The Sybil Attack

  • John R. Douceur
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2429)


Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these “Sybil attacks” is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.


Hash Function Random Oracle Multiple Identity Distinct Identity Local Entity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    T. Aura, P. Nikander, J. Leiwo, “DoS-Resistant Authentication with Client Puzzles”, Cambridge Security Protocols Workshop, Springer, 2000.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, “Random Oracles are Practical: A Paradigm for Designing Efficient Protocols”, 1st Conference on Computer and Communications Security, ACM, 1993, pp. 62–73.Google Scholar
  3. 3.
    W. J. Bolosky, J. R. Douceur, D. Ely, M. Theimer, “Feasibility of a Serverless Distributed File System Deployed on an Existing Set of Desktop PCs”, SIGMETRICS 2000, 2000, pp. 34–43.Google Scholar
  4. 4.
    M. Castro, B. Liskov, “Practical Byzantine Fault Tolerance”, 3rd OSDI, 1999.Google Scholar
  5. 5.
    D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, CACM 4 (2), 1982.Google Scholar
  6. 6.
    B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, “Private Information Retrieval”, 36th FOCS, 1995.Google Scholar
  7. 7.
    I. Clarke, O. Sandberg, B. Wiley, T. Hong, “Freenet: A Distributed Anonymous Information Storage and Retrieval System”, Design Issues in Anonymity and Unobervability, ICSI, 2000.Google Scholar
  8. 8.
    F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, I. Stoica, “Wide-Area Cooperative Storage with CFS”, 18th SOSP, 2001, pp. 202–215.Google Scholar
  9. 9.
    D. Dean, A. Stubblefield, “Using Client Puzzles to Protect TLS”, 10th USENIX Security Symp., 2001.Google Scholar
  10. 10.
    R. Dingledine, M. Freedman, D. Molnar “The Free Haven Project: Distributed Anonymous Storage Service”, Design Issues in Anonymity and Unobservability, 2000.Google Scholar
  11. 11.
    R. Dingledine, M. J. Freedman, D. Molnar “Accountability”, Peer-to-Peer: Harnessing the Power of Disruptive Technologies, O’Reilly, 2001.Google Scholar
  12. 12.
    J. S. Donath, “Identity and Deception in the Virtual Community”, Communities in Cyberspace, Routledge, 1998.Google Scholar
  13. 13.
    C. Ellison, “Establishing Identity Without Certification Authorities”, 6th USENIX Security Symposium, 1996, pp. 67–76.Google Scholar
  14. 14.
    U. Feige, A. Fiat, A. Shamir, “Zero-Knowledge Proofs of Identity”, Journal of Cryptology 1 (2), 1988, pp. 77–94.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    A. Fiat, A. Shamir, “How to Prove Yourself: Practical Solutions of Identification and Signature Problems”, Crypto’ 86, 1987, pp. 186–194.Google Scholar
  16. 16.
    Y. Gertner, S. Goldwasser, T. Malkin, “A Random Server Model for Private Information Retrieval”, RANDOM’ 98, 1998.Google Scholar
  17. 17.
    A. Goldberg, P. Yianilos, “Towards an Archival Intermemory”, International Forum on Research and Technology Advances in Digital Libraries, IEEE, 1998, pp. 147–156.Google Scholar
  18. 18.
    J. H. Hartman, I. Murdock, T. Spalink, “The Swarm Scalable Storage System”, 19th ICDCS, 1999, pp. 74–81.Google Scholar
  19. 20.
    A. Juels, J. Brainard, “Client Puzzles: A Cryptographic Defense against Connection Depletion Attacks”, NDSS’ 99, ISOC, 1999, pp. 151–165.Google Scholar
  20. 21.
    L. Lamport, R. Shostak, M. Pease, “The Byzantine Generals Problem”, TPLS 4(3), 1982.Google Scholar
  21. 22.
    K. R. Lefebvre, “The Added Value of EMBASSY in the Digital World”, Wave Systems Corp. white paper,, 2000.
  22. 23.
    D. Mazières, M. Kaminsky, M. F. Kaashoek, E. Witchel, “Separating Key Management from File System Security”, 17th SOSP, 1999, pp. 124–139.Google Scholar
  23. 24.
    A. J. Menezes, P. C. van Oorschot, S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  24. 25.
    R. C. Merkle, “Secure Communications over Insecure Channels”, CACM 21, 1978, pp. 294–299.Google Scholar
  25. 26.
    T. Narten, R. Draves, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”, RFC 3041, 2001.Google Scholar
  26. 27.
    K. Ohta, T. Okamoto, “A Modification to the Fiat-Shamir Scheme”, Crypto ŕ88, 1990, pp. 232–243.Google Scholar
  27. 28.
    M. K. Reiter, A. D. Rubin, “Crowds: Anonymous Web Transactions”, Transactions on Information System Security 1 (1), ACM, 1998.Google Scholar
  28. 29.
    A. Rowstron, P. Druschel, “Storage Management and Caching in PAST, a Large-Scale, Persistent Peer-to-Peer Storage Utility”, 18th SOSP, 2001, pp. 188–201.Google Scholar
  29. 30.
    F. R. Schreiber, Sybil, Warner Books, 1973.Google Scholar
  30. 31.
    A. Shamir, “An Efficient Identification Scheme Based on Permuted Kernels”, Crypto ⩭9, 1990, pp. 606–609.Google Scholar
  31. 32.
    S. Turkle, Life on the Screen: Identity in the Age of the Internet, Simon & Schuster, 1995.Google Scholar
  32. 34.
    M. Waldman, A. D. Rubin, L. F. Cranor, “Publius: A Robust, Tamper-Evident Censorship-Resistant Web Publishing System”, 9th USENIX Security Symposium, 2000, pp. 59–72.Google Scholar
  33. 36.
    J. J. Wylie, M. W. Bigrigg, J. D. Strunk, G. R. Ganger, H. Kilite, P. K. Khosla, “Survivable Information Storage Systems”, IEEE Computer 33 (8), IEEE, 2000, pp. 61–68.Google Scholar
  34. 37.
    P. Zimmerman, PGP User’s Guide, MIT, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • John R. Douceur
    • 1
  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations