FPC - overquery protection

In FPC nodes query other nodes at random. This enables an attack vector, where malicious nodes can overquery honest nodes. The following methods have been suggested to counter this issue:

Statistical detection
A node can predict, how often it should get queried, and record which nodes queried it (see “Description of the node query anti-spamming rules“). By analyzing recorded statistical data nodes can prove that certain nodes have overqueried (given that nodes have to sign their queries) and that these should be blacklisted or noted for further observation.

Limiting the list of queryable nodes
We can also limit the group a node can query in a given round. This is a viable option, since simulation results showed that as long as the subgroup selection is done in a completely random manner FPC performs very well even if the subgroup is very small. In effect if the subgroup is equal to k the protocol becomes similar to CA on a k-regular graph. In the document “On the safety in FPC via quasi-deterministic query“, a method is suggested, employing the dRNG to derive publicly known random distances between nodes each FPC-round. A querying node can then be black-listed (or reported), if its distance is too large to query a given node.

Attacker spams many node identities - Reputation system
An attacker may also spam a large amount of nodes. It is not clear whether any of the above approaches can detect nodes in such a setting, since the adversary can alternate between the nodes in such a manner that no statistical footprint is left (in the first method) or has always some nodes that are close to a given node (in the second method). As a mechanism against this it is proposed to require a minimum amount of mana and a minimum time of a node in the network.

Open questions: What is the communication overhead for the above mechanism and is it scalable? So far it is not clear, whether the reputation / time system is enough to prevent sybil nodes sufficiently well. Furthermore, it is not clear whether the level at which a required mana-minimum would be effective also makes it unreasonably expensive for honest node operators to participate in the network.