Sybil attack on a peer-to-peer network

The interest of peer-to-peer networks, the basis of public blockchains, is to do without centralized authority to operate. So-called “Sybil” attacks consist of creating false identities to corrupt the network.

The specificity of a peer-to-peer computer architecture is to operate exchanges between several computers connected to the system without going through a central server. All the computers in a peer-to-peer network, called “nodes”, play both the role of client and server, that is to say the role of sender and receiver. A widespread application in the field of peer-to-peer computer architectures is that of file sharing, a pet peeve of the cultural industries since the advent of the Internet and the launch, in June 1999, of the first software used on a large scale, Napster, then, in the summer of 2002, the BitTorrent data transfer protocol. In the field of wired or wireless networks, the structure of the network is said to be “mesh” when it consists of the connection of all the nodes (also called “hosts”) in peer-to-peer, without a central hierarchy. All hosts in the network are both client and server, allowing for much better communications resilience if one of the points fails. Today, peer-to-peer networks are also at the heart of the functioning of most public blockchains, such as Bitcoin, Ethereum or Tezos.

All these applications whose technical architecture is based on a peer-to-peer network must deal, in particular, with a security threat specific to this distributed topology called the “Sybil attack”, during which a person creates several accounts or connects several nodes or computers within the network in an attempt to take control of it. The name of this type of computer attack is a reference to a biographical novel published in 1973 in the United States, written by Flora Rheta Schreiber, which tells the story of the psychotherapy of Shirley Ardell Mason (1923-1998), also known under the alias “Sybil Isabel Dorsett”, an advertising artist with multiple personality disorder, or dissociative identity disorder. A Sybil attack thus designates the activity of rogue nodes within a peer-to-peer network that pose as individual and independent nodes when in reality they are under the control of a single malicious entity, and whose objective is to influence the decisions taken on the network, to “de-anonymize” the users of the network or even to corrupt its operation, or even to block the protocol.

In 2014, the Tor network, a global and decentralized computer network that allows its users to anonymize the origin of their connection, suffered a Sybil attack for several months. The aim of the attackers, who managed to take control using malicious nodes of around half of the Tor relays, was to spy on data traffic and “de-anonymize” a large number of users. According to Sombrecrizt, contributor to, “placing a large number of operator-controlled nodes allows users to de-anonymize using a Sybil-class attack, which can be done if attackers control the first and last node in the anonymization chain. The first node in the Tor chain knows the IP address of the user, and the latter knows the IP address of the requested resource, which allows to de-anonymize the request by adding some hidden tag on the side of the entry node for packet headers that remain unchanged throughout the anonymization chain, then parse it on the exit node side. » These malicious nodes, once identified, were disconnected from the Tor network.

The risk of Sybil attacks exists on blockchain protocols whose operation is also based on a peer-to-peer architecture. How do the nodes of a blockchain trust each other and accept new transaction blocks broadcast on the network? How to spot potential malicious nodes that attempt to register bogus transactions for their benefit in the public ledger? To guard against this type of attack, public blockchains implement a consensus mechanism, notably that of proof of work (proof of work). The proof-of-work consensus mechanism requires each node involved in validating transactions to solve an energy-consuming cryptographic puzzle in order to participate in the mining process. Whoever solves this cryptographic puzzle validates the block of transactions and collects a reward for this work. However, if the creation of multiple identities is always possible, it is now almost impossible for an attacker to provide sufficient computing power to insert fake transactions into a public blockchain without everyone’s knowledge. The proof-of-work consensus mechanism, implemented within a blockchain protocol, thus makes it possible to defend oneself very effectively against Sybil attacks. As stated on the website, “it does not prevent an attacker from attempting this type of attack but aims to make it extremely difficult, if not impossible”. It is by this ingenious means that, since 2009, the public Bitcoin blockchain has successfully guarded against Sybil attacks and guarantees the inviolability of transactions on its network.


  • “The Sybil Attacks”, Binance Academy,, 2018, updated in 2021.
  • “Sybil Attacks and Defenses in Internet of Things and Mobile Social Networks”, Ali Alharbi, Mohamed Zohdy, Debatosh Debnath, Richard Olawoyin, George Corser, International Journal of Computer Science Issues, flight. 15, issue 6,, November 30, 2018.
  • “Sybil’s attack – Free TON is it vulnerable? », Vitaly Romanov,, March 21, 2021.
  • “Tor 11.0.2 has already been released and comes with some fixes”, Sombrecrizt,, 5 December 2021.

We wish to give thanks to the writer of this write-up for this awesome material

Sybil attack on a peer-to-peer network

You can find our social media pages here and other pages on related topics here.