Cardano is secure against Sybil attacks if and only if Whales secure it

To put context around this post one would be served well in reading Stake pools in Cardano by Prof. Aggelos Kiayias 1 & Preventing Sybil attacks by Lars Brünjes, Ph.D. over at IOHK's site first 2.

No constraints are in place concerning stake pool numbers that one can create for Cardano's ecosystem.

This unlimited free nature that Cardano has enabled for pool creation has a limit though, a limit born from the forging identities crowd & not from Cardano, titled Sybil, also know as pseudospoofing.

A Sybil attack happens through the creation of numerous Cardano staking pools, pools created with the goal of, signing the majority of blocks.

This Sybil attack vector is made all the easier to accomplish by Cardano stake pools being capable of operating with little requirements on computer resources.

IOHK Charles Hoskinson states Cardano stake pools, can run on a $67.00 Rock PI computer. We can top that by operating on Triton 3 which provides unified management of containers, lowering that cost by 10x.

In other words, even going the ROCK PI route, it takes only sixty-seven dollars to potentially control thirty-one million one hundred twelve thousand four hundred eighty-five ADA. (variable k set to 1,000)

This Cardano feature, of low, compute power increases the Sybil attack surface, by lowering the costs to direct such an attack, an unintended consequence of being efficient.

Cardano Sybil Defense

In Reward Sharing Schemes for Stake Pools, 4 Cardano lays out how they will thwart Sybil attacks by aligning the 'narrow' interest of Ada holders, concerned with maximizing their rewards by promoting the most Sybil (a0) resistant stake pools first as potential delegation choices.

Recall, that Cardano does not impose limits on stake pool creation, that unlimited pool creation does not mean that all Cardano pools should be allowed as a delegation choice in delegation capable wallets. If Cardano's ecosystem allows low Sybil resistant stake pools to be the logical delegation choice, then Cardano has failed in its charge of Sybil defense.

The most Sybil resistant stake pools are the ones with the most pledged Ada to their pool when comparing like cost and pool fee pools. In other words, when a pool advertises they only charge a 1% pool fee, that low 1% fee does not mean what it appears to mean because pool rewards are not only defined by pool fee (profit margin) & cost but substantially by the pool operator and or owners pledge to their pool!

Aside, it is sad to see Cardano stake pool operators & or owners advertising their profit margin, steering Ada holders to focus on a metric that does not alone define rewards, they are mudding the water that should remain clear to all.

Understandably this appears at odds with Cardano's policy of allowing anyone to create stake pools. If the only delegation choices are large pledge pools, operated by Ada whales, then how can small Ada holders compete in such a deep sea?

In any case, it is important to keep in mind that the introduction of a0 does not prevent ‘small’ stakeholders from running successful pools because somebody with a great idea can always reach out to the community, convince others and invite them to work together and pool resources to pledge to the pool. In the end, running a solid, reliable pool and working closely with the community will be more important than just owning a lot of stake. 2

Pledge allows small Ada confederation of holders to get together and create a competitive pool, thus making it Sybil resistant and rivals the large whale pools at the same time.

Cardano Sybil Defense Failure

If Cardano's ecosystem allows low Sybil resistant stake pools to be the logical delegation choice, then Cardano has failed in its charge of Sybil defense.

That's an echo from the first paragraph of this section because it is extremely important that large and small Ada holders secure Cardano through pledging.

If not, then:

This would be disastrous because the security of a proof-of-stake system like Cardano relies on the idea that people with a lot of influence over the system should hold a lot of stake and therefore have every reason to help the system run smoothly. 2

When Cardano delegation capable wallets display the delegation choices to Ada holders those staking pools that will reach saturation first must be the ones backed by blue whales or confederation of smaller whales.

We're watching you, Sybil

One of the tasks that we have taken on for a client is quantifying this pledge metric when Cardano Shelley launches. By recording every stake pools pledge amount and then monitoring its delegation participation on the blockchain, one can gain insight into Cardano's Sybil defense & participation rate across a broad spectrum of asset holders.

That client is going to use pledge & saturation metric, and more, to advise others on Cardano's claims of being a secure proof-of-stake cryptocurrency.

If Cardano advertises low Sybil resistance stake pools high in its delegation center, then Cardano fails.

The non-myopic stake pool delegation choices that will be displayed to Ada holders matters, a lot, we are not the only ones monitoring this metric.

Cardano is secure against Sybil attacks ⇔ whales pledge deep and secures it.

No Sybil potential low pledge pool should make its way into Cardano's delegation center, or at the very least should be so low down the picks that no one will delegate to them.

Hopefully, Cardano got it right, by aligning the 'narrow' interest of Ada holders, delegating to the most profitable pools, will enable a Sybil defense & demonstrate the strength of the community at large.

If this does not happen, then Cardano will be a spectacular failure, because if the whale community, the ones with the most to lose, will not step up and secure Cardano by pledging, making secure and desirable pools accessible to all, Cardano's dead in the water.

We have been trying to get clarification from IOHK on which pools will get displayed in the delegation center, all, even potential Sybil pools, negative desirability influence or not? As of June 17th, 2019 we have not received an answer, last year we did.

As mentioned we have been tasked with measuring pledge and thus Sybil & participation strength of Cardano. Even before this, we have been considering the impact a lack of whales, large asset holders, will have on the market if they do not show up and pledge their stakes to support Cardano's network.

All of this is probably a non-issue as one can run wallet size on Cardano as it is now and find that the average of the top 1,000 wallets is over 3,000,000 ADA.

That Pledged to Pool % of Capacity is easily 9% at 1,000 stake pools.

In the above image the desirability influence is positive, 123.57 which aligns with Cardano specifications:

Section 2.2.1 Sybil Attack Protection at Stake Pool Level Stake pool owners are expected to pledge an amount of stake to their pools that has an influence on the rewards for their stake pool, and consequently on the position of the stake pool in the listing displayed to stakeholders (Section 4.1, Section 4.3, Section 5.3).

Our clarification point question revolves around Section 2.2.1, influence must be a positive number or not?

Last year it was confirmed that desirability had to be positive overall. But since the final specifications, we have not received a confirmation on that point.

When we have definitive clarification, we will update this post. Until then we will operate under no Sybil pools will be shown as possible delegation candidates in Cardano's delegation center. Desirability influence must be a positive one, and of course, the whales better pledge deep.

This view, of course, does not make it so, it seems that all stake pools can make it into the delegation center, this reality makes it all the more important to select the pools with the highest reward. These pools will be the pools that secure Cardano.

Oh, and on the slide calculator images above, it is not an official Cardano stake pool desirability calculator, IOHK has not released an official calculator which is absurd, IOHO. Still, the calculator above has its merits as it enables stake pool operators to think non-myopically.

A Cardano stake pool slide calculator where these numbers came from is available on GitLab.*

  1. Stake pools in Cardano by Prof. Aggelos Kiayias ↩︎

  2. Preventing Sybil attacks by Lars Brünjes, Ph.D. ↩︎ ↩︎ ↩︎

  3. Triton by Joyent. ↩︎

  4. Reward Sharing Schemes for Stake Pools a PDF file, by Lars Brünjes, Aggelos Kiayias, Elias Koutsoupias and Aikaterini-Panagiota Stouka. ↩︎

© 2019 Adaizen, LLC — Keep Cardano Roaming Free
Remember, we're not only engineers, but we're also Cardano owners. ♥