edicted Blog Banner

edicted

Defeating the Sybil Attack

image.png

So I've been thinking more on how WEB3 games should be created and what kind of templates we should be using... and honestly it's going to be a tough nut to crack. We've been unknowingly taking so many shortcuts with the centralized client/server model that even rewiring our thought patterns to address the problem becomes difficult. It's going to take quite some time before this ice gets broken.

For example how does one stop cheating in a first-person-shooter? When someone uses an aimbot, their client is tricking the server into believing that every shot fired is an automatic headshot. It's up to the server to run countermeasures to stop this from happening. Other cheats that are more difficult to detect would be maphacks or the ability to see through walls. Again, it is expected that the centralized agent will come up with a solution to these problems... but what happens when this mythical centralized agent doesn't exist within a decentralized ecosystem? What then? The entire game changes.

SOJ-stone-of-jordan.jpg

Who remembers SOJ?

Stones of Jordan are a ring from Diablo 2 which became one of the most coveted items in the game. At one point they essentially became a fungible currency used to trade value among players. This is quite possibly the first significant example of an "NFT" that became a fungible currency within a community. Funny considering SOJs are a super rare "unique" item. How did so many exist that they were used to transfer raw value between players?

Farming SOJ the legit way.

Just like every other RPG out there: gold is largely worthless. It's kind of pathetic actually, and crypto needs to find a way to make in-game gold valuable where all else have failed. In any case in D2 you could 'gamble' your gold away in exchange for a random item. In some cases that item would roll into a unique, and in some cases that unique would be a stone of jordan.

D2 programming prevented the same "unique" item dropping for a player that already had one. So what people did was transfer all their gold to an alt that didn't have an SOJ. Then they'd make sure that alt also had all the other unique rings (that were crap and nobody wanted). After this was accomplished, anytime a gambled ring rolled unique it was guaranteed to be an SOJ because all the other uniques were already in the player inventory. When an SOJ was found it was transferred to another account so they could continue finding more. Gamers doing gamer things.

Duping

One of the most classic hacks when dealing with RPGs and a client/server model was the classic duplication hack. Many of these hacks were discovered completely by accident. Somehow this problem just keeps popping up again over and over again across all kinds of games. Minecraft comes to mind.

At one point something about the minecart moving on top of a rail in combination with a coral fan broke the game and made it think the TNT was in 2 places at once.

Essentially something happens on the client side that makes the server think that a single item is in two places at once. The game believes that both of these items are separate entities rather than the same one, and thus the dupe is born. It's actually quite incredible how often this problem pops up, and I'm happy to report that this will almost certainly not be a problem in crypto.

Imagine is duping was a problem with crypto.

We have a name for that: it's called a double-spend attack. The issue has been solved a thousand times over as it is regarded as one of the main threat vectors of any currency (including fiat). We call it counterfeiting, and crypto does an amazing job at eliminating the threat. In fact crypto eliminates the counterfeiting threat vector better than any other asset known to humanity. An impressive feat to be sure.


cz-binance-kyc-sybil-4-cftc-sued.png

Even if dupe hacks do become a problem with WEB3 the problem will be identified and fixed instantly simply due to the incentives in play. In WEB3, the entire community can see everything. Anyone can run a node and see everything that happens in the game. Even if someone was able to dupe a highly valuable item in game it would be detected immediately... by everyone.

Compare that to a centralized company with employees who are all working on different tasks. The company has way less incentive to fix the problem in a timely manner. After all... the cat is already out of the bag. They'd already sold the game. They already have the money. In WEB3 everything changes because the in-game assets ARE money and if one bad actor is allowed to exploit them: the entire community loses. The incentives in play are completely different and heavily imply that cheaters will be dealt with swiftly and harshly. After all... they're stealing from everyone.

ban hammer.jpg

The Ban Hammer

And this is the tricky bit in WEB3. How is punishment issued? We already know how WEB2 does it and we know that this path is unavailable to us. A centralized service provided by an incorporated entity gets the final say on everything. Whatever they decide goes. That doesn't work in WEB3. At all.

Many gamers will cry and make the claim that the game should just be good enough so that no one ever gets banned in the first place. This is especially true within the context of permissionless and open crypto networks. Yeah well, welcome to the real world kid... I look forward to playing that magical game that you never build.

I've even gone so far as to claim that many WEB3 games will be exclusive invite-only clubs. The easiest way to stop cheaters from ruining the game is to not allow them to play in the first place. Again, this seems wholly counterintuitive when building open-source products on a game-theory level, but once we see how these games will actually work it makes perfect sense.


image.png

If we take a look at something like World of Warcraft we can see that there are literally hundreds of servers to choose from. Each one of these servers is unique and completely disconnected from the others; running their own instance of the game. The things that happen on one server do not happen on the other. Different players. Different ratios. Different items on the auction house. Different economy. Different everything. The only thing that's the same is the original underlying code that all players are governed by. But once actual players join the server and start playing the game the economy is completely unique across the board.

Used to be that players were not allowed to switch servers. You pick your server and that's that... you're stuck there unless you make a character on another server. Then certain servers became too big and overpopulated. My first server Ner'zhul was one one such server. A one time deal was offered to anyone that wanted to transfer to a low population server. My guild did it (we shouldn't have because Ner'zhul was pretty awesome after all those people transferred away like we did). Later it was allowed to transfer servers whenever players wanted (for a steep price and with economic conditions imposed).

CEASE AND DESIST!

The point being is that we need to ask ourselves what this looks like within a WEB3 environment. As the owner of the IP, Blizzard Entertainment has zero incentive to allow other entities to run their own node. They will go so far as to sick their lawyers on those entities and legally force them to shutdown. A corporation has no incentive to allow anyone else to profit off their IP. That is clearly not within their bests interests, nor does it align with obvious business strategies.

In a WEB3 environment all of that changes.

In all likelihood a WEB3 game that had hundreds of duplicate servers running at once would often be owned an operated by different entities. So while players have hundreds of choices about where they want to play and the system in open-source and borderless... that doesn't change that fact that the owner of a particular server can create any rules that they want to.

If the MMO game and server are balanced around having 1000-2000 players... that's not a lot of players. World of Warcraft in total has millions of players, with each server only hosting thousands. It's expected that it's Blizzard's job to prevent Sybil attack. Without a centralized agent available to play arbiter, that leaves the node-runners themselves to ensure that the game won't be hacked by exploiters. The concept that some of these servers would be private or invite-only is not far-fetched, despite what we already know about permissionless decentralized ecosystems.

Illustration-of-Sybil-attack.jpg

What even is a Sybil attack?

At the core it is simply when one person pretends to be more than one.

  1. One person plays multiple accounts or multi-boxes.
  2. One person runs a bot that plays for them.

This is the ultimate problem to solve within any kind of game economy. And the solutions we've been able to come up with are actually quite bad. Not only that, but many of them only apply to centralized WEB2 models.

So how do we stop the cheaters?

The first step is to create a game in which it is more advantageous to continue playing on one account rather than creating multiple. However, this is quite difficult to accomplish as getting the balance right is not a trivial matter. If the most hardcore players are scooping 99% of the rewards because the incentives give singular accounts more resources... that's even worse than a Sybil attack. At the end of the day distributing resources in a fair way is no easy task, even in something as mundane as a video game.

Even if we were to create the perfect mechanics to ensure that multi-accounting was discouraged while also not creating runaway inflation from legitimate hardcore players... we'd still be left with a bot problem. If the game is playable by bots it doesn't matter how inefficient it is to multi-box... because bots can be cloned indefinitely. Time is the ultimate resource in a game in which resources can be farmed. Bots completely eliminate this constraint and ruin the economy for everyone while syphoning value to the attacker.

bot.png

I'd like to say we should just design games that can't be played by a bot, but even before the advent of AI bots were running around deep learning themselves into grandmasters. Considering the financial incentive to play WEB3 games it's safe to assume that preventing bots from playing the game simply due to difficulty and mechanics is pretty much impossible.

Luckily if the game is high-stakes enough and requires the player to take significant risk this would eliminate the ability for all but the best bots to operate profitably. Combined with the ability for the entire community to monitor the economy and prevent cheating in real-time (something that corporations could never hope to achieve) it's possible that such a Sybil attack could be mitigated. This is especially true if the server in question is invite only and requires a certain level of reputation to engage with the WEB3 economics.

Reputation.

It seems as though most WEB3 developers out there still seem to think that they need to compete with WEB2 on an even playing field. Unfortunately, this is not how it works. Offering free service to users is WEB2. We tried that. It's over.

There's a very good reason why WEB2 corporate entities do not build exclusive products with an invite list. That runs completely contrary to their entire business model. They need as many users as they can possibly get to turn a profit. Devs in WEB3 are still stuck in the same mindset, thinking they need to scoop as many users as possible to turn a profit.

However if we actually think about it rationally... that's not a great strategy with WEB3. There's no way WEB3 can scale in such a way. We are copying and recopying the same data over and over again across dozens if not hundreds of servers. Getting a ton of users that are all worth a little bit is NEVER going to work. Again, that's WEB2. WEB3 needs a smaller number of high-value users to work and scale up in a reasonable way. These two systems are completely different, but most devs keep conflating the business models as if WEB3 needs to be as close to WEB2 as possible. It's not going to work.

blog-buzzrecruiter-brand-reputation-860x651.png

If I created a game and launched it... it would not be hard to simply make it invite-only. I can find 100 people I can reasonably trust to test the game out. After that, I could create a voting system that allowed the group to invite more accounts instead of letting it be open for anyone to try. A 51% attack in this case would be if so many bad-actors got invited that they were able to keep inviting more bad-actors and take over the system. Of course it probably wouldn't go down that way considering everyone would be able to see what was happening and take action against it. Hell that's exactly how the inception of Hive happened in the first place.

Given any kind of reasonable success, I would then just open-source the code and allow anyone to boot up their own server. They could then set permissions however they liked. Someone (maybe even myself) would test a server with no permissions that anyone could join. That would be a great control-group to note the differences in economics. Would that be a better model? At this point I highly doubt it, but it certainly would be good simply for exposure to the outside world and testing.

Conclusion

The idea of creating exclusive clubs based on reputation simply to play a video game is a totally foreign one, but I think the idea has merit. After all, a single node for any MMO can only host thousands of players. It would not be difficult to fill up a server with reasonably trustworthy actors using an invite-only technique, especially if those votes are stake-weighted and distributed to the community based on how much that player has to lose if they invite bad-actors.

It's also possible to eliminate the economic side of the equation completely in terms of gaining an in-game edge. Which again is a completely foreign concept to WEB3 devs as a whole. If the entire economy is relegated to cosmetics only (skins) then this also completely eliminates the economic incentive for a Sybil attack. Unfortunately that's not really an option in a WEB3 RPG-type game, and only works for other genres like FPS, RTS, or other competitive strategy games that end and reset all progress made during the next game.

Sybil attack is the most significant attack vector, not only just for crypto, but also for legacy economics. The entire point of KYC is to mitigate some type of Sybil attack and keeping citizens honest. How will WEB3 rectify this lack of intrinsic KYC and reputation based data collection? It won't be easy but we're figuring it out. Slowly.


Return from Defeating the Sybil Attack to edicted's Web3 Blog

Defeating the Sybil Attack was published on and last updated on 09 Jul 2023.