Collusion attacks described above cannot be prevented other than by a culture of honest behaviour. They have minimal returns, the fake accounts gained is percentageColluding^2 and scale with an inverse square law, and the protocol considers them to be allowed and an unavoidable (and minimal) cost. Man in the middle attacks on the other hand, are entirely defendable. There are different ways to defend against that attack, I will here describe the one I think works best for the protocol.
Man in the middle attacks are well known in communication systems such as key exchange protocols. One approach to defend against them is by using a third party to authenticate the channel. The defense protocol I prefer for Pseudonym Pairs relies on a form of third party authentication, but in contrast to a certificate authority in key exchange protocol, the third party here is another person within the Pseudonym Pairs population.
The pair agrees on a third party authenticator, and they do so in a way the man in the middle can not attack or interfere with. This is done through a perfectly secure “random number generator”, the pair agrees on a random number through a commit-reveal scheme. This number is used to select a random person from the population, and the person is requested to authenticate the pair by joining their video conference for a short period in the beginning of the event. It is impossible for the man in the middle to attack this.
With this defense protocol, it is assumed that the first minutes are expected to include this authentication ritual as part of the pseudonym event ritual. This also fits with the notion that people can “dispute” their pair which is usually intended to happen during the first few minutes of the event, the beginning of the event becomes a period when people make sure everything is in order for the pseudonym event ritual to take place.
I prefer this approach not because it is secure (technically this is overkill security and minimal defense is preferable) but because it is psychologically easier for people to interact with another person as the authenticator, rather than some complex “puzzle”.