Resource Burning for Permissionless Systems

Proof-of-work puzzles and CAPTCHAS consume enormous amounts of energy and time. These techniques are examples of resource burning: verifiable consumption of resources solely to convey information. Can these costs be eliminated? It seems unlikely since resource burning shares similarities with "money burning" and "costly signaling", which are foundational to game theory, biology, and economics. Can these costs be reduced? Yes, research shows we can significantly lower the asymptotic costs of resource burning in many different settings. In this paper, we survey the literature on resource burning; take positions based on predictions of how the tool is likely to evolve; and propose several open problems targeted at the theoretical distributed-computing research community.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

11/20/2017

Mobile Edge Computation Offloading Using Game Theory and Reinforcement Learning

Due to the ever-increasing popularity of resource-hungry and delay-const...
12/31/2020

Open Korean Corpora: A Practical Report

Korean is often referred to as a low-resource language in the research c...
01/19/2021

On the Decidability of Behavioral Equivalences for (P,P)-PRS

We study resource similarity and resource bisimilarity – congruent restr...
03/27/2013

Computationally-Optimal Real-Resource Strategies

This paper focuses on managing the cost of deliberation before action. I...
12/30/2021

Resource-Efficient Deep Learning: A Survey on Model-, Arithmetic-, and Implementation-Level Techniques

Deep learning is pervasive in our daily life, including self-driving car...
11/10/2018

A new resource measure with respect to resource destroying maps

We formulated a family of new resource measure if the resource can be ch...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

In 1993, Dwork and Naor proposed using computational puzzles to combat spam email [43]. In the ensuing three decades, resource burning—verifiable consumption of resources—has become a well-established tool in distributed security. The resource consumed has broadened to include not just computational power, but also communication capacity, computer memory, and human effort.

The rise of permissionless systems has coincided with the recent increase in popularity of resource burning. In permissionless systems, any participant—represented by a virtual identifier (ID) in the system—is free to join and depart without scrutiny, while enjoying a high degree of anonymity. For example, an ID might be an IP address, a digital wallet, or a username.

In this setting, security challenges arise from the inability to link an ID to the corresponding user. A single malicious user may create a large number of accounts on a social media platform to wield greater influence; or present itself as multiple clients to disproportionately consume resources provided by the system; or inject many IDs in a peer-to-peer network to gain control over routing and content. This malicious behavior is referred to as the Sybil attack, originally described by Douceur [41].

Such attacks are possible because users are not “ID-bounded” in a permissionless system; that is, there is no cost, and therefore no limit, to the number of IDs that the attacker (adversary) can generate. However, the adversary is often “resource-bounded”, even if this bound is unknown. In particular, it may be constrained, for example, in the number of machines it controls, or total channel capacity to which it has access. Resource burning leverages this constraint, forcing IDs to prove their distinct provenance by producing work that no single attacker can perform.

Paper Overview. Resource burning is a critical tool for defending permissionless systems. In support of this claim, we survey an assortment of topics: distributed ledgers, application-layer distributed denial-of-service (DDoS) attacks, review spam, and secure distributed hash tables (DHTs). Using these examples, we highlight how results in these different areas have converged upon resource burning as a critical ingredient for achieving security; this is summarized in Table 1.

Domain Primary Resource Consumed Mechanism Enabled Functionality Conjectured Cost
Blockchains CPU CPU Puzzles Distributed Ledger
DHTs CPU CPU Puzzles Decentralized storage and search
DDoS Attacks Bandwidth / CPU Messages / CPU Puzzles Fair allocation of server resources No Conjecture
Review Spam Human Time CAPTCHAS Trusted consumer recommendations
Table 1: Summary of the domains surveyed, along with the corresponding resources, and core functionality that is secured by resource burning. We also make conjectures on the algorithmic spend rate. Here, is the adversary’s spend rate; is the join rate for good IDs; and is the posting rate of good IDs. We elaborate on these notions in Section 2.5. The notation omits polylogarithmic factors.

As prelude to this survey, we predict how resource-burning may evolve, and how systems may adapt to this technique. These predictions are distilled in four position statements below.

[standard jigsaw, opacityback=0,width=0.85] Position 1: Resource burning is a fundamental tool for defending permissionless systems.

PoW and CAPTCHAs have been around now for decades, persisting despite concerns over scalability, resource consumption, security guarantees, and predicted obsolescence (see discussion under Position 2 and Section 3). The continued practical success of resource burning aligns with theoretical justification from game-theoretic results on “money-burning” and “costly signaling”(Section 2.1). Given the increasing popularity of permissionless systems, and the need to defend them, resource burning will likely only increase in prevalence.

[standard jigsaw, opacityback=0,width=0.8] Position 2: Resource burning must be optimized.

In May 2020, the annual energy consumption of Bitcoin was terawatt-hours of electricity per year, which is comparable to the annual electricity consumption of Bangladesh; Ethereum was terawatt-hours, comparable to that of Angola [39]

. In 2012, humans spent an estimated

hours per day solving CAPTCHAS [114, 137]. The rise of permissionless systems will likely only increase these rates of resource burning.

On the positive side, recent theoretical results suggest that resource burning can be analyzed and optimized just like any other computational resource [61, 59]. But there is significant work needed to: (1) develop a theory of resource burning focused on distributed security; and to (2) translate this theory into practical resource savings.

In this paper, we discuss current theoretical work on reducing resource-burning rates across multiple application: blockchains (Section 3); DHTs (Section 4); application-layer DDoS attacks (Section 5); and review spam (Section 6).

[standard jigsaw, opacityback=0,width=0.8] Position 3: Reducing from permissionless to permissioned systems is important.

Four decades of research have resulted in efficient and reliable algorithms for permissioned networks. We should leverage these results when addressing problems in new permissionless systems. One way to do this is to develop tools, based on resource burning, that bound the fraction of IDs controlled by the adversary (bad IDs) in permissionless systems. In Sections 3, we discuss results on the problem GenID, which provides this bound for static, permissionless networks; and DefID which does so for permissionless networks with churn.

In Sections 5 and 6, we discuss the threats posed by application-layer denial-of-service (DDoS) attacks and review spam. Neither problem aligns perfectly with a permissionless model. For example, servers are under administrative control, and online review systems often require credentials for account creation. However, these systems still remain vulnerable to malicious participants that are difficult to identify, and who monopolize system resources. We define a hybrid system model as one that contains both permissioned and permissionless properties. We note that any tools designed for permissionless systems will also work for hybrid systems. However, we would expect to be able to develop more efficient techniques to adapt tools from permissioned systems to these hybrid systems.

[standard jigsaw, opacityback=0,width=0.8] Position 4: Theoretical guarantees should hold independently of the resource burned. Research should focus on both domain-specific and domain-generic problems.

As theoreticians, we should generalize as much as possible. Algorithms that use resource burning should require a certain “cost” that specifies the amount of the resource to be consumed, but should allow for that resource to be anything: computation, computer memory, bandwidth, human effort, or some other resource yet to be defined. As much as possible, theoretical results should be stated in terms of this cost, irrespective of the resource consumed. This ensures our theoretical results will continue to be relevant, even as underlying technologies providing verifiable resource burning may change.

Additionally, a key research focus should be on problems that generalize across multiple domains. In this paper, we describe two examples: GenID and DefID (Section 3.1). Our remaining three examples are domain-specific. We believe it is important to work on both types of problems.

2 Background and Preliminaries

Resource burning has found application in various areas of computer security; indeed, its use was proposed by Douceur [41] as a defense against the Sybil attack [106, 100, 75, 40]. However, resource burning has a broader history, with similar ideas appearing in several other scientific domains.

In Section 2.1, we present this background. In Sections 2.22.3, and 2.4, we elaborate on the notion of resource burning. Finally, in Section 2.5, we describe a general problem model that provides a unifying set of assumptions and terminology used throughout this document.

2.1 Game Theory, Biology and Economics

Resource burning is analogous to what is referred to as money burning in the game theory literature. To the best of our knowledge, the first significant algorithmic game theory study of money burning, due to Hartline and Roughgarden, analyzed the use of money burning in mechanism design [61]. Their main result is a near-optimal mechanism for multi-unit auctions, where the quantity optimized is social welfare or the sum of utilities of all players. They also give results showing that, under certain conditions, an auction utilizing money burning can obtain a fraction of the optimal social welfare, where the auction consists of bidders who are bidding for units. They conclude that “the cost of implementing money-burning … is relatively modest, provided an optimal money-burning mechanism is used”.

Money burning is also known as costly signaling in the game theory literature, and it has two main uses in this context. First, it can signal commitment to a certain action, as is illustrated in the “lunch” game111This is equivalent to what is referred to as the “battle of the sexes” game in [29] [68, 29]. Second, it can signal the “type” of a player, as is in the“college” game [29]. We present these two games below.

Lunch Game. Two friends want to eat lunch together, but the first friend prefers option A and the second prefers option B. They each obtain payoff of if they choose different locations. If they both pick option A, they obtain payoffs of and respectively. Conversely, if they both pick option B, they obtain payoffs of and .

Now, if the first friend verifiably burns money equal to unit of utility prior to playing the game, this signals a commitment to their preferred option, since if they were to choose the unpreferable option, their utility would now be at most . Thus, they would not have played the game. In this way, a friend who burns money can expect higher utility.

College Game. Each student is one of two types: smart or daft. Each student is considering college and can choose either the action attend or not attend. A smart student pays a cost of (in terms of time and effort) to attend college, and a daft student pays a cost of to attend college. We assume that the decision of the student to attend college is publicly known, but that otherwise, college has no impact: daft students stay daft even after attending.222On the positive side, smart students stay smart!

An employer wants to hire smart students. If the employer hires a smart student, their benefit is , and if they hire a daft student, their cost is . If a student is hired by the employer, they have a benefit of , and if they are not hired, they have a benefit of .

It is easy to verify that the following is a Nash equilibrium for this game:

  • Smart students attend college.

  • Daft students do not attend college.

  • The employer hires only students that attend college.

Here, smart students all choose to attend, even though college has no intrinsic benefit. Thus, the choice to attend college is a costly signal made by the smart students, and college itself is an example of resource burning.

If the option to attend college were removed from the game, and the fraction of smart students were less than , then a Nash equilibrium would be for the employer to never hire. In this case, the overall social welfare—the sum of expected benefits to all players—would decrease.

Biology. Costly signaling is a well-known phenomena in biology. A relevant example from animal behavior is stotting, in which quadrupeds, such as deer and gazelles, repeatedly jump high into the air. This is often done in view of a predator, suggesting that stotting is a costly signal to the predator that the prey is too healthy to catch [49]. Other examples occur in sexual-selection, where the use of plumage, large antlers, and loud cries are a costly signal of fitness [156].

Economics. In 1912, the economist Thostein Veblen coined the term “conspicuous consumption” to describe costly signaling used by people to advertise both wealth and leisure. For example, Veblen writes, “The walking stick serves the purpose of an advertisement that the bearer’s hands are employed otherwise than in useful effort, and it therefore has utility as an evidence of leisure” [134]. Decades of economic studies suggest that conspicuous consumption is a critical part of historical and modern economies [98, 113, 118, 121, 131]. For example, Sundie et al write: “Although showy spending is often perceived as wasteful, frivolous, and even narcissistic, an evolutionary perspective suggests that blatant displays of resources may serve an important function, namely, as a communication strategy designed to gain reproductive reward”[131].

2.2 What is Resource Burning?

We define resource burning as the verifiable consumption of a resource. In particular, it is computationally easy to verify both the consumption of the resource, and also the ID that consumed the resource [6]. Below we describe several resource-burning techniques.

Proof-of-work (PoW). PoW is arguably the current, best-known example of resource burning. Here, the resource is computational power. Proof-of-work has been proposed for spam-prevention [43, 90, 85]; blockchains [103]; and defense against Sybil attacks [88, 10].

CAPTCHAs. A completely automated public Turing test to tell computers and humans apart, or a CAPTCHA, is a resource-burning tool where the resource is human effort [148]. CAPTCHAs may be based around text, images, or audio; however, several design and usability issues exist [147].

Proof-of-Space. Proof-of-space requires a prover to demonstrate utilization of a certain amount of storage space [44, 13, 1, 42]. This approach is foundational for Spacemint cryptocurrency [111]. Like PoW, proof of space demonstrates the consumption of a certain amount of a physical resource, but can require less electrical power. A related proposal is “Proof of Space-Time” [102], which demands proof of consumption of a certain amount of storage space for a certain amount of time.

Resource Testing. Resource testing requires a prover to demonstrate utilization of a radio channel [56, 55, 101].333Resource burning refers to the game-theoretic money burning technique; resource testing refers to that technique specifically applied in the wireless domain.

Consider a wireless setting where each device has a single radio that provides access to one of several channels. Thus, an adversary representing two bad IDs, but with a single device, can only listen to one channel at a time. A base station can assign each ID to separate channels; send a random message on one of these channels chosen randomly; and demand that the message be echoed back by the corresponding ID. Since the adversary can only listen to a one channel at a time, it will fail this test with probability at least

.

2.3 What is not Resource Burning

Proof-of-Stake (PoS) is a defense for permissionless systems, wherein security relies on the adversary holding a minority stake in an abstract finite resource [2]. It has been proposed primarily for cryptocurrency systems (Section 3). When making a group decision, PoS ensures that each ID has voting weight proportional to the amount of cryptocurrency that ID holds. Well-known examples of such systems are ALGORAND [54], which employs PoS to form a committee, and Ouroboros [83], which elects leaders with probability proportional to their stake. Hybrid approaches using both PoW and PoS exist, including one proposed for the Ethereum system [8], and under the name “Proof of Activity” [27]. In contrast to the above examples, PoS involves a measurement, rather than a consumption of, a resource.

Disadvantages of Proof-of-Stake. Unfortunately, PoS can only be used in systems where the “stake” of each ID is globally known. Thus, it seems likely to remain relevant primarily in the domain of cryptocurrencies. Moreover, even within that community, there are concerns about proof-of-stake. To quote researcher Dahlia Malkhi: “I think proof-of-stake is fundamentally vulnerable …In my opinion, it’s giving power to people who have lots of money” [35].

2.4 Resource Burning Does Not Require Waste of the Resource

While resource burning requires verifiable consumption of a resource, it does not necessarily require waste of that resource. For example, Von Ahn et al. [137] developed the reCAPTCHA system which channeled human effort from solving CAPTCHAs into the problem of deciphering scanned words that could not be recognized by computer. Their system achieved an accuracy exceeding professional human transcribers, and was responsible for sucesssfully transcribing hundreds of millions of words from public domain books.

In 2018, Ball et al. developed proof-of-work puzzles whose hardness is based on worst-case assumptions [25]

. These puzzles are based on the Orthogonal Vectors, 3SUM, and All-Pairs Shortest Path problems, and any problem that reduces to these problems, including deciding any graph property statable in first-order logic. Hence, their work enables design of PoW puzzles that can be useful for solving computational problems of practical importance.

In [126], Shoker developed proof-of-work puzzles that solve real-world matrix-based scientific computation problems. He named this technique “Proof of Exercise”.

All algorithms discussed in this paper are compatible with this type of “useful” resource burning, where the consumption of the resource solves practical problems. Our only requirement of the resource burning mechanism is that the consumption of the resource be easily verifiable, which holds true for the above results.

2.5 A General Model

We discuss broad aspects of a general model for permissionless systems. This allows us to highlight commonalities between different application domains, while retaining the same terminology throughout.

The system consists of virtual identifiers (IDs). An ID is good if it obeys protocol and belongs to a unique user; otherwise, the ID is bad. Good and bad IDs cannot necessarily be distinguished a priori.

Communication. Communication is synchronous and occurs either via point-to-point or via a broadcast primitive. The former is typical for peer-to-peer systems and the general client-server setting. The latter corresponds to permissionless blockchains, where it is a standard assumption that a good ID may send a value to all other good IDs within a known and bounded amount of time, despite an adversary; for examples, see [52, 30, 54, 92] and see [97] for empirical justification.

Adversary. A single adversary controls all bad IDs; this pessimistically represents perfect collusion and coordination by malicious users. Bad IDs may arbitrarily deviate from our protocol, including sending incorrect or spurious messages. The adversary can send messages to any ID at will, and can view any communications sent by good IDs before sending its own. It knows when good IDs join and depart, but it does not know in advance the private random bits generated by any good ID.

Often, the adversary is assumed to control only an -fraction of the network resources, for . Generally, in settings where correctness is threatened, must be a small constant; for example, often bounded below or . Alternatively, there are settings where can be any constant bounded away from ; typically, this corresponds to problems of performance (rather than correctness).

Tunable Costs. We measure cost as the amount of resource consumed. Our model is agnostic with respect to the particular resource used. However, we assume that it is possible to arbitrarily tune the cost. In particular, we assume that, for any value , an ID can be issued a challenge of difficulty that will require consumption of units of whatever resource is used.

Resources such as computation, computer memory, and bandwidth have inherently tunable costs. For CAPTCHAs, cost could be adjusted in two possible ways. First, by adjusting the difficulty of the puzzle, by either (1) adjusting the number of alphanumeric digits or the number of images to be classified; or (2) adjusting the difficulty of an individual recognition task as described in the ScatterType CAPTCHA system 

[24]. Second, by adjusting the expected difficulty by adjusting a probability of being required to solve a CAPTCHA.

Joins and Departures. Often, the system is dynamic, with IDs joining or departing over time. There is no a priori method for determining whether a joining ID is good or bad. Joins and departures by bad IDs may be scheduled in a worst-case fashion, and pessimistically we often assume the adversary also has a limited ability to schedule these events for good IDs. We will generally assume a lower bound on the number of IDs in the system, and that the lifetime of the system is polynomial in this lower bound.

Key Notation. Through out this work, let denote the adversarial spending rate, which is the cost to the adversary over the system lifetime divided by the lifetime of the system. Let the algorithmic spending rate, be the cost to all good IDs over the system lifetime divided by the lifetime of the system.

In the blockchain and DHT problems, we let denote the good ID join rate, which is the number of good IDs that join during the system lifetime divided by the lifetime of the system. Finally, for the review spam problem, we let denote the good posting rate, which is the number of posts made by good IDs during the system lifetime divided by lifetime of the system.

2.6 Game Theoretic Analysis

For many of our problems, we can analyze the defense of a system as a two-player zero sum game [45] as follows. There is an adversary that can choose to attack or not, and an algorithm that can choose to defend or not. There is a system invariant, which the algorithm seeks to protect, that has some value . There is a function that gives the cost incurred when the algorithm chooses to defend as follows: if the adversary spends to attack, then the algorithm will spend to defend. Thus the payoff matrix for the algorithm is given below.

Adversary
Attack Attack
                   Algorithm Defend
Defend

Solving this game, we get that in the Nash equilibrium, the algorithm player will defend with probability . Thus, the expected utility of the game to the algorithm player will be . In many of our problems, , and so we obtain a value that is . Smaller optimizes the utility for the adversary, in which case, the expected utility of the algorithm is .

3 Blockchains and Cryptocurrencies

A blockchain is a distributed ledger. In particular, it is a distributed data structure that stores transactions between IDs in a network. Each transaction represents flow of a resource from one ID to another. Every transaction added must be legitimate, in the sense that the source ID owns the resource to be transferred, as indicated by the distributed ledger, at the time of the transaction. Importantly, transactions can only be added to the blockchain, and once added, can never be deleted or edited.

3.1 GenID and DefID

Perhaps the current, most frequently-used application of resource-burning is for blockchains. Permissionless blockchains are vulnerable to Sybil attacks [89]. The next two problems use resource burning to defend against this. Recall that the adversary controls an -fraction of the resource that is being burned.

The GenID Problem. The problem stated below, GenID, was first defined and studied by Aspnes, Jackson, and Krishnamurthy [11]. They proposed a solution with latency of rounds, and bits sent per good ID, at a burned resource cost of per good ID.

[standard jigsaw, opacityback=0]

Open Problem 1.

GenID

Model: Initial set of IDs; of which are good, with the rest are controlled by an adversary.

Goal: All good IDs decide on a set of IDs such that: (1) all good IDs are in ; and (2) at most a fraction of the IDs in are adversarial.

Several other solutions to GenID have been proposed in the literature [10, 67, 4, 81]. Andrychowicz and Dziembowski described an algorithm with a latency of rounds; bits sent per good ID; and a burned resource cost of per good ID [10]. Concurrent to this work, Katz, Miller and Shi [81] proposed another solution with similar costs. Hao et al. [67] improved on these results via using a randomized leader election protocol. Their algorithm has, in expectation, a latency of rounds; bits sent per good ID; and a burned resource cost of per good ID.

The most recent work in this domain is by Aggarwal et al. [4], which requires in expectation: latency; bits sent per good ID; and a burned resource cost of per good ID.

It is still not known if these costs can be reduced for the general problem, or for an “almost-everywhere” versions of the problem, where all but a fraction of the IDs must learn . To the best of our knowledge, there are no current lower-bounds on the problem.

The DefID Problem. The following problem, called DefID, considers the GenID problem in the presence of churn.

[standard jigsaw, opacityback=0]

Open Problem 2.

DefID

Model: Stream of IDs joining and leaving a network.

Goal: At most an -fraction of bad IDs in the network at any time.

A first algorithm to solve DefID was proposed in by Gupta, Saia and Young in [58]. It required algorithmic spend rate of ; recall that is the join rate of good IDs per time step, and is the spend rate of the adversary. Note that this result holds without any additional assumptions. Gupta, Saia and Young further improved this result in [59, 60] to , subject to two assumptions on the join rate of good IDs, which are found to be supported by real-world data[59].

Specifically, the assumptions needed are as follows. Define an epoch to be the length of time it takes for the fraction of good IDs to change by 3/4 fraction. First, the join rate for good IDs changes by at most a multiplicative factor between any two successive epochs. Second, in any epoch the actual join rate for good IDs over any “sufficiently large” period of time is within constant factors of the join rate for good IDs over the entire epoch.

An asymptotically matching lower bound was obtained for a large class of algorithms [59]. An open problem is to generalize this bound to all algorithms.

4 Distributed Hash Tables

Distributed hash tables (DHTs) are a popular P2P distributed data structure [129, 80, 87, 3, 96, 117] with several implementations over the years [141, 128, 46]. Generally, the design entails hashing attributes of a user’s machine to a key value (or ID) in a virtual space; similarly, for data items. The various DHT constructions differ in their overlay topologies, but typically IDs need only maintain state on a small number of neighbors, and routing is possible with a small number of messages, where small means at most logarithmic in the number of IDs in the system.

These systems are vulnerable to attack. A bad ID that participates in routing can drop or corrupt any message it receives. A good ID can be completely isolated from the rest of the network if all of its neighbors are bad; this is often referred to as an eclipse attack [63, 127]. Finally, content can be compromised if bad IDs alone are responsible for storing a particular data item. Generally, the behavior of bad IDs is modeled by Byzantine faults. For almost two decades, there has been a sustained interest in the design of secure DHTs that can tolerate such attacks [135].

Byzantine Fault Tolerance in DHTs. A popular approach to tolerating bad IDs depends makes use of groups: these are small sets of IDs, each of which have a good majority. Intuitively, a group is used in place of an individual peer, and the group members act by using majority action or secure multiparty computation to coordinate actions. For example, routing can be performed robustly via all-to-all communication between each pair of groups along the path from source to destination. Examples of group-based DHT constructions include [48, 22, 21, 23, 122, 151, 105, 72, 125].

As an alternative to using groups, bad IDs may be tolerated by employing some form of redundant routing [78, 104, 82, 32, 65, 74]. Several other results do not explicitly apply to DHTs, although they may be compatible. For example, the challenge of tolerating bad IDs is exacerbated in highly-dynamic P2P systems, and there is a growing body of work in this area [57, 15, 16, 17, 18, 14]. Self-healing networks are another approach for achieving security, where bad IDs are identified and evicted [84, 120, 119].

In all of these works, a critical assumption is that the fraction of bad IDs is a small constant. However, given that DHTs are often permissionless, this assumption is easily violated via a Sybil attack. Thus, while many tools have been developed for securing DHTs against Byzantine faults, additional work is required to limit the fraction of bad IDs in the permissionless setting.

Sybil Resistance. Several approaches have been proposed for mitigating the Sybil attack. The influence of bad IDs can be limited via containment schemes that leverage the network topology in structured overlays [124] and in social networks [152, 154, 99, 143, 153, 7, 86]. However, the information required—particularly social networks—may not always be available.

An alternative defense is to use measurements of communication latency or wireless signal strength to verify the uniqueness of IDs [26, 140, 91, 53, 38]. However, these techniques are sensitive to measurement accuracy.

For DHTs, an early result by Danezis et al. [37]

gives a heuristic to limit the impact of bad IDs using bootstrapping information, but unfortunately provides no formal guarantees. Results that employ resource burning are scarce. The use of computational puzzles in decentralized systems is explored by Borisov 

[31] and Tegeler and Fu [132] as a means for identifying and excluding bad IDs from the system. Computational puzzles are also used by Rowaihy et al. [116] to throttle the rate of bad IDs added to a structured P2P system; however, this does not limit their number. Arguably the best-known result is the SybilControl scheme by Li et al. [88], which provides for a DHT construction that limits the number of bad IDs through the use of computational puzzles. Good IDs periodically challenge their neighbors under the Chord DHT topology [129, 130], and blacklist those who do not respond with a solution in time. Experimental results indicate that this approach, in conjunction with limited data replication, allows for almost all searches to succeed.

4.1 Why DefID is Not Enough

The DefID problem (Section 3.1) captures many of the challenges required for secure DHTs. However, current solutions to DefID depend heavily on a means to coordinate resource burning. The main approach is to use a committee—a small set of IDs with a good majority—which issue resource-burning challenges. To apply results on DefID to DHTs requires decentralizing the functionality provided by the committee.

Additionally, while DefID always guarantees a minority of bad IDs, this is not enough. In particular, to ensure reliable routing and protection from eclipse attacks, group-based approaches demand that all groups have a minority of bad IDs. Fortunately, there are already clever techniques to spread the bad IDs uniformly across the groups. Informally, when a new ID joins a group, some IDs in the group are evicted and resettled in random locations, and their replacements are selected uniformly at random [22, 23, 21, 57].

Unfortunately, performing such shuffling for every joining ID, even when there are no bad IDs in the system, incurs large bandwidth costs. A major open problem is to devise an algorithm that minimizes both bandwidth and resource-burning costs, as a function of adversarial spend rate.

[standard jigsaw, opacityback=0]

Open Problem 3.

A Secure DHT in the Permissionless Setting

Model: The adversary has complete control over the scheduling of joins and departures for bad IDs and limited control for good IDs. There is no explicit assumption that the good IDs are in the majority at all times.

Goal: A DHT that enables secure and efficient routing between any two good IDs in the system.

4.2 The Permissionless DHT Problem

Problem 3 gives our formal problem in this domain. It assumes that the adversary controls an fraction of the burnable resource. We now describe some ideas about how to solve it.

Recall from Section 3.1 that DefID imposes a cost of on the good IDs. Informally, a plausible extension to this result is for each group in the DHT to act as a committee that runs an algorithm to solve DefID. In many group-based constructions, a good ID belongs to a number of groups that is logarithmic in the system size. Consequently, the algorithmic spend rate is likely to increase by a logarithmic factor. This yields our conjectured bound of . Note that this aligns with Position 2 since costs to the good IDs are low when the adversary expends little effort (or does not attack at all), and grows slowly relative to the adversary’s cost when a significant attack occurs. In the absence of a single committee that can track global information (such as the join rate of IDs), setting the hardness of challenges is tricky, and new ideas are needed to obtain the conjectured upper bound.

Finally, while we have focused on DHTs, new defenses for them might generalize to providing security in permissionless settings for other structured P2P systems [51, 71, 62, 12, 20, 158, 47].

5 Application-Layer DDoS Attacks

A denial-of-service (DoS) attack prevents good IDs from accessing resources of a system. A distributed denial-of-service (DDoS) attack occurs when multiple bad IDs carry out a coordinated DoS attack. In an application-layer DDoS attacks, an adversary attacks by issuing many requests for system resources, as opposed to say swamping the network bandwidth. Here, we discuss defenses against application-layer DDoS attacks based on resource burning.

Filtering Methods. Many DDoS defenses rely on techniques for filtering out malicious traffic, including IP profiling [94, 155]; CAPTCHAs [136, 109]; capability-based schemes [9, 149]444Informally, this refers to a scheme where the source makes a “capability” request and, if approved by the receiver, will then obtain prioritized service from those routers along the path between the source and the receiver.

; and anomaly detection 

[70]. An extensive survey of defenses can be found in [157]. Unfortunately, these techniques are imperfect, and an adversary may bypass them by issuing traffic that appears legitimate. This has led to resource-burning defenses against DDoS attacks, which are sometimes referred to in the literature as currency-based or resource-based schemes [139].

Resource-Burning Approaches. A number of proposed defenses require IDs to solve puzzles before their requests for service are honored [76, 19, 112, 77]. A challenging aspect of these proposals is the lack of a theoretically-backed method to tune the puzzle difficulty. To address this issue, Mankins et al. [95] propose a pricing mechanism to set the difficulty based on the service-request type; however, the pricing functions are set by the server a priori, and may fail as the incentives or capabilities of the attacker change over time. A dynamic strategy to determine puzzle difficulty is given by Wang and Reiter [142]. A client requesting service chooses the puzzle difficulty based on the effort it is willing to expend, while the server prioritizes service according to the difficulty of the puzzles solved. However, this approach may starve IDs with limited resources, and requires the server to maintain state on the difficulty of the puzzles solved. Finally, Noureddine et al. [108] employ a game-theoretic model to pre-compute the difficulty of puzzles assuming all IDs (good and bad) are rational.

An alternative resource—communication capacity—is consumed by the speak-up defense of Walfish et al. [138]. During an attack, it is common for bad IDs to bombard the server with requests, using much (or all) of the data rate available to the adversary. Speak-up encourages good IDs to respond in kind by increasing their respective request rates. A front-end server known as a “thinner” randomly drops requests in order to impose a manageable service load. If the aggregate capacity of the good IDs is comparable to that of the bad IDs, then this resource-burning scheme can allow good IDs to obtain a commensurate amount of service.

5.1 The Application-Layer DDoS Problem

There are many similarities between the application-layer DDoS attack and the Sybil attack. The DDoS model is not purely permissionless, since the server is a trusted authority. However, the attacks involve IDs whose distinctness cannot be ascertained, and where an adversary may create many bad IDs to facilitate attacks. In this sense, the DDoS model is a hybrid of permissionless and permissioned systems. Thus, it is not surprising that resource burning would be useful to defend against DDoS attacks.

In this vein, we propose the open problem below.

[standard jigsaw, opacityback=0]

Open Problem 4.

Application-Layer DDoS Attacks

Model: There are good client IDs and a good server. An adversary controls an -fraction of the consumable resource, and can generate any number of bad client IDs. Client IDs can request service from the server at any time. The server must decide which requests to service based on its own limited resources.

Goal: The good clients obtain a fraction of the service provided by the server.

Problem 4 shares much in common with DefID (Section 3.1). Requests from client IDs correspond to join events; satisfying requests corresponds to departures. Here, need not be bounded, since we are not making a correctness guarantee analogous to maintaining a good majority in DefID. Rather, our new requirement concerns performance: good IDs receive a fraction of service. In this sense, Problem 3 seems strictly easier than DefID.

However, a new difficulty is heterogeneity: requests may differ in the amount of effort required to service them. Thus, enforcing a bound on the fraction of bad requests serviced does not ensure that the goal of Problem 4 will be met. In light of this issue, it may be helpful to consider a weighted version of DefID, and whether existing solutions can be extended to this more general setting. While we are optimistic that for large , is possible for Problem 4, a tight upper bound is an interesting direction for future work.

6 Review Spam

Online user-generated reviews play an important role in influencing the purchasing decisions of consumers. These systems are subject to manipulation where an adversary employs multiple accounts to create fake reviews that falsely promote or disparage a product [50]; this malicious behavior is often referred to as review spam, but also goes by other labels such as astroturfing [133] and opinion spam [69].

Review spam threatens online retailers—such as Amazon or Walmart [33, 50]—and merchants who depend on income from online sales. While online review systems typically have some form of admission control, such as requiring credentials for the creation of an account, this can be bypassed. For example, an attacker can hire users that possess a sufficient online presence in order to engage in review spam [36, 66], and social-media credentials can be automatically generated [133]; examples of these attacks are described in [93, 69].

In response to this threat, the research community has proposed various strategies for detecting fraudulent reviews; these employ a range of techniques including machine learning 

[34, 73], anomaly detection [123, 146, 145], linguistic evaluation [79, 115], graph analysis [66, 28, 5], and many others. A comprehensive overview of these techniques is given in [150, 144, 64].

Progress in this area offers the ability to classify a review as either spam or legitimate, with some small error probability; for example, the work in [110] achieve an accuracy of almost . This classification functionality is a promising ingredient for designing more general tools for mitigating review spam.

6.1 The Review Spam Problem

The problem of review spam largely aligns with our general model in Section 2.5. While online systems often require some credentials for creating an account, this admission control can be circumvented, and the system is effectively permissionless. However, the review spam model has some novel features. IDs join the system, but they may never formally depart. Even IDs that are regularly in use may have periods where the corresponding user is offline. Thus, any attempt to simultaneously challenge all IDs, in order to reveal some as bad, will fail.

On the positive side, as noted above, machine learning can now help. In particular, we may assume a classifier that correctly classifies reviews as spam or not with some fixed probability of error. Over a sufficiently large number of reviews, this classifier can be used to obtain a good approximation of the current fraction of spam reviews, and this information can be used to set the amount of resource burning required to post a review. Our conjecture of in Table 1 follows from a preliminary analysis that leverages a classifier in this way. Informally, we increase the cost for posting a review when a significant attack is ongoing—that is, many reviews are diagnosed as spam by the classifier. Otherwise, we reset the cost to the lowest level.

We formalize the challenge of review spam as Problem 5.

[standard jigsaw, opacityback=0]

Open Problem 5.

Review Spam

Model: IDs post reviews online. A classifier labels each post as legitimate or as spam, with some fixed error probability. Each spam post has unit cost, reflecting its negative impact on system usability. The algorithm can also set an arbitrary resource-burning cost for each new post, based on the classification of past posts.

Goal: Minimize costs due to spam posts plus resource-burning costs incurred from legitimate posts.

7 Conclusion

In this paper, we surveyed the literature on resource burning and established it as critical a tool for securing permissionless systems. We described results from four domains: blockchains, DHTs, application-layer distributed DDoS attacks, and review spam. We noted shared security vulnerabilities in both permissionless and hybrid systems, and how resource burning is well-suited for addressing common threats.

We observed that resource burning costs are prohibitively high for most current systems. Thus, a high-priority area for theoretical research is the design of resource-burning defenses that reduce these costs. In particular, whenever possible, good IDs should spend at a rate which is asymptotically less than the adversary when the system is under attack. To encourage research efforts, we defined several open problems, along with conjectured upper bounds for these problems.

Acknowledgements. We are grateful to the organizers of SIROCCO 2020 for inviting this paper, and we thank Valerie King for helpful feedback on our manuscript.

References

  • [1] Abadi, M., Burrows, M., Manasse, M., and Wobber, T. Moderately hard, memory-bound functions. ACM Transactions on Internet Technology (TOIT) 5, 2 (2005), 299–327.
  • [2] Abraham, I., and Malkhi, D. The Blockchain Consensus Layer and BFT. Bulletin of the EATCS: Distributed Computing Column (2017).
  • [3] Abraham, I., Malkhi, D., and Dobzinski, O. Land: stretch locality-aware networks for DHTs. In Proceedings of the Annual ACM-SIAM Symposium on Discrete algorithms (SODA) (2004), pp. 550 – 559.
  • [4] Aggarwal, A., Movahedi, M., Saia, J., and Zamani, M. Bootstrapping public blockchains without a trusted setup. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing (2019), ACM, pp. 366–368.
  • [5] Akoglu, L., Chandy, R., and Faloutsos, C. Opinion fraud detection in online reviews by network effects. In Seventh international AAAI conference on weblogs and social media (2013).
  • [6] Ali, I. M., Caprolu, M., and Pietro, R. D. Foundations, properties, and security applications of puzzles: A survey. CoRR abs/1904.10164 (2019).
  • [7] Alvisi, L., Clement, A., Epasto, A., Lattanzi, S., and Panconesi, A. Sok: The evolution of sybil defense via social networks. In Proceedings of the IEEE Symposium on Security and Privacy (2013), pp. 382–396.
  • [8] Alyssa Hertig. Ethereum’s Big Switch: The New Roadmap to Proof-of-Stake. urlwww.coindesk.com/ethereums-big-switch-the-new-roadmap-to-proof-of-stake/, 2017. Online; accessed 28 November 2019.
  • [9] Anderson, T., Roscoe, T., and Wetherall, D. Preventing internet denial-of-service with capabilities. ACM SIGCOMM Computer Communication Review 34, 1 (2004), 39–44.
  • [10] Andrychowicz, M., and Dziembowski, S. Pow-based distributed cryptography with no trusted setup. In Proceedings of the Annual Cryptology Conference (2015), Springer, pp. 379–399.
  • [11] Aspnes, J., Jackson, C., and Krishnamurthy, A. Exposing computationally-challenged byzantine impostors. Tech. rep., Tech. Report YALEU/DCS/TR-1332, Yale University http://www. cs.yale.edu/homes/aspnes/papers/tr1332.pdf, 2005.
  • [12] Aspnes, J., and Shah, G. Skip graphs. In Fourteenth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) (2003), pp. 384–393.
  • [13] Ateniese, G., Bonacina, I., Faonio, A., and Galesi, N. Proofs of space: When space is of the essence. In International Conference on Security and Cryptography for Networks (2014), Springer, pp. 538–557.
  • [14] Augustine, J., Molla, A. R., Morsy, E., Pandurangan, G., Robinson, P., and Upfal, E. Storage and search in dynamic peer-to-peer networks. In Proceedings of the Twenty-fifth Annual ACM Symposium on Parallelism in Algorithms and Architectures (SPAA) (2013), pp. 53–62.
  • [15] Augustine, J., Pandurangan, G., and Robinson, P. Fast byzantine agreement in dynamic networks. In Proceedings of the ACM Symposium on Principles of Distributed Computing (PODC) (2013), pp. 74–83.
  • [16] Augustine, J., Pandurangan, G., and Robinson, P. Fast byzantine leader election in dynamic networks. In Proceedings of the International Symposium on Distributed Computing (DISC) (2015), Springer, pp. 276–291.
  • [17] Augustine, J., Pandurangan, G., Robinson, P., Roche, S., and Upfal, E. Enabling robust and efficient distributed computation in dynamic peer-to-peer networks. In Proceedings of the IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS) (2015), pp. 350–369.
  • [18] Augustine, J., Pandurangan, G., Robinson, P., and Upfal, E. Towards robust and efficient computation in dynamic peer-to-peer networks. In Proceedings of the Twenty-third Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) (2012), pp. 551–569.
  • [19] Aura, T., Nikander, P., and Leiwo, J. DoS-resistant authentication with client puzzles. In Proceedings of the International Workshop on Security Protocols (2000), Springer, pp. 170–177.
  • [20] Awerbuch, B., and Scheideler, C. The hyperring: a low-congestion deterministic data structure for distributed environments. In Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) (2004), pp. 318–327.
  • [21] Awerbuch, B., and Scheideler, C. Robust random number generation for peer-to-peer systems. In Proceedings of the International Conference On Principles of Distributed Systems (OPODIS) (2006), pp. 275–289.
  • [22] Awerbuch, B., and Scheideler, C. Towards a scalable and robust DHT. In Proceedings of the 18th ACM Symposium on Parallelism in Algorithms and Architectures (SPAA) (2006), pp. 318–327.
  • [23] Awerbuch, B., and Scheideler, C. Towards scalable and robust overlay networks. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS) (2007), p. n. pag.
  • [24] Baird, H. S., Moll, M. A., and Wang, S.-Y. Scattertype: A legible but hard-to-segment captcha. In Proceedings of the Eighth International Conference on Document Analysis and Recognition (ICDAR) (2005), pp. 935–939.
  • [25] Ball, M., Rosen, A., Sabin, M., and Vasudevan, P. N. Proofs of work from worst-case assumptions. In Annual International Cryptology Conference (CRYPTO) (2018), Springer, pp. 789–819.
  • [26] Bazzi, R. A., and Konjevod, G. On the establishment of distinct identities in overlay networks. In Proceedings Annual ACM Symposium on Principles of Distributed Computing (PODC) (2005), pp. 312–320.
  • [27] Bentov, I., Lee, C., Mizrahi, A., and Rosenfeld, M. Proof of activity: Extending bitcoin’s proof of work via proof of stake [extended abstract] y. ACM SIGMETRICS Performance Evaluation Review 42, 3 (2014), 34–37.
  • [28] Beutel, A., Xu, W., Guruswami, V., Palow, C., and Faloutsos, C. CopyCatch: Stopping group attacks by spotting lockstep behavior in social networks. In Proceedings of the 22nd International Conference on World Wide Web (WWW) (2013), pp. 119–130.
  • [29] Binmore, K., et al. Playing for real: a text on game theory. Oxford university press, 2007.
  • [30] BitcoinWiki. Bitcoinwiki network. https://en.bitcoin.it/wiki/Network, 2019. Online; accessed 28 November 2019.
  • [31] Borisov, N. Computational puzzles as sybil defenses. In Proceedings of the Sixth IEEE International Conference on Peer-to-Peer Computing (P2P) (2006), pp. 171–176.
  • [32] Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the Usenix Symposium on Operating Systems Design and Implementation (OSDI) (2002), pp. 299–314.
  • [33] CBS News, A. P. Buyer beware: Scourge of fake reviews hitting Amazon, Walmart and other major retailers, 2019. https://www.cbsnews.com/news/buyer-beware-a-scourge-of-fake-online-reviews-is-hitting-amazon -walmart-and-other-major-retailers/.
  • [34] Chau, D. H., Pandit, S., and Faloutsos, C. Detecting fraudulent personalities in networks of online auctioneers. In Proceedings of the European Conference on Principles of Data Mining and Knowledge Discovery (2006), Springer, pp. 103–114.
  • [35] CoinDesk. Vulnerable? Ethereum’s Casper Tech Takes Criticism at Curacao Event. https://www.coindesk.com/fundamentally-vulnerable-ethereums-casper-tech-takes-criticism-curacao.
  • [36] Cracked. I get paid to write fake reviews for amazon, 2016. https://www.cracked.com/personal-experiences -2376-i-get-paid-to-write-fake-reviews-amazon.html.
  • [37] Danezis, G., Lesniewski-laas, C., Kaashoek, M. F., and Anderson, R. Sybil-resistant DHT routing. In Proceedings of the European Symposium On Research In Computer Security (ESORICS) (2005), pp. 305–318.
  • [38] Demirbas, M., and Song, Y. An RSSI-based scheme for sybil attack detection in wireless sensor networks. In Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks (WOWMOM) (2006), pp. 564–570.
  • [39] Digiconomist. Bitcoin Energy Consumption Index, 2020. https://digiconomist.net/bitcoin-energy-consumption.
  • [40] Dinger, J., and Hartenstein, H. Defending the sybil attack in p2p networks: Taxonomy, challenges, and a proposal for self-registration. In Proceedings of the First International Conference on Availability, Reliability and Security (ARES) (2006), pp. 756–763.
  • [41] Douceur, J. The sybil attack. In Proceedings of the Second International Peer-to-Peer Symposium (IPTPS) (2002), pp. 251–260.
  • [42] Dwork, C., Goldberg, A., and Naor, M. On memory-bound functions for fighting spam. In Proceedings of the Annual International Cryptology Conference (2003), Springer, pp. 426–444.
  • [43] Dwork, C., and Naor, M. Pricing via processing or combatting junk mail. In Proceedings of the Annual International Cryptology Conference on Advances in Cryptology (1993), pp. 139–147.
  • [44] Dziembowski, S., Faust, S., Kolmogorov, V., and Pietrzak, K. Proofs of space. In Annual Cryptology Conference (2015), Springer, pp. 585–605.
  • [45] Easley, D., Kleinberg, J., et al. Networks, crowds, and markets, vol. 8. Cambridge university press Cambridge, 2010.
  • [46] Falkner, J., Piatek, M., John, J. P., Krishnamurthy, A., and Anderson, T. Profiling a million user DHT. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement (2007), pp. 129–134.
  • [47] Fiat, A., and Saia, J. Censorship resistant peer-to-peer content addressable networks. In Proceedings of the Thirteenth ACM Symposium on Discrete Algorithms (SODA) (2002), pp. 94–103.
  • [48] Fiat, A., Saia, J., and Young, M. Making chord robust to byzantine attacks. In Proceedings of the European Symposium on Algorithms (ESA) (2005), pp. 803–814.
  • [49] FitzGibbon, C. D., and Fanshawe, J. H. Stotting in thomson’s gazelles: an honest signal of condition. Behavioral Ecology and Sociobiology 23, 2 (1988), 69–74.
  • [50] Forbes. Amazon’s fake review problem is getting worse, 2019. https://www.forbes.com/sites/emmawoollacott/2019/04/16/amazons-fake-review-problem-is-getting-worse/#f6988195f525.
  • [51] Fraigniaud, P., and Gauron, P. D2B: A de Bruijn based content-addressable network. Theoretical Computer Science 355, 1 (Apr. 2006), 65–79.
  • [52] Garay, J., Kiayias, A., and Leonardos, N. The bitcoin backbone protocol: Analysis and applications. In Proceedings of 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT) (2015), pp. 281–310.
  • [53] Gil, S., Kumar, S., Mazumder, M., Katabi, D., and Rus, D. Guaranteeing spoof-resilient multi-robot networks. In Proceedings of Robotics: Science and Systems (Rome, Italy, July 2015).
  • [54] Gilad, Y., Hemo, R., Micali, S., Vlachos, G., and Zeldovich, N. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP) (2017), pp. 51–68.
  • [55] Gilbert, S., Newport, C., and Zheng, C. Who are you? secure identities in ad hoc networks. In Proceedings of the International Symposium on Distributed Computing (DISC) (2014), pp. 227–242.
  • [56] Gilbert, S., and Zheng, C. Sybilcast: Broadcast on the open airwaves. In Proceedings of the Annual ACM Symposium on Parallelism in Algorithms and Architectures (SPAA) (2013), pp. 130–139.
  • [57] Guerraoui, R., Huc, F., and Kermarrec, A.-M. Highly dynamic distributed computing with byzantine failures. In Proceedings of the 2013 ACM Symposium on Principles of Distributed Computing (PODC) (2013), pp. 176–183.
  • [58] Gupta, D., Saia, J., and Young, M. Proof of work without all the work. In Proceedings of the International Conference on Distributed Computing and Networking (ICDCN) (2018).
  • [59] Gupta, D., Saia, J., and Young, M. Peace through superior puzzling: An asymmetric sybil defense. In Proceedings of the IEEE International Parallel and Distributed Processing Symposium (IPDPS) (2019), pp. 1083–1094.
  • [60] Gupta, D., Saia, J., and Young, M. ToGCom: An Asymmetric Sybil Defense. arXiv preprint arXiv:2006.02893 (2020).
  • [61] Hartline, J. D., and Roughgarden, T. Optimal mechanism design and money burning. In Proceedings of the

    Annual ACM Symposium on Theory of Computing

    (2008), pp. 75–84.
  • [62] Harvey, N. J. A., Jones, M. B., Saroiu, S., Theimer, M., and Wolman, A. Skipnet: A scalable overlay network with practical locality properties. In USENIX Symposium on Internet Technologies and Systems (2003).
  • [63] Heilman, E., Kendler, A., Zohar, A., and Goldberg, S. Eclipse attacks on bitcoin’s peer-to-peer network. In Proceedings of the USENIX Conference on Security Symposium (2015), pp. 129–144.
  • [64] Heydari, A., ali Tavakoli, M., Salim, N., and Heydari, Z. Detection of review spam: A survey. Expert Systems with Applications 42, 7 (2015), 3634 – 3642.
  • [65] Hildrum, K., and Kubiatowicz, J. Asymptotically efficient approaches to fault-tolerance in peer-to-peer networks. In Proceedings of the 17th International Symposium on Distributed Computing (2004), pp. 321–336.
  • [66] Hooi, B., Song, H. A., Beutel, A., Shah, N., Shin, K., and Faloutsos, C. FRAUDAR: Bounding graph fraud in the face of camouflage. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) (New York, NY, USA, 2016), Association for Computing Machinery, pp. 895–904.
  • [67] Hou, R., Jahja, I., Luu, L., Saxena, P., and Yu, H. Randomized view reconciliation in permissionless distributed systems. 2528–2536.
  • [68] Huck, S., and Müller, W. Burning money and (pseudo) first-mover advantages: an experimental study on forward induction. Games and Economic Behavior 51, 1 (2005), 109–127.
  • [69] Hunt, K. M. Gaming the system: Fake online reviews v. consumer law. Computer Law & Security Review 31, 1 (2015), 3 – 25.
  • [70] Hussain, A., Heidemann, J., and Papadopoulos, C. A framework for classifying denial of service attacks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) (2003), pp. 99–110.
  • [71] Jagadish, H., Ooi, B. C., and Vu, Q. H. BATON: A balanced tree structure for peer-to-peer networks. In Proceedings of the International conference on Very Large Data Bases (VLDB) (2005), pp. 661–672.
  • [72] Jaiyeola, M. O., Patron, K., Saia, J., Young, M., and Zhou, Q. M. Tiny groups tackle byzantine adversaries. In Proceedings of the IEEE International Parallel and Distributed Processing Symposium, IPDPS (2018), pp. 1030–1039.
  • [73] Jindal, N., and Liu, B. Opinion spam and analysis. In Proceedings of the 2008 international conference on web search and data mining (2008), pp. 219–230.
  • [74] Johansen, H., Allavena, A., and van Renesse, R. Fireflies: Scalable support for intrusion-tolerant network overlays. In ACM SIGOPS Operating Systems Review (2006), pp. 3–13.
  • [75] John, R., Cherian, J. P., and Kizhakkethottam, J. J. A survey of techniques to prevent sybil attacks. In Proceedings of the International Conference on Soft-Computing and Networks Security (ICSNS) (2015), pp. 1–6.
  • [76] Juels, A., and Brainard, J. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS) (1999), pp. 151–165.
  • [77] Kaiser, E., and Feng, W. c. Mod_kaPoW: Mitigating DoS with transparent proof-of-work. In Proceedings of the 2007 ACM CoNEXT Conference (2007), pp. 74:1–74:2.
  • [78] Kapadia, A., and Triandopoulos, N. Halo: High-assurance locate for distributed hash tables. In Proceedings of the Network and Distributed System Security Symposium (NDSS) (2008).
  • [79] Karami, A., and Zhou, B. Online review spam detection by new linguistic features. iConference 2015 Proceedings (2015).
  • [80] Kashoek, M. F., and Karger, D. R. Koorde: A simple degree-optimal distributed hash table. In Proceedings of the Second International Workshop on Peer-to-Peer Systems (IPTPS) (Berkeley, CA, 2003).
  • [81] Katz, J., Miller, A., and Shi, E. Pseudonymous secure computation from time-lock puzzles. IACR Cryptol. ePrint Arch. 2014 (2014), 857.
  • [82] Khan, S. M., Mallesh, N., Nambiar, A., and Wright, M. K. The dynamics of salsa: A robust structured p2p system. Network Protocols and Algorithms 2 (2010), 40–60.
  • [83] Kiayias, A., Russell, A., David, B., and Oliynykov, R. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Proceedings of the Annual International Cryptology Conference (2017), vol. 10401 of Lecture Notes in Computer Science, Springer, pp. 357–388.
  • [84] Knockel, J., Saad, G., and Saia, J. Self-healing of byzantine faults. In Proceedings of the International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS) (2013), pp. 98–112.
  • [85] Laurie, B., and Clayton, R. ”Proof-of-work” proves not to work. In Proceedings of the Annual Workshop on Economics and Information Security (WEIS) (2004).
  • [86] Lesniewski-Laas, C., and Kaashoek, M. F. Whanau: A Sybil-proof distributed hash table. In Proceedings of the USENIX Conference on Networked Systems Design and Implementation (2010), NSDI’10, pp. 8–8.
  • [87] Li, D., Lu, X., and Wu, J. FISSIONE: A scalable constant degree and low congestion DHT scheme based on Kautz graphs. In Proceedings IEEE Annual Joint Conference of the IEEE Computer and Communications Societies. (2005), vol. 3, pp. 1677–1688.
  • [88] Li, F., Mittal, P., Caesar, M., and Borisov, N. SybilControl: Practical sybil defense with computational puzzles. In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing (2012), pp. 67–78.
  • [89] Lin, I.-C., and Liao, T.-C. A survey of blockchain security issues and challenges. IJ Network Security 19, 5 (2017), 653–659.
  • [90] Liu, D., and Camp, L. J. Proof of work can work. In Proceedings of the Workshop on the Economics of Information Security (WEIS) (2006).
  • [91] Liu, Y., Bild, D. R., Dick, R. P., Mao, Z. M., and Wallach, D. S. The Mason test: A defense against Sybil attacks in wireless networks without trusted authorities. IEEE Transactions on Mobile Computing 14, 11 (2015), 2376–2391.
  • [92] Luu, L., Narayanan, V., Zheng, C., Baweja, K., Gilbert, S., and Saxena, P. A Secure Sharding Protocol For Open Blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2016), pp. 17–30.
  • [93] Malbon, J. Taking fake online consumer reviews seriously. Journal of Consumer Policy 36, 2 (2013), 139–157.
  • [94] Malliga, S., Tamilarasi, A., and Janani, M. Filtering spoofed traffic at source end for defending against dos/ddos attacks. In Proceedings of the International Conference on Computing, Communication and Networking (2008), IEEE, pp. 1–5.
  • [95] Mankins, D., Krishnan, R., Boyd, C., Zao, J., and Frentz, M. Mitigating distributed denial of service attacks with dynamic resource pricing. In Proceedings of the Seventeenth Annual Computer Security Applications Conference (2001), IEEE, pp. 411–421.
  • [96] Maymounkov, P., and Mazieres, D. Kademlia: A peer-to-peer information system based on the xor metric. Lecture Notes in Computer Science (2002), 53–65.
  • [97] Miller, A., Litton, J., Pachulski, A., Spring, N., Gupta, N., Levin, D., and Bhattacharjee, B. Discovering bitcoin’s public topology and influential nodes, 2015. http://cs.umd.edu/projects/coinscope/coinscope.pdf.
  • [98] Miller, G. Spent: Sex, evolution, and consumer behavior. Penguin, 2009.
  • [99] Mohaisen, A., and Hollenbeck, S. Improving social network-based Sybil defenses by rewiring and augmenting social graphs. In Proceedings of the International Workshop on Information Security Applications (WISA) (2014), pp. 65–80.
  • [100] Mohaisen, A., and Kim, J. The Sybil attacks and defenses: A survey. Smart Computing Review 3, 6 (2013), 480–489.
  • [101] Mónica, D., Leitao, L., Rodrigues, L., and Ribeiro, C. On the use of radio resource tests in wireless ad-hoc networks. In Proceedings of the Workshop on Recent Advances on Intrusion-Tolerant Systems (2009), pp. 21–26.
  • [102] Moran, T., and Orlov, I. Simple proofs of space-time and rational proofs of storage. In Annual International Cryptology Conference (2019), Springer, pp. 381–409.
  • [103] Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System, 2008. http://bitcoin.org/bitcoin.pdf.
  • [104] Nambiar, A., and Wright, M. Salsa: A structured approach to large-scale anonymity. In Proceedings of the ACM Conference on Computer and Communications Security (2006), pp. 17–26.
  • [105] Naor, M., and Wieder, U. Novel architectures for P2P applications: The continuous-discrete approach. In Proceedings of the ACM Symposium on Parallelism in Algorithms and Architectures (SPAA) (2003).
  • [106] Newsome, J., Shi, E., Song, D., and Perrig, A. The Sybil attack in sensor networks: Analysis & defenses. In Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks (IPSN) (2004), pp. 259–268.
  • [107] Nolan, C. The Dark Knight, 2008. Quote from the scene where the Joker sets a large pile of money ablaze.
  • [108] Noureddine, M. A., Fawaz, A. M., Hsu, A., Guldner, C., Vijay, S., Başar, T., and Sanders, W. H. Revisiting client puzzles for state exhaustion attacks resilience. In Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2019), pp. 617–629.
  • [109] Oikonomou, G., and Mirkovic, J. Modeling human behavior for defense against flash-crowd attacks. In Proceedings of the IEEE International Conference on Communications (2009), IEEE, pp. 1–6.
  • [110] Ott, M., Choi, Y., Cardie, C., and Hancock, J. T. Finding deceptive opinion spam by any stretch of the imagination. In Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies (USA, 2011), Association for Computational Linguistics, pp. 309–319.
  • [111] Park, S., Kwon, A., Fuchsbauer, G., Gaži, P., Alwen, J., and Pietrzak, K. Spacemint: A cryptocurrency based on proofs of space. In Proceedings of the International Conference on Financial Cryptography and Data Security (2018), Springer, pp. 480–499.
  • [112] Parno, B., Wendlandt, D., Shi, E., Perrig, A., Maggs, B., and Hu, Y.-C. Portcullis: Protecting connection setup from denial-of-capability attacks. ACM SIGCOMM Computer Communication Review 37, 4 (2007), 289–300.
  • [113] Penn, D. J. The evolutionary roots of our environmental problems: Toward a darwinian ecology. The quarterly review of biology 78, 3 (2003), 275–301.
  • [114] Pogue, D. Time to kill off captchas. Scientific American 306, 3 (2012), 23–23.
  • [115] Rayana, S., and Akoglu, L. Collective opinion spam detection: Bridging review networks and metadata. In Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (New York, NY, USA, 2015), KDD ?15, Association for Computing Machinery, pp. 985–994.
  • [116] Rowaihy, H., Enck, W., McDaniel, P., and La Porta, T. Limiting Sybil attacks in structured P2P networks. In Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM) (2007), pp. 2596–2600.
  • [117] Rowstron, A. I. T., and Druschel, P. Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms (2001), pp. 329–350.
  • [118] Saad, G. The evolutionary bases of consumption. Psychology Press, 2007.
  • [119] Saad, G., and Saia, J. Self-healing computation. In Proceedings of the International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS) (2014), pp. 195–210.
  • [120] Saad, G., and Saia, J. A theoretical and empirical evaluation of an algorithm for self-healing computation. Distributed Computing 30, 6 (2017), 391–412.
  • [121] Saad, G., and Vongas, J. G. The effect of conspicuous consumption on men’s testosterone levels. Organizational Behavior and Human Decision Processes 110, 2 (2009), 80–92.
  • [122] Saia, J., and Young, M. Reducing communication costs in robust peer-to-peer networks. Information Processing Letters 106(4) (2008), 152–158.
  • [123] Savage, D., Zhang, X., Yu, X., Chou, P., and Wang, Q. Detection of opinion spam based on anomalous rating deviation. Expert Systems with Applications 42, 22 (2015), 8650 – 8657.
  • [124] Scheideler, C., and Schmid, S. A Distributed and Oblivious Heap. In Proceedings of the 36th Internatilonal Collogquium on Automata, Languages and Programming: Part II (2009), ICALP ’09, pp. 571–582.
  • [125] Sen, S., and Freedman, M. J. Commensal cuckoo: Secure group partitioning for large-scale services. ACM SIGOPS Operating Systems 46, 1 (Feb. 2012), 33–39.
  • [126] Shoker, A. Sustainable blockchain through proof of exercise. In 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) (2017), IEEE, pp. 1–9.
  • [127] Singh, A., Ngan, T. W., Druschel, P., and Wallach, D. S. Eclipse attacks on overlay networks: Threats and defenses. In Proceedings IEEE International Conference on Computer Communications (INFOCOM) (2006), pp. 1–12.
  • [128] Steiner, M., En-Najjary, T., and Biersack, E. W. A global view of KAD. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement (2007), pp. 117 – 122.
  • [129] Stoica, I., Morris, R., Karger, D., Kaashoek, M. F., and Balakrishnan, H. Chord: A scalable peer-to-peer lookup service for internet applications. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) (2001), pp. 149–160.
  • [130] Stoica, I., Morris, R. T., Liben-Nowell, D., Karger, D. R., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. Chord: a scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11, 1 (2003), 17–32.
  • [131] Sundie, J. M., Kenrick, D. T., Griskevicius, V., Tybur, J. M., Vohs, K. D., and Beal, D. J. Peacocks, porsches, and thorstein veblen: Conspicuous consumption as a sexual signaling system. Journal of personality and social psychology 100, 4 (2011), 664.
  • [132] Tegeler, F., and Fu, X. SybilConf: Computational puzzles for confining sybil attacks. In Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM) (2010), pp. 1–2.
  • [133] The Guardian, G. M. The need to protect the internet from ‘astroturfing’ grows ever more urgent, 2011. https://www.theguardian.com/environment/georgemonbiot/2011/feb/23/need-to-protect-internet-from-astroturfing.
  • [134] Thorstein, V. The theory of the leisure class: An economic study of institutions. BW Huebsch, 1912.
  • [135] Urdaneta, G., Pierre, G., and van Steen, M. A survey of DHT security techniques. ACM Computing Surveys 43, 2 (2011), 1–53.
  • [136] Von Ahn, L., Blum, M., Hopper, N. J., and Langford, J. CAPTCHA: Using hard AI problems for security. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (2003), Springer, pp. 294–311.
  • [137] Von Ahn, L., Maurer, B., McMillen, C., Abraham, D., and Blum, M. recaptcha: Human-based character recognition via web security measures. Science 321, 5895 (2008), 1465–1468.
  • [138] Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., and Shenker, S. DDoS defense by offense. In Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) (2006), pp. 303–314.
  • [139] Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., and Shenker, S. DDoS defense by offense. ACM Transactions on Computer Systems (TOCS) 28, 1 (2010), 3.
  • [140] Wang, H., Zhu, Y., and Hu, Y. An efficient and secure peer-to-peer overlay network. In Proceedings of the IEEE Conference on Local Computer Networks (2005), pp. 764–771.
  • [141] Wang, L., and Kangasharju, J. Measuring large-scale distributed systems: Case of BitTorrent Mainline DHT. In IEEE 13th International Conference on Peer-to-Peer Computing (P2P) (2013), pp. 1–10.
  • [142] Wang, X., and Reiter, M. K. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003), p. 78.
  • [143] Wei, W., Xu, F., Tan, C. C., and Li, Q. SybilDefender: A defense mechanism for Sybil attacks in large social networks. IEEE Transactions on Parallel & Distributed Systems 24, 12 (2013), 2492–2502.
  • [144] Wu, Y., Ngai, E. W., Wu, P., and Wu, C. Fake online reviews: Literature review, synthesis, and directions for future research. Decision Support Systems 132 (2020), 113280.
  • [145] Xie, S., Wang, G., Lin, S., and Yu, P. S. Review spam detection via temporal pattern discovery. In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (New York, NY, USA, 2012), Association for Computing Machinery, pp. 823–831.
  • [146] Xie, S., Wang, G., Lin, S., and Yu, P. S. Review spam detection via time series pattern discovery. In Proceedings of the International Conference on World Wide Web (New York, NY, USA, 2012), WWW’12 Companion, Association for Computing Machinery, pp. 635–636.
  • [147] Yan, J., and El Ahmad, A. S. Usability of captchas or usability issues in captcha design. In Proceedings of the 4th Symposium on Usable Privacy and Security (New York, NY, USA, 2008), SOUPS’08, Association for Computing Machinery, p. 44?52.
  • [148] Yan, J., and El Ahmad, A. S. Captcha robustness: A security engineering perspective. Computer 44, 2 (2011), 54–60.
  • [149] Yang, X., Wetherall, D., and Anderson, T. TVA: A DoS-limiting network architecture. IEEE/ACM Transactions on Networking 16, 6 (2008), 1267–1280.
  • [150] Yingying Ma, and Fengjun Li. Detecting review spam: Challenges and opportunities. In 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (2012), pp. 651–654.
  • [151] Young, M., Kate, A., Goldberg, I., and Karsten, M. Towards practical communication in Byzantine-resistant DHTs. IEEE/ACM Transactions on Networking 21, 1 (Feb. 2013), 190–203.
  • [152] Yu, H. Sybil defenses via social networks: A tutorial and survey. SIGACT News 42, 3 (Oct. 2011), 80–101.
  • [153] Yu, H., Gibbons, P. B., Kaminsky, M., and Xiao, F. Sybillimit: A near-optimal social network defense against sybil attacks. IEEE/ACM Trans. Netw. 18, 3 (June 2010), 885–898.
  • [154] Yu, H., Kaminsky, M., Gibbons, P. B., and Flaxman, A. Sybilguard: Defending against Sybil attacks via social networks. Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) 36 (Aug. 2006), 267–278.
  • [155] Yu, S., Thapngam, T., Liu, J., Wei, S., and Zhou, W. Discriminating DDoS flows from flash crowds using information distance. In Proceedings of the Third International Conference on Network and System Security (2009), IEEE, pp. 351–356.
  • [156] Zahavi, A. Mate selection - a selection for a handicap. Journal of theoretical Biology 53, 1 (1975), 205–214.
  • [157] Zargar, S. T., Joshi, J., and Tipper, D. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys Tutorials 15, 4 (2013), 2046–2069.
  • [158] Zatloukal, K. C., and Harvey, N. J. A. Family trees: an ordered dictionary with optimal congestion, locality, degree, and search time. In Proceedings of the Annual ACM-SIAM Symposium on Discrete algorithms (SODA) (2004), pp. 308–317.