# Robustness to Sybil Attacks In **The Wild**, one of the most pernicious threats is **Sybil attacks**, where adversaries create numerous fake identities or user accounts to flood the system with low-quality or misleading content. This allows them to manipulate the reward mechanism and extract disproportionate incentives, diverting rewards away from genuine, high-quality contributions. In particular, duplicate data plays a critical role in enabling Sybil attacks. Attackers often rely on repetitive or redundant data submissions to maximize their rewards while minimizing effort. These low-quality contributions distort the reward allocation process, reducing the incentives available for authentic, valuable input. Duplicate data not only compromises the system’s integrity but also risks misaligned incentives, ultimately diminishing the value of contributions and undermining the system’s purpose of rewarding genuine engagement. To ensure the robustness and alignment of the reward mechanism, mitigating the effect of Sybil attacks is essential. Implementing strategies to detect and down-rank duplicate or near-duplicate submissions will protect the system from being gamed by fake accounts and ensure that rewards are allocated to high-quality, original contributions. ## MD5 Hashing To tackle duplicate data detection in Sybil defenses, we leverage the Message Digest Algorithm (MD5), a cryptographic function that maps input data to a 128-bit hash. $$ h(\mathbf{x}) = \text{MD5}(\mathbf{x}) : {0, 1}^\ast \to {0, 1}^{128} $$ MD5 operates by first padding the data $$\mathbf{x}$$ to a multiple of 512 bits, appending a single 1 bit followed by sufficient 0 bits and the original input’s length, ensuring that identical inputs yield identical hash outputs, even for varying input lengths. MD5 then initializes four 32-bit buffers A, B, C, D with predetermined constants. $$ A = 0x67452301, \quad B = 0xEFCDAB89 $$ $$ C = 0x98BADCFE, \quad D = 0x10325476 $$ Each 512-bit block of the input is processed over 64 rounds using non-linear functions and bit-wise operations, producing a final 128-bit hash $$h(\mathbf{x})$$ as a concatenation of A, B, C, D. $$ h(\mathbf{x}) = A|B|C|D $$ This hash serves as a unique *fingerprint* for content, enabling efficient duplicate detection. $$ \mathbf{I}(\mathbf{x}\_i, \mathbf{x}\_j) = \begin{cases} 1 & \text{if } h(\mathbf{x}\_i) = h(\mathbf{x}\_j) \ 0 & \text{otherwise} \end{cases} $$ ## Perceptual Hashing To address cases where exact duplicate detection may miss slightly altered content (such as minor variations in data), we utilize *perceptual hashing* (pHash), a type of locality-sensitive hashing. Unlike cryptographic hashing (e.g., MD5), perceptual hashing generates hashes based on perceptual attributes of content, enabling approximate matching for near-duplicates. This approach is particularly effective for mitigating Sybil attacks involving minor content variations. For images, the pHash process starts by resizing and converting the image sample to grayscale. A Discrete Cosine Transform (DCT) is then applied, transforming the image into the frequency domain. The low-frequency DCT coefficients $$D\_{i,j}$$, which encapsulate the core structural details of the image, are selected from a compact block in the top-left region of the transformed matrix. A binary hash, $$p(\mathbf{I})$$, is then generated by comparing each coefficient to the mean of these selected values: $$ p\_k(\mathbf{I}) = \begin{cases} 1, & D\_{i,j} > \mu \ 0, & D\_{i,j} \leq \mu \end{cases} $$ where $$\mu$$ is the mean of the selected DCT coefficients, and $$p\_k(\mathbf{I})$$ represents the $$k$$-th bit of the binary hash for the image. Similarly, for audio, pHash begins by dividing the raw audio signal into short frames, transforming each frame to the frequency domain via a Fourier Transform to obtain features such as a mel-spectrogram. From the frequency-domain output, the low-frequency components $$F\_{i,j}$$, which contain the dominant spectral patterns, are retained. A binary hash $$p(\mathbf{A})$$ is generated by comparing each component to the mean of the selected frequency values: $$ p\_k(\mathbf{A}) = \begin{cases} 1, & F\_{i,j} > \nu \ 0, & F\_{i,j} \leq \nu \end{cases} $$ where $$\nu$$ represents the mean of the selected frequency components, and $$p\_k(\mathbf{A})$$ denotes the $$k$$-th bit in the binary hash for the audio sample. To determine the similarity between two perceptual hashes, $$p(\mathbf{x}\_i), p(\mathbf{x}\_j) ; \forall ; \mathbf{x}\_i \in \mathcal{X}$$ of two samples, we compute the Hamming distance — the count of differing bits between the hashes: $$ \Delta\_H(p(\mathbf{x}\_i), p(\mathbf{x}*j)) = \sum*{k} \bigg| p\_k(\mathbf{X}\_i) - p\_k(\mathbf{X}\_j)\bigg| $$ A low Hamming distance indicates high similarity, making perceptual hashing well-suited for near-duplicate detection. By applying a threshold on the Hamming distance, we can flag minimally altered images or audio clips as duplicates, thereby strengthening defenses against Sybil attacks. $$ \mathbf{I}(\mathbf{x}\_i, \mathbf{x}\_j) = \begin{cases} 1, & \text{if} ; \Delta\_H(\mathbf{x}\_i, \mathbf{x}\_j) \leq \epsilon \ 0, & \text{otherwise} \end{cases} $$ ## Embedding Similarity To detect duplicates, we calculate the cosine similarity over a shared embedding space, using multi-modal agents to embed data points across different modalities. Let $$s\_{ij}$$ denote the cosine similarity score between two data points in a joint embedding space obtained via AI MemAgents. $$ s(\mathbf{x\_i}, \mathbf{x\_j}) = \max \left(0, \frac{1}{\tau} \frac{\mathbf{z}*{\mathbf{x\_i}}^T \mathbf{z}*{\mathbf{x\_j}}}{|\mathbf{z}*{\mathbf{x\_i}}| |\mathbf{z}*{\mathbf{x\_j}}|}\right) $$ $$ \mathbf{z}*{\mathbf{x\_i}} = f\_w^{\mathcal{X}}(\mathbf{x\_i}), \quad \mathbf{z}*{\mathbf{x\_j}} = f\_w^{\mathcal{X}}(\mathbf{x\_j}) $$ In this setup, pairs of data points with a cosine similarity score $$s\_{ij}$$ exceeding the threshold $$\tau$$ are flagged as duplicates (indicated by 1), while pairs below the threshold are considered unique (indicated by 0). This method allows DecAI to down-rank near-duplicate submissions by identifying high similarity in the shared embedding space, thereby protecting the system against Sybil attacks and ensuring rewards prioritize original, high-quality contributions. $$ \mathbf{I}(\mathbf{x\_i},\mathbf{x\_j}) = \begin{cases} 1 & \text{if } s(\mathbf{x\_i},\mathbf{x\_j})> \tau \ 0 & \text{otherwise} \end{cases} $$ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eidon.ai/the-network/reward-mechanism/technical-details/robustness-to-sybil-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.