Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CJDNS hype

Michael Rogers michael at
Mon Jul 15 07:52:33 PDT 2013

Hash: SHA1

On 15/07/13 01:49, Mitar wrote:
>> BTW, how do you propose to make Sybil nodes "impossible"?
> I don't. I am just making an argument, that maybe there is some way
> we (or I) don't yet know which would allow us to don't have to
> trust other nodes with anything else that they forward the packet.
> And if they don't, we can maybe detect that and remove them from
> the routing path. So at the end maybe it is not even important if
> Sybil nodes are possible or impossible. You just care if they
> forward the packet. If they do, this is it. If they don't (from
> whatever reason, being malicious or just malperforming), you route
> along that, no? But to be able to route around, you have to be able
> to have multiple paths.

Hi Mitar,

If there's no protection against Sybil attacks then in general it's
impossible to route around faulty nodes or links. The problem is that
in order to detect faults, we have to associate some kind of
reliability measurement with some kind of node or link identifier (for
example, "x percent of packets sent via link y were delivered"). If
there's no Sybil protection then whenever we detect a node or link as
being faulty, the adversary can simply create a new identifier for
that node or link. The adversary can create imaginary networks of
arbitrary size and structure, composed entirely of Sybil identities,
to absorb our measurement resources. It's like playing whack-a-mole
with an infinite number of moles. ;-)

If we consider the most limited form of Sybil protection, where we
know that our immediate neighbours in the network aren't Sybils (for
example, maybe they're people we know in real life) but we don't know
anything about the rest of the network, then we can do a very limited
form of fault detection: we can measure the reliability of each
neighbour, without speculating about what the network beyond that
neighbour looks like, and route around unreliable neighbours.

But that's not as easy as it sounds: if the adversary can distinguish
between different types of packet then she can treat them differently.
For example, if the network uses separate measurement packets and data
packets, the adversary can deliver measurement packets but drop data
packets. If the packets carry source or destination addresses, the
adversary can drop packets with certain sources or destinations while
keeping her overall reliability high. The adversary may be able to
manipulate the reliability measurements without dropping packets, for
example by spoofing addresses or forging measurement packets.

This problem is known as Byzantine robust routing. It was first framed
by Radia Perlman in 1988, and so far nobody's come up with a solution
that doesn't require some kind of limit on the creation of identities.
Many have tried and failed. I was one of them. :-) I don't know enough
about CJDNS to know whether it's solved this problem, but I'll be
pleasantly surprised if it has.


Version: GnuPG v1.4.10 (GNU/Linux)


More information about the liberationtech mailing list