SybilQuorum: Open Distributed Ledgers Through Trust Networks

Alberto Sonnino; George Danezis

arxiv: 1906.12237 · v1 · pith:SXEIIUN7new · submitted 2019-06-28 · 💻 cs.CR

SybilQuorum: Open Distributed Ledgers Through Trust Networks

Alberto Sonnino , George Danezis This is my paper

Pith reviewed 2026-05-25 13:43 UTC · model grok-4.3

classification 💻 cs.CR

keywords Sybil attackdistributed ledgertrust networkFederated Byzantine Agreement Systemconsensusopen ledgersocial network defenseblockchain security

0 comments

The pith

Nodes expressing trust relationships through a ledger can bootstrap a value system and general transactions while thwarting Sybil attacks as a secure Federated Byzantine Agreement System.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes that nodes in open distributed ledgers can record their trust relationships directly on the ledger. This recording allows the system to start and run both a value system and general transactions. Sybil attacks are prevented by drawing on social network defenses, and the overall setup functions as a secure Federated Byzantine Agreement System. The authors support this with an empirical evaluation and an extension of the underlying theory. A sympathetic reader would care because the method offers an alternative to resource-based defenses like proof of work or permissioned controls for peer-to-peer systems.

Core claim

Nodes expressing their trust relationships through the ledger can bootstrap and operate a value system and general transaction system while Sybil attacks are thwarted; the system is a secure Federated Byzantine Agreement System.

What carries the argument

SybilQuorum, a system in which trust relationships recorded on the ledger define quorums within an extended Federated Byzantine Agreement System to block Sybil attacks.

If this is right

An open value system can operate without proof-of-work, stake, or other resource commitments.
General transactions proceed among honest participants through the formed quorums.
Sybil attacks are blocked by the social-network structure of the expressed trusts.
The ledger functions as a complete transaction system once the trust network is established.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same trust-recording approach could apply to other peer-to-peer systems that currently rely on resource proofs.
Deployment data would show how closely on-ledger trusts match offline social ties over time.
Energy consumption could drop relative to proof-of-work ledgers if the method scales.
Initial bootstrap might combine with existing social platforms to seed the first trust edges.

Load-bearing premise

Trust relationships expressed through the ledger reliably reflect real-world connections that cannot be gamed at scale by an attacker creating many fake nodes.

What would settle it

A simulation or deployment in which an attacker creates many fake nodes that form dense mutual trust links among themselves and then attempts to sway consensus outcomes or claim value.

Figures

Figures reproduced from arXiv: 1906.12237 by Alberto Sonnino, George Danezis.

read the original abstract

The Sybil attack plagues all peer-to-peer systems, and modern open distributed ledgers employ a number of tactics to prevent it from proof of work, or other resources such as space, stake or memory, to traditional admission control in permissioned settings. With SybilQuorum we propose an alternative approach to securing an open distributed ledger against Sybil attacks, and ensuring consensus amongst honest participants, leveraging social network based Sybil defences. We show how nodes expressing their trust relationships through the ledger can bootstrap and operate a value system, and general transaction system, and how Sybil attacks are thwarted. We empirically evaluate our system as a secure Federated Byzantine Agreement System, and extend the theory of those systems to do so.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

SybilQuorum offers a trust-graph way to run FBAS on open ledgers without resources, but the argument that on-ledger trusts resist large-scale gaming is not shown.

read the letter

The paper's core move is to let nodes record trust links directly on the ledger and use those to set quorum slices in an FBAS construction. This replaces proof-of-work or stake with a social-network style defense for Sybil resistance while still supporting value and general transactions. That specific combination is new in the ledger setting. The empirical checks treating the system as a secure FBAS and the extensions to FBAS theory are the parts that feel like actual work rather than just a sketch. Those pieces give the reader something concrete to examine. The main gap is the missing step that shows why ledger-expressed trusts inherit the expansion or conductance properties needed to stop an attacker from flooding the graph with fake nodes. The abstract points to social-network Sybil defenses but supplies no derivation or argument for why the on-ledger version keeps those properties or how the system bootstraps without already having reliable trust. That leaves the safety transfer from standard FBAS uncertain. The paper is aimed at people designing or analyzing non-resource consensus mechanisms. A reader already familiar with FBAS or trust-based Sybil work can extract the construction and the evaluation results even if the security case needs more support. It is worth sending to referees so the trust-model details can be checked against the full text.

Referee Report

2 major / 0 minor

Summary. The paper proposes SybilQuorum, an approach to securing open distributed ledgers against Sybil attacks by having nodes express trust relationships on the ledger. It claims this bootstraps and operates a value and transaction system while thwarting Sybils, leveraging social-network Sybil defenses. The system is evaluated empirically as a secure Federated Byzantine Agreement System (FBAS), with an extension to FBAS theory.

Significance. If the core security transfer from social-network properties to on-ledger trust graphs holds, the work would provide a resource-light alternative to PoW/stake for open ledgers and a concrete application of FBAS. The empirical evaluation and theoretical extension are noted strengths, but significance is constrained by the absence of any shown derivations or data supporting the key assumption that ledger-expressed trusts cannot be gamed at scale.

major comments (2)

[Abstract] Abstract (paragraph on leveraging social network based Sybil defences): the claim that ledger-expressed trust relationships reliably encode real-world connections that thwart Sybil attacks at scale requires a derivation showing inheritance of expansion/conductance properties; none is supplied, so the FBAS safety guarantee does not transfer.
[Abstract] Abstract: the empirical evaluation as a secure FBAS is asserted without any reported data, error bars, exclusion rules, or mechanism details, leaving the central security claim unsupported.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments on our manuscript. We respond to each major comment below.

read point-by-point responses

Referee: [Abstract] Abstract (paragraph on leveraging social network based Sybil defences): the claim that ledger-expressed trust relationships reliably encode real-world connections that thwart Sybil attacks at scale requires a derivation showing inheritance of expansion/conductance properties; none is supplied, so the FBAS safety guarantee does not transfer.

Authors: We agree that a formal derivation is required to rigorously establish that on-ledger trust expressions inherit the expansion or conductance properties from underlying social networks. The current manuscript presents an informal argument based on the premise that ledger-expressed trusts reflect real-world connections, but does not supply the requested mathematical derivation. We will add this derivation in the revised version. revision: yes
Referee: [Abstract] Abstract: the empirical evaluation as a secure FBAS is asserted without any reported data, error bars, exclusion rules, or mechanism details, leaving the central security claim unsupported.

Authors: The full manuscript contains the empirical evaluation and theoretical extension in the body text. However, the abstract itself does not report specific data, error bars, exclusion rules, or mechanism details. We will revise the abstract to reference key evaluation outcomes and ensure the main text explicitly includes error bars, exclusion criteria, and simulation parameters. revision: partial

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper presents a system that expresses trust relationships on-ledger to leverage external social-network Sybil defenses and extend FBAS theory, with an empirical evaluation. No equations, fitted parameters, or self-referential definitions appear in the abstract or described claims that would reduce any prediction or security guarantee to the inputs by construction. The bootstrap mechanism and consensus properties are framed as building on independent social-network properties rather than internally defined quantities. No load-bearing self-citations or ansatzes smuggled via prior author work are quoted that collapse the central result.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim rests on the domain assumption that social-network Sybil defenses transfer to ledger-based consensus without additional mechanisms; no free parameters or invented physical entities are named.

axioms (1)

domain assumption Social network based Sybil defences can be leveraged to secure open distributed ledgers and ensure consensus
Invoked in the abstract as the core alternative approach.

invented entities (1)

SybilQuorum system no independent evidence
purpose: To bootstrap value and transaction systems on open ledgers using expressed trust relationships
New named construction introduced to solve the Sybil problem in this setting.

pith-pipeline@v0.9.0 · 5641 in / 1265 out tokens · 20777 ms · 2026-05-25T13:43:51.710726+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

21 extracted references · 21 canonical work pages · 1 internal anchor

[1]

write newline

" write newline "" before.all 'output.state := FUNCTION fin.entry add.period write newline FUNCTION new.block output.state before.all = 'skip after.block 'output.state := if FUNCTION new.sentence output.state after.block = 'skip output.state before.all = 'skip after.sentence 'output.state := if if FUNCTION not #0 #1 if FUNCTION and 'skip pop #0 if FUNCTIO...

work page
[2]

Hyperledger fabric: a distributed operating system for permissioned blockchains

Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolic, Sharon Weed Cocco, and Jason...

work page 2018
[3]

Ripple: Overview and outlook

Frederik Armknecht, Ghassan O Karame, Avikarsha Mandal, Franck Youssef, and Erik Zenner. Ripple: Overview and outlook. In International Conference on Trust and Trustworthy Computing , pages 163--180. Springer, 2015

work page 2015
[4]

Hashcash-a denial of service counter-measure, 2002

Adam Back et al. Hashcash-a denial of service counter-measure, 2002

work page 2002
[5]

b-money, 1998

Wei Dai. b-money, 1998. URL: http://www. weidai. com/bmoney. txt , 1998

work page 1998
[6]

Blockmania: from Block DAGs to Consensus

George Danezis and David Hrycyszyn. Blockmania: from block dags to consensus. arXiv preprint arXiv:1809.01620 , 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[7]

Frans Kaashoek, and Ross J

George Danezis, Chris Lesniewski - Laas, M. Frans Kaashoek, and Ross J. Anderson. Sybil-resistant DHT routing. In Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , pages 305--318, 2005

work page 2005
[8]

Sybilinfer: Detecting sybil nodes using social networks

George Danezis and Prateek Mittal. Sybilinfer: Detecting sybil nodes using social networks. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, San Diego, California, USA, 8th February - 11th February 2009 , 2009

work page 2009
[9]

John R. Douceur. The sybil attack. In Peer-to-Peer Systems, First International Workshop, IPTPS 2002, Cambridge, MA, USA, March 7-8, 2002, Revised Papers , pages 251--260, 2002

work page 2002
[10]

Ouroboros: A provably secure proof-of-stake blockchain protocol

Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference , pages 357--388. Springer, 2017

work page 2017
[11]

Tendermint: Consensus without mining

Jae Kwon. Tendermint: Consensus without mining. Draft v. 0.6, fall , 2014

work page 2014
[12]

Proof-of-work proves not to work; version 0.2

Ben Laurie and Richard Clayton. Proof-of-work proves not to work; version 0.2. In Workshop on Economics and Information, Security , 2004

work page 2004
[13]

Venmo trust and the blockchain

Sam Lessin. Venmo trust and the blockchain. https://www.theinformation.com/articles/venmo-trust-and-the-blockchain , 2018

work page 2018
[14]

Attack-resistant trust metrics

Raph Levien. Attack-resistant trust metrics. In Computing with Social Trust , pages 121--132. Springer, 2009

work page 2009
[15]

The stellar consensus protocol: A federated model for internet-level consensus

David Mazieres. The stellar consensus protocol: A federated model for internet-level consensus. Stellar Development Foundation , 2015

work page 2015
[16]

On the mixing time of directed social graphs and security implications

Abedelaziz Mohaisen, Huy Tran, Nicholas Hopper, and Yongdae Kim. On the mixing time of directed social graphs and security implications. In 7th ACM Symposium on Information, Compuer and Communications Security, ASIACCS '12, Seoul, Korea, May 2-4, 2012 , pages 36--37, 2012

work page 2012
[17]

Bitcoin: A peer-to-peer electronic cash system

Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008

work page 2008
[18]

Implementing fault-tolerant services using the state machine approach: A tutorial

Fred B Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys (CSUR) , 22(4):299--319, 1990

work page 1990
[19]

Ethereum: A secure decentralised generalised transaction ledger

Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper , 151:1--32, 2014

work page 2014
[20]

Gibbons, Michael Kaminsky, and Feng Xiao

Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. Sybillimit: A near-optimal social network defense against sybil attacks. IEEE/ACM Trans. Netw. , 18(3):885--898, 2010

work page 2010
[21]

Gibbons, and Abraham D

Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham D. Flaxman. Sybilguard: defending against sybil attacks via social networks. IEEE/ACM Trans. Netw. , 16(3):576--589, 2008

work page 2008

[1] [1]

write newline

" write newline "" before.all 'output.state := FUNCTION fin.entry add.period write newline FUNCTION new.block output.state before.all = 'skip after.block 'output.state := if FUNCTION new.sentence output.state after.block = 'skip output.state before.all = 'skip after.sentence 'output.state := if if FUNCTION not #0 #1 if FUNCTION and 'skip pop #0 if FUNCTIO...

work page

[2] [2]

Hyperledger fabric: a distributed operating system for permissioned blockchains

Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolic, Sharon Weed Cocco, and Jason...

work page 2018

[3] [3]

Ripple: Overview and outlook

Frederik Armknecht, Ghassan O Karame, Avikarsha Mandal, Franck Youssef, and Erik Zenner. Ripple: Overview and outlook. In International Conference on Trust and Trustworthy Computing , pages 163--180. Springer, 2015

work page 2015

[4] [4]

Hashcash-a denial of service counter-measure, 2002

Adam Back et al. Hashcash-a denial of service counter-measure, 2002

work page 2002

[5] [5]

b-money, 1998

Wei Dai. b-money, 1998. URL: http://www. weidai. com/bmoney. txt , 1998

work page 1998

[6] [6]

Blockmania: from Block DAGs to Consensus

George Danezis and David Hrycyszyn. Blockmania: from block dags to consensus. arXiv preprint arXiv:1809.01620 , 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018

[7] [7]

Frans Kaashoek, and Ross J

George Danezis, Chris Lesniewski - Laas, M. Frans Kaashoek, and Ross J. Anderson. Sybil-resistant DHT routing. In Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , pages 305--318, 2005

work page 2005

[8] [8]

Sybilinfer: Detecting sybil nodes using social networks

George Danezis and Prateek Mittal. Sybilinfer: Detecting sybil nodes using social networks. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, San Diego, California, USA, 8th February - 11th February 2009 , 2009

work page 2009

[9] [9]

John R. Douceur. The sybil attack. In Peer-to-Peer Systems, First International Workshop, IPTPS 2002, Cambridge, MA, USA, March 7-8, 2002, Revised Papers , pages 251--260, 2002

work page 2002

[10] [10]

Ouroboros: A provably secure proof-of-stake blockchain protocol

Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference , pages 357--388. Springer, 2017

work page 2017

[11] [11]

Tendermint: Consensus without mining

Jae Kwon. Tendermint: Consensus without mining. Draft v. 0.6, fall , 2014

work page 2014

[12] [12]

Proof-of-work proves not to work; version 0.2

Ben Laurie and Richard Clayton. Proof-of-work proves not to work; version 0.2. In Workshop on Economics and Information, Security , 2004

work page 2004

[13] [13]

Venmo trust and the blockchain

Sam Lessin. Venmo trust and the blockchain. https://www.theinformation.com/articles/venmo-trust-and-the-blockchain , 2018

work page 2018

[14] [14]

Attack-resistant trust metrics

Raph Levien. Attack-resistant trust metrics. In Computing with Social Trust , pages 121--132. Springer, 2009

work page 2009

[15] [15]

The stellar consensus protocol: A federated model for internet-level consensus

David Mazieres. The stellar consensus protocol: A federated model for internet-level consensus. Stellar Development Foundation , 2015

work page 2015

[16] [16]

On the mixing time of directed social graphs and security implications

Abedelaziz Mohaisen, Huy Tran, Nicholas Hopper, and Yongdae Kim. On the mixing time of directed social graphs and security implications. In 7th ACM Symposium on Information, Compuer and Communications Security, ASIACCS '12, Seoul, Korea, May 2-4, 2012 , pages 36--37, 2012

work page 2012

[17] [17]

Bitcoin: A peer-to-peer electronic cash system

Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008

work page 2008

[18] [18]

Implementing fault-tolerant services using the state machine approach: A tutorial

Fred B Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys (CSUR) , 22(4):299--319, 1990

work page 1990

[19] [19]

Ethereum: A secure decentralised generalised transaction ledger

Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper , 151:1--32, 2014

work page 2014

[20] [20]

Gibbons, Michael Kaminsky, and Feng Xiao

Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. Sybillimit: A near-optimal social network defense against sybil attacks. IEEE/ACM Trans. Netw. , 18(3):885--898, 2010

work page 2010

[21] [21]

Gibbons, and Abraham D

Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham D. Flaxman. Sybilguard: defending against sybil attacks via social networks. IEEE/ACM Trans. Netw. , 16(3):576--589, 2008

work page 2008