Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: The Ghost Trilemma

Sulagna Mukherjee, Srivatsan Ravi, Paul Schmitt, Barath Raghavan

TL;DR

The Ghost Trilemma posits that three core properties of online identity—sentience ($S$), location ($L$), and uniqueness ($U$)—cannot be simultaneously verified in a fully decentralized system. The paper surveys the design space, threat models, and prior work across misinformation, trolling, and decentralized verification, then formalizes the intuition and sketches a proof sketch to justify the inherent tradeoffs. It proposes a prototype POS-based framework that anchors verification to trusted, distributed premises (e.g., POS devices and physical addresses) to achieve acceptable tradeoffs between centralization and decentralization while protecting privacy. The analysis discusses the robustness and cost implications of such schemes under adversarial pressure, offering pathways for incremental deployment and highlighting the persistent tension between verifiability, privacy, and inclusivity in open systems. Overall, the work provides a structured SoK for understanding why fully decentralized verification of sentience, location, and uniqueness remains elusive and how hybrid designs can deliver practical, privacy-preserving trust signals in real-world platforms.

Abstract

Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.

SoK: The Ghost Trilemma

TL;DR

The Ghost Trilemma posits that three core properties of online identity—sentience (), location (), and uniqueness ()—cannot be simultaneously verified in a fully decentralized system. The paper surveys the design space, threat models, and prior work across misinformation, trolling, and decentralized verification, then formalizes the intuition and sketches a proof sketch to justify the inherent tradeoffs. It proposes a prototype POS-based framework that anchors verification to trusted, distributed premises (e.g., POS devices and physical addresses) to achieve acceptable tradeoffs between centralization and decentralization while protecting privacy. The analysis discusses the robustness and cost implications of such schemes under adversarial pressure, offering pathways for incremental deployment and highlighting the persistent tension between verifiability, privacy, and inclusivity in open systems. Overall, the work provides a structured SoK for understanding why fully decentralized verification of sentience, location, and uniqueness remains elusive and how hybrid designs can deliver practical, privacy-preserving trust signals in real-world platforms.

Abstract

Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.
Paper Structure (53 sections, 1 theorem, 1 figure, 8 tables)

This paper contains 53 sections, 1 theorem, 1 figure, 8 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Context
  4. Misinformation and disinformation
  5. Growth of troll farms
  6. Identifying trolls
  7. Case Study: Identifying Trolls
  8. Design Space
  9. Grounding the Intuition
  10. Sentience
  11. Location
  12. Uniqueness
  13. Digitizing Democracy
  14. Detecting Social Media Trolls
  15. Establishing Remote Client Location
  16. ...and 38 more sections

Key Result

Theorem 1

Consider a verifier $\mathcal{V}$ and an asynchronous decentralized system with permissionless participation for its participants. Then, without a honest majority of participants, it is impossible for $\mathcal{V}$ to confirm sentience, location, and uniqueness in finite time with respect to $\mathc

Figures (1)

  • Figure 1: Point-of-Sale verification design sketch.

Theorems & Definitions (4)

  • Definition 1: Attributing Sentience
  • Definition 2: Attributing Location
  • Definition 3: Attributing uniqueness
  • Theorem 1: Ghost Trilemma