone called BankId which allows them to sign in to government web services, bank accounts etc. The same app can be used to sign any token creating a unique personal hash. So, in Sweden, we could ask everyone to sign a message using BankId the first time they used the mutual credit system.

Maybe you say, what about trustless, what about anonymous?! That is a crypto utopian dream, not a Holochain goal. In fact, a mutual credit system you would want to be trustful and relational. The word “mutual” lends a hint. A mutual credit system is a system where you and I share parts of our economy. Would I want to share my economy with an anonymous yinyang symbol, I think not.

KYC doesn’t scale you say. Maybe it is not supposed to scale? Maybe the right size for mutual credit system is a system that covers your town and the next, nothing more?

7 Likes

Yup… old dreams die hard, you see…

2 Likes

I also defer to @mwl’s and @matslats’ thoughts. While Michael and Matthew may differ on implementation details, I think they agree that human trust is a feature, not a bug. Sure, it can be gamed, and it takes hard work and vigilance to protect, but that’s part of what makes it valuable: The act of learning to trust each other is what makes an economy thrive.

The word ‘mutual’ implies that there is a group of people who trust each other enough to know that nobody is likely to inflate the supply of ‘promises’ in the system. Conversely, each person has enough social pressure that they’d be unlikely to try. Whether those ‘invisible structures’ are diffuse and web-like as with Michael’s LETS or visible and hierarchical as with Matthew’s ‘Credit Commons’, they’re the foundation of the whole system.

Matthew envisions a ‘mutual credit society’ consisting of lots of little cells of people who know each other, trading mostly inside the cell but connecting to people in other cells via a common space, identical to the smaller cell, in which each cell has a presence. (In reality that would look like one member of the cell being a ‘steward’ of cell-to-cell credit exchanges in a larger cell, and so on up and up.)

In this world everyone knows each other — probably before they even join the cell — so the only requirement is to connect an already known real-world identity to a public key – or a limited number of public keys (one for my phone, one for my laptop, one somewhere else). That prevents Sybils, while the real-world social pressure discourages people from trying to create Sybils in the first place.

For situations where anonymity is a good idea – e.g., large networks – I’m curious about @resilience-me’s work on ‘Pseudonym Pairs’, in which each participant in the network is pseudorandomly paired with another participant for a video call (everyone around the world has to do it the same time). This should attach proof-of-personhood to a public key without revealing anything beyond what a participant’s face and living room look like. And because of the randomness, given a large enough pool of participants it should be exponentially hard to de-anonymise one of your counterparties unless you have a large number of colluding participants.

3 Likes

Happy to have Online Pseudonym Parties mentioned @pauldaoust. The original question, @The-A-Man, the point is that sybil attacks in mutual credit have been solved, by Ryan Fugger, in 2003 (his whitepaper. ) Holochain is building on older protocols, so, it will therefore have that problem. If it used multi-hop mutual credit, there would not be a problem. I think in the long term, Ryan’s legacy will dominate, but maybe Holochain 1.0 will fix other things, a bit like how Bitcoin solved half the puzzle (majority social consensus) and Ethereum solved the other half (general purpose computation. )

Online Pseudonym Parties, my solution to “majority consensus” proof-of-unique-human, is very simple, just these methods, register(), immigrate(), dispute(), reassign(), verify(), completeVerification(), claimPersonhood(), transfer(). Shown in 150 lines of code here, OnlinePseudonymParties.sol.

3 Likes

@resilience-me Ought to say, the whitepaper you referenced made my day! No idea why I never found it all these 17 years! Haha…

I guess you’re referring to Holo fuel? And what problems do the existing protocols have? Is it that the path-finding would render it unfeasible? It’s not like peer-routing algorithms in that people can change their trusted neighbors and the amount of credit they trust them with instantly at will unlike peer-routing protocols like kademlia where your neighbors don’t change that often and are rather based on hashes? Is it something else entirely?

From what I understand from Ryan Fugger’s Social Trust Network, I can create a million fake accounts and configure them each such that they all trust each other with 100,000 units, backed by fake non-existent promises. I can send 100k all day between those accounts. However, if Paul still chooses to trust this yin-yang symbol with a hundred units, then that’s fine, and that’s all the trouble I can ever cause to the wider economy! No video-call, no real-world identity-disclosure, nothing! Hell, he doesn’t even have to know my name! Yet I still get to spend or default on at least those 100 units that Paul trusts me with. This effectively encloses bad actors from causing much financial havoc to good decent people. Much like our (Holochain’s) very own immune system, where if you temper your DNA/conductor, you still keep playing the game… it’s just that now you’re playing with just yourself! Others are effectively shielded from you. And the implications of such a system are huge! One code, one happ, one simple set of rules, yet many circles/networks of people, each with its own credibility! Doesn’t it sound like The Holy Grail we were all searching for?

4 Likes

Has to do with what memes spread, and why. In short, the memes that are loudest in ordering genes to replicate them havea survival advantage. Elegant, brilliant ideas can sometimes go undetected because people do not have an elegant state of mind, they are in a state of panic and desperation, struggling to survive and like “quick fixes”.

Your topic is referring to holo fuel and asking about sybil attacks. I point you to that the issue was solved in 2003. Does not mean Holochain as a project has no value, it is probably solving and standardizing other important components, not an expert. Things often evolve step by step.

The one you brought up with the topic you raised here, “sybil attack on holo-fuel!”.

Ryan’s multi-hop approach fixes sybil attacks. It also makes an elegant guaranteed basic income system possible, see https://doi.org/10.5281/zenodo.3539063 if you are interested. My design.

2 Likes

It is impossible to attack Ryan’s system, yes :slight_smile: It is an incredible invention. Still possible to attack the internet layer in it (transmission of data packages) but it removes all cryptographic attack vectors too if all data is exchanged only one hop, which is totally possible (makes public-private key infrastructure like Holochain unnecessary for it, but maybe public-private key can be used for the “internet layer” in it. ) I’m very passionate about what he came up with because I designed a guaranteed basic income system from it, mentioned it in previous reply, https://doi.org/10.5281/zenodo.3539063.

1 Like

I agree it is the “holy grail”. Ryan is a genius, his ability to explain his vision also genius. It is “ideal money”, a perfect monetary system, in my opinion. But I think it might co-exist with “global” systems, Bitcoin-like approach, and have different uses, a bit like how our bodies has an endocrine system besides a nervous system, etc, different approaches for different uses.

1 Like

@The-A-Man just implement DNA that requires biometric entry in the dHapp. Most phones have fingerprint access, and there will be several digital ID solutions popping up, ie Civic etc who’s methodology can be incorporated into Holo

@kristofer made great points and highlights this concept in Sweden’s example

1 Like

Trust is a problem, in my opinion - nothing but trouble. Always has been. It assumes jeopardy, and lays responsibility on others to ensure my safety. Placing trust on someone else can be profoundly unethical - it so often ends in tears. “Disappointed!

LETSystems were designed from the very beginning to be beyond trust, to provide a space where it isn’t a factor. Many others are chasing their holy grail, desperately seeking trust, but we see that as skating on very thin ice, and anyone who believes they’ve got it handled - whether by design or algorithm or qualification or development or moral pressure or credit limits or democratic process - has already fallen right through.

The “trust” word appears once in the original texts - and refers to balancing a bike, not to money.

We have always said - DON’T trust the system, DON’T trust the money, DON’T trust your granny. And above all please DON’T trust Michael (trust me on this) - nobody needs the grief.

See values, learn values, and prosper. Learn how to mind your own business (myob) and how to let others do so too (fiw/fiw).

Here’s how you might begin - and are most likely to succeed if you rtfm.

And “mutual” - the word that everyone uses so confidently - likely trusting that others have the same understanding? I do not think that word means what you think it means - certainly not to me.

So you’re way off my mark Paul - although I think you’ve got Matt dead to rights in his world.

okay, wow, sounds like I really read you wrong. My apologies! Also sounds like there are interesting new things for me to explore – any pointers to where I should jump into the first link re: values and why trust is not needed for LETS to work? (Cuz when I read And Then There Were None, your second ‘values’ link, it feels like it’s all about trust – trust that most other people will play by the same rules as they engage in the ‘ob’ economy, etc.)

1 Like

No apologies necessary Paul, so long as we have the courtesy to read each other right, right?

The key is not to be dependent on the performance of others. Act so as to be ok whether they do what you expect, or don’t. Mind your own business.

The message I get from Eric Frank Russel’s book (among many) is that these ethics will reveal who is useful and who is not.

And if you play the game - and think a bit - you’ll see there need not be a “free-rider” problem, or a Sybil attack worth worrying about.

Ah, got it. Reminds me of ‘mutual sovereignty’. Have freedom, and make decisions to engage or disengage based on your own observations.

Tell me more about how you see Sybil attacks not being worrisome. To my mind, the amount of cognitive overhead needed to sort out who is ‘useful’ and who is an ‘Idle Jack’ is too great when you’re faced with the possibility of a computer’s capacity to generate a bunch of fake humans (or real humans with fake throwaway histories). The only way I can picture MYOB working is if I have access to good quality information.

1 Like

Fortunately the information most accessible to you is also quality - how good is the give and get going for you?
You are an agent in a cloud of agents in any named network. How do you like this cloud? Like it - I can earn, and I can spend easily enough - or leave it?
That’s about all there is, you may know something of the distribution of accounts, trading ranges, velocities etc but there’s not much you can do with that knowledge to mind anyone’s business but your own.
Learning myob, by participation, by being rather than not. At core, being your own money.
Murmuration is lived before learned. Start small and grow outwards? In many tribes.

1 Like

I can accept what you’re saying and I think I agree, but I’m still not 100% sure how to map that to my understanding of Sybils in a digital network (specifically a Holochain one), where a computer’s power to generate throwaway identities and junk histories could overwhelm my sense-making capacity. I’ll have to keep chewing on it!

2 Likes