Creating node identities is cheap, and thus an attacker can attempt to flood the network with identities in what is known as a Sybil attack. Every DLT bases its security on a Sybil protection mechanism which prevents an attacker from gaining undue influence over the network through the creation of multiple identities. Proof of Work and Proof of Stake are examples of Sybil protection mechanisms.
In IOTA, we use mana. When a value transaction is processed, a quantity called mana is “pledged” to a node ID chosen by the token holder. This quantity is related to the amount of iota moved in the transaction. The mana pledged to each node ID is stored as an extension of the ledger.
The only way to gain mana is to convince some token holder to pledge it to you. In this sense, mana is Delegated Proof of Token Ownership. Mana, therefore, provides adequate Sybil protection because it is difficult to acquire it in arbitrary amounts.
The pledging process is performed twice: token holders pledge consensus mana to nodes wishing to participate in the consensus, and they pledge access mana for nodes wishing to access the network. This is done in order to ensure maximal freedom and security in the network.
Because the incentives for security and access can potentially be at odds, this separation ensures that users will always be able to act in a way that best secures the network, while preserving their freedom to allocate access according to their economic interests. Token holders can lease their access mana to any node wanting to access the network, while pledging their consensus mana to a trustworthy node who will validate the network.
Mana is used in the following modules:
Autopeering: Mana (both access and consensus) prevents an attacker from filling the lists of potential peers with his fake nodes, allowing nodes to easily find honest peers.
Tangle access: The access mana held by a node determines how many messages it can issue relative to the total network throughput, guaranteeing fair access and preventing attackers or selfish nodes from monopolizing the available throughput.
- Consensus modules:
- Votes in FPC are weighted by consensus mana, preventing an attacker from manipulating the outcome.
- A committee of high consensus mana nodes issue random numbers in the dRNG.
- Consensus mana is used to compute the finality of a message: A message is final when it is indirectly referenced by enough nodes, weighted by their mana.