1. What is the general idea of a sybil attack?
An attack with the intention to overthrow a reputation system by the attacker’s creation of multiple identities to gain a disproportionately large influence; either to multiply the amount of work needed to propagate data, or to actively insert fraudulent information into the network’s data stream. The potential success of these attacks basically depends on whether a reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity or not. Also, whether the reputation system treats all entities identically or not. An entity on a peer-to-peer network is really a piece of software with access to local resources that presents itself through an identity . By default, each distinct identity is assumed to correspond to a distinct local entity, but in reality, many identities can correspond to the same local entity. Peer-to-peer networks e.g. use multiple identities for redundancy, resource sharing, reliability and integrity.
2. What deficiencies within a system (such as a cryptocurrency network) can allow a sybil attack to occur?
Its decentralised, distributed nature. Local nodes within a peer-to-peer network replicate data to improve security and increase availability. For replication, this data must be placed on remote nodes. A Sybil attack infiltrates the network because a local node cannot distinguish if a remote node is honest. The local node believes it is placing data on several distinct remote nodes, when it’s really communicating with a single remote node presenting multiple fake identities. Blockchain data is impossible to fake though, so sybil attacks have limited effect. At worst, they can insert easily detected fake data, such as large transactions, that do not validate, or blocks that contain bad information.