In other words it Sybil attacks that create long chains of nodes owned by the some person, but it doesn't stop Sybil attacks that aim to get everyone else on the network to route through you instead of someone else.
Right - and this gets to perhaps the stickiest point on this: is a node a Sybil if they are the most efficient route into the network? If a single node can make all the blocks, they still only hurt themselves by adding hops (reducing block time, opening door for someone else to do it faster).
Many people argue that because nodes can still create an arbitrary number of identities, that they are in fact Sybilling. I believe that is incorrect, and [Wikipedia](https://en.wikipedia.org/wiki/Sybil_attack) seems to agree:
"[A Sybil Attack] is an attack wherein a reputation system is subverted by creating multiple identities"
If you take 'reputation system' generally to mean a system where nodes are gaining power from their identity, or in the case of Saito: their behavior, then you can easily say Saito is Sybil Proof even if it allows arbitrary identities because the 'reputation' you use to influence the network cannot be gamed by making additional identities - even though making them is free.
If all transactions flow through an attacker's nodes they can censor transactions they don't like.
The reputation in this system is properly routing transactions. If someone notices a node censoring transactions they could blacklist that node, but the attacker can instantly spin up another.
Yes, but take this to the extreme and you have nodes who do not wish to censor literally fighting to get to censored, paying users.
The more the censored transactions build up, the easier it is for any honest node to swoop in, outpace the attacker and earn the rewards. And then those users now have a node who is willing to include their data - the incentive structure leads to these connections.
The point is that nodes who censor are giving up money to anyone else willing to include the data.
Short answer is that as such activity continues the incentives to compete by behaving less duplicitously also increase - that may mean unorthodox means of finding those users in extreme attack scenarios like your example tends towards - but in basic cases there are proofs nodes can provide of previous performance which can't be Sybilled.
>incentives to compete by behaving less duplicitously also increase
There are no disincentives to do it and people may want to do it regardless of any incentives that are in place. There being transactions that are illegal to relay (money laundering), so legally nodes are unable to relay no matter the incentives.
>that may mean unorthodox means of finding those users
This has poor usability. Normal users don't want to deal with manually finding nodes themselves. It is hard to figure out the reputation of nodes when their is no hard proof of who the actual owner is.
Well I hoped you wouldn't continue in this thread because I laid out a secure interactive proof scheme that DOES offer statistical proof that a node behaves and performs well, and that it is not likely a Sybil.
If you are that concerned with reputation, you can ask for token lock-ups - further diminishing the ability of many identities appearing distinct.
But the greater point is that these are not Sybils, because they do not gain power over the system. If your counter-point to that is that users will waste money then clearly this attack is not sustainable - some node can take that revenue by saving users' money.
And if your concern is so extreme that a whole network around a user is locked down, then I can make a similarly unusual case that physical transmission of data is incentivized - because it is.
Of course recovering from extreme cases is not user-friendly - but the point is that you can recover and these states of total control are not sustainable; it would take a lot of work to even get into one of these states and it wouldn't even offer the attacker an ability to hold it.
So in practice it is unlikely to happen. The same way it's unlikely you will keep buying bread from the guy that charges twice the market rate.
I'm not sure why you are continuing because it's impossible to defend against all Sybil attacks in an open network.
>If your counter-point to that is that users will waste money then clearly this attack is not sustainable
One simple scenario where it is sustainable is when you are a part of a competitor's network where the existence of the other network results you in making less money. If the attacker wants to destroy the other network to gain market share they may be willing to have a budget they spend each month to attack it.
>And if your concern is so extreme that a whole network around a user is locked down
It's not extreme if there is to defense to it.
>it would take a lot of work to even get into one of these states
As I mentioned it is easy to run multiple instances of the software to become the majority of the network.
>The same way it's unlikely you will keep buying bread from the guy that charges twice the market rate.
If you check 100 stores in your area and they all charge that rate you may think that's the market rate.
You seem to be concerned about censorship attacks -- attacks that necessarily involve orphaning work in some capacity -- either orphaning blocks produced by honest nodes, or orphaning (refusing to include) tx-embedded routing work being sent from honest users.
The payout lottery does make censorship costly for all attackers who orphan work, but you'd need to specify the exact attack method if you want a discussion of specific work-orphaning attack vectors. Even nodes with a majority of "routing work" do not have the ability to costlessly orphan work produced by other nodes, so it isn't clear what exact attack you have in mind or why you think controlling a bunch of first-hop routing nodes under different identifies somehow makes these costs go away.
I'm not personally attacking you by stating my disappointment in you continuing the same argument in two different threads.
I will, again, reiterate that a Sybil attack is about power, not about convincing people you hold multiple identities - that is simply the means - it is not an effective attack if it doesn't get you that power over the network. The proof in the post clearly demonstrates how Sybilling reduces power in that scheme.
Your attack is not a Sybil attack - you've simply surrounded a user with extremely uncooperative nodes who manipulate or censor the user (the former of which isn't even economically feasible in the scheme of the OP, but that's tangential). If the uncooperative nodes surrounding the user all authoritatively proved they were unique identities, well, it obviously wouldn't be a Sybil attack then.
Yet these *unique* uncooperative nodes can perform the equivalent attack you keep bringing up. If you've read carefully at all, then you know I've just proven it can't be a Sybil attack - because *it has nothing to do with node identity and is not reliant on duplicating.*
Furthermore, this attack you describe, which is not strictly reliant on Sybilling, is on a user and not the network. I go as far to argue that even this individual user has recourse, which is beyond the primary claim - and as far as I'm concerned, true.
So addressing that - your argument is that nodes can afford to attack users because they can budget in the expense and surround users. But you can't carry this through - it always involves ripping users off and getting more money from them, and there are various ways for users to escape, including getting a new ISP.
In fact, even traditional monopolistic strategies don't even work to drown competition - because the network is open and it cannot be 51% attacked, so no majority can ever exclude competing nodes from publishing to the chain and earning rewards.
If a user has a constrained network which only routes to one provider - that isn't a Sybil attack, and it certainly isn't an attack on the network itself. I took the liberty to go above and beyond and argue that even these practices become unsustainable when you have a network with these qualities.
But I do not concede that just because one way you can perform this attack is by Sybilling that it is actually a Sybil attack - as I proved by showing you can perform it without duplicating oneself - hell you can do it with a single presented node to the user; what you are describing is hoarding network traffic.
Anyone can declare they have a sybil proof network if they have the power to declare everything that invalidates the proof as being non-sybil.
It might be a productive discussion if there could be an agreed upon definition of Sybil. The "proof" requires Sybils to inject an excess hop but no rationale as to why they would do so.
Saito is as vulnerable to Sybil attacks as Bitcoin is to miner concentration. In an open network cooperating nodes will always have an advantage over independent nodes. You cannot distinguish between the two in a permissionless network.
You're not describing a sybil attack. You're talking about censorship.
If you want to address that, your best strategy is to incentivize people to run access points that do not censor. This requires payouts to routing nodes in proportion to the value of the transactions they process, which requires the ability to make routing payouts, which requires a sybil-proof routing mechanism.
