Possible Sybil attack: multiple *big* Stake Pools run by the same person

incentives

#1

I’ve been reading from the following paper: Reward Sharing Schemes for Stake Pools

The idea is that the reward for a stake pool is capped, so that pools don’t have the incentive to grow and control the entire protocol.

I have analyzed some scenarios I came up with, and if I’m not missing something, then the cap scheme is in peril. This is because the same person could run multiple stake pools at maximum uncapped size each.
Here is a Google Docs spreadsheet with the concrete case.

One way to prevent this is to identify the real-world persons running the pools, so that we can find out whether whether they are running multiple pools [Edit as per hayamoto_jr’s answer: or colluding with each other].

This shouldn’t be too hard to do, since the number of pools is targeted to be around 100 1000. However, this needs to be reconciled with the current protocol (i.e. people need to prove stake in order to vote on pool owner’s uniqueness).

Do you think my analysis is correct? Am I missing something?

[Edit: as per canopus’ answer, I was missing the fact that owning a large part of the stake pool makes you inherently interested in the network going well, which is tied to people trusting it. So that makes you want to be a “benevolent” “dictator”. But this doesn’t explain why there is a minimum target for the pool count.]


#2

Sybil attacks are carefully considered in the protocol design: Cardano Community Meetup in London: Ouroboros PoS Research - Prof. Aggelos Kiayias - 1:11:38

Basically, there will be a mechanism that deincentivizes Sybil behavior by making it expensive.

One way to prevent this is to identify the real-world persons running the pools, so that we know whether whether they are running multiple pools.

Even if you identify everyone, how would you know a subset of the people aren’t secretly a cartel?

number of pools is targeted to be around 100

According to the latest data, we can expect around 1000.


#4

@haya
Thank you for pointing me to this exact question being asked!

I did not realize the protocol is addressing this at a lower level as well: the stake pool certificate itself requires significant ADA.

I will have to integrate this into my analysis.


#5

Since the stake pool certificate seems to hold the pool leader’s stake, I can identify it as lambda in the Reward Sharing Schemes paper.

Therefore the argument Prof. Aggelos Kiayias makes in the video seems to be the same one as in the paper.

According to the paper, yes, it disincentivizes this behavior among small pools (bigger pools get more money). So it gets rid of cheap spammers. But I argue it doesn’t do it for large pools pretending to be smaller (or pools colluded with one another, as you say).

So it does not get rid of dictatorships appearing as distributed, as far as I can tell.

Therefore my analysis and the issue still stand.


#6

Not sure what threat to the system you are referring to.

If some entity has a large investment in ADA, isn’t it automatically discouraged from attacking the system? Then why should that entity be prevented from setting up optimal number of pools so as to allow for the best returns on investment the protocol allows.

This is not the same as Sybil attack in which someone who has little investment (stake) in the system sets up pools with the intention of taking control of large stake by registering a large number of pools.


#7

@hayamoto_jr

The incentives paper addresses Sybil attack by penalizing the rewards proportionate to the stake committed by the pool operator.

From what I understood the reward of the entire pool is penalized causing even the members of the pool to share the penalty. That encourages the desired behavior also among ADA holders who want to delegate their stake. They are incentivized to delegate their stake to pools whose operators are committing significant stake themselves.

I wonder whether the penalty is sufficient to offset the projected gain from cost=0 and margin=0.

Someone who’s planning a Sybil attack will most likely take advantage of these two settings while registering their pools to trick members into delegating their stake to these pools.


#8

Your theses @autoencoder, “dictatorships could appear as distributed actors.”

Could they? Yes, they could.

“One can have, some claim, as many electronic personas as one has time and energy to create.”
– Judith S. Donath from The Sybil Attack PDF

Why would anyone do this? Because they have aligned self-interest, IOHK, Emurgo, and the Cardano Foundation are separate but do collaborative as one by protocol design, all pools do.

You asked if you are missing something? On the surface no you are not, but beneath it you are. PoS systems by the plan are a “dictatorship” if you will, we want this authority, verifiable math, in fact, as a species, we are demanding absolute truth now, not willing to believe anyone but the demonstrated truth.

By design, Cardano’s PoS validates your theses.

Is a “dictatorship” good or bad?

Pool leader profile is publicly known by signing pool cert:

  1. Pool leader stake (owned by single spendable address)
  2. Operational costs (direct reward to cover pool, based on average not necessarily actual)
    Rewards are proportional to the total stake contributed to the pool leader.

The view presented is that “dictatorships” are aligned interests, Cardano’s PoS protocol is very innovative, allowing everyone to vote and move their stake for their own “dictator” making the case that Cardano’s ledger is always in aligned interests…


#9

This is exactly the issue I am talking about. And I thank you for your insight here: anyone with a sufficiently large investment in ADA wants ADA’s success, since they depend on other people also using it, in order for their investment to hold its value. That is the dot I failed to connect myself! Thank you.

Consequences:

  1. I suppose that is also the reason why Bitcoin and other heavily centralized networks still work well. Even those very powerful actors want the network to perform well.
  2. There is not much point in penalizing large pools, then (and capping the reward with respect to stake). Why incentivize setting up an “optimal” number of pools under your control, rather than just one pool which honestly says it’s just one actor?

#10

I now get that some “dictators” are benevolent (i.e. the ones depending on people still using their network have to satisfy those people).

However, in this case, what is your explanation of why this paper provides this mechanism for limiting the reward, once a pool gets to a certain amount of stake?


#11

Limit the reward potential to target the number of pools.
Assume a pool-operator-stake size of S.
They can change the S requirement up and down to get network optimization.


#12

What is the point in the same organization running multiple pools instead of just one big pool?


#13

Primarily safety, never put all your eggs in one basket.

Also, the protocol will demand this sort of strategy, not for safety necessarily but allow diverse participation.


#14

I guess that kind of works as an explanation. Thank you!

I don’t buy that one though… I think there’s nothing preventing diverse participants from entering whether you have:

[Small dictator pool 1] [Small dictator pool 2] [Diversity pool]

or:

[          Big dictator pool                 ] [Diversity pool]

#15

We are better off going to the actual paper:

  1. Our mechanisms are parameterized by a target value for the desired number of pools. We show that by properly incentivizing participants, the desired number of stake pools is a non-myopic Nash equilibrium arising from rational play.
  2. Our equilibria also exhibit an efficiency / security tradeoff via a parameter that allows them to be calibrated and include only the pools with the smallest possible cost and/or provide protection against Sybil attacks, the setting where a single stakeholder creates a large number of pools in the hopes to dominate the collaborative project.
  3. We also experimentally demonstrate the reachability of such equilibria in dynamic environments where players react to each others strategic moves over an indefinite period of interactive play.

See - Theorem 1. Every perfect strategy is a Nash equilibrium.

4 Two stage game
Definition of the game. In order to also capture non-myopic moves in response to pool leaders changing margin or allocation, we define a two stage game, the “inner-outer game”. Similar non- myopic play has already been considered in other games, most notably in Cournot Equilibria, as is discussed in the introduction and related work. In this section we reuse non-myopic utility and desirability as defined in previous sections, but when a pool has not been activated in the inner game, we define its desirability to be zero. This gives us a more realistic result, because in practice only pools that have already been created will be ranked.

This is of particular note:
The intuition for how the set of margins of these joint strategies is determined is the following: The k players with the highest potential profit P (si , ci ) set the maximum margin they can, so that their pools belong to the k most desirable pools (the pools with the highest desirability), no matter which margins the other players set.

So when I said, diverse participation, it was with this very k target in mind.


#16

Are you assuming that the entire stake in a pool is from wallets owned by a single entity? Your point applies in that special case only.

However, if the stake of the pool operator is only a fraction and the rest is delegated to that pool by other entities then it makes sense to prevent the pool from exceeding the desired size.

Additionally, each pool will contribute some infrastructure to the network; say for example, relay nodes of certain capacity. Considering that, there is certainly benefit in having 1000 pools compared to 10 pools.


#17

For the purposes of controlling the network, the paper assumes a player can only allocate to a single pool: they even say so:

2.2 Definition of the game
We make the assumption that every player can be the leader of only one pool and each player has
stake at most z 0 = 1/k. Players with stake more than z 0 or wishing to open more than one pool can
be thought of as a set of distinct players, see also Section 5 on Sybil attacks.

5 Sybil Resilience
[…] let us consider an attacker who has stake S < 1/2 and creates multiple identities lying about its costs with the objective to obtain k/2 saturated pools with stake S/(k/2) each one and control the system

It may be that the attacker fails to control the system and represent more than 50% of the stake without owning more than 50% of the stake, as that is what the paper suggests. I suppose this works by discouraging people from joining such big pools.

But the attacker still attracts undeserved rewards by creating multiple “saturated” pools instead of a single “oversaturated” one. However this is not that big of a problem.


#18

You are right, I understand and I agree with you now. The system discourages other people from delegating stake to pools too large.

And if someone has more than 50% of stake, they have absolute control anyway.

Thank you!


#19

I want to say thank you @autoencoder for following up and closing this post out.