Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. We examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.

翻译：虚假用户、机器人和僵尸账号扭曲了在线讨论，危及网络平台的安全性。用户身份是这些场景中攻击与操纵载体的核心。然而，长久以来，尽管安全社区不断努力，似乎仍无法遏制此类问题的蔓延。我们提出"幽灵三难困境"：在完全去中心化环境中，身份的三大关键属性——感知能力、位置和唯一性——无法同时得到验证。许多完全去中心化系统（无论是用于通信还是社交协调）都以某种方式（或许是无意中）面临这一三难困境。我们审视了设计空间、应用场景、现有方法的问题以及可能的解决路径。我们勾勒出该三难困境的证明轮廓，并概述了实际、可逐步部署的方案选项，以在信任中心化锚点、去中心化操作、抵御各类攻击能力及保护用户隐私之间达成可接受的权衡。