Sybil Attacks on Identity-Augmented Proof-of-Stake

Moritz Platt*, Peter McBurney

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

14 Citations (Scopus)
489 Downloads (Pure)


IdAPoS is an identity-based consensus protocol for decentralised Blockchain networks that implements a trustless reputation system by extending Proof-of-Stake to facilitate leader selection in non-economic contexts. Like any protocol operating in a public/permissionless setting, it is vulnerable to Sybil attacks in which byzantine actors interfere with peer sampling by presenting artificially large numbers of identities. This paper demonstrates what influence these attacks have on the stability of member selection of a Blockchain system using the IdAPoS protocol and investigates how attacks can be mitigated. As a novel protocol, its vulnerability to this type of attack has not previously been researched. The research question is approached via an agent-based model of an IdAPoS system in which both honest and malicious actors are represented as agents. Simulations are run on some reasonable configurations of an IdAPoS system that employ different attack mitigation strategies. The results show that a super strategy that combines multiple individual mitigation strategies is more effective for containing Sybil attacks than the unmitigated protocol and any other individual strategies proposed. In the simulation this strategy extended the time until a system was taken over by a malicious entity approximately by a factor of 5. These positive initial results indicate that further research into the practical viability of the protocol is warranted.
Original languageEnglish
Article number108424
Early online date29 Aug 2021
Publication statusPublished - 9 Nov 2021


  • Blockchain
  • Consensus
  • Proof-of-Stake
  • Sybil Attack
  • Leader Selection
  • Self-Governance


Dive into the research topics of 'Sybil Attacks on Identity-Augmented Proof-of-Stake'. Together they form a unique fingerprint.

Cite this