Topic: BitTrust coins ? Is is possible to make a P2P trust system like bitcoin ? (Read 1895 times)

True, using a system outside of Bitcoin itself, opens you up for loads of theoretical and presumably also a couple of real life attacks. Using PGP however does allow establishing trust in a certain way: a bitcoin address signed by a PGP key held by a friend, or a friend of a friend, should indicate that there's a kind of trustworthiness associated with that bitcoin address. After all, the one who holds the PGP private key has announced the authenticity or ownership of that particular bitcoin address.

Now, it could be that the private PGP key is compromised. In that case the original owner should have revoked the PGP key, thereby revoking the associated trust. Also, if an attacker gains access to your private PGP key, there would usually be very little between him and your bitcoin wallet as well, so a compromised PGP key would most likely mean your bitcoin wallet is compromised as well.

But you can't prove that the owner of the PGP key is the same as the owner of the bitcoin address, because the bitcoin address is the public key of the keypair.  What is to say that you try to spoof someone into thinking that you own an address belonging to someone else by taking one of their addresses and signing it?  I don't know why someone would want to do such a thing, but it could form the basis of a 'man in the middle' attack.

That's an excellent idea!  Is there any reason that a function or another program can't be developed to access the wallet file and use those keypairs to sign arbitrary data, such as an email?

Wouldn't it be easiest to simply use PGP for this? If someone posts or emails his Bitcoin address and signs the message with his private PGP key, you can determine whether you trust the identity and trustworthiness associated with said PGP key (and web of trust) and therefore whether you trust the bitcoin address itself.

A half-baked thought that's been bouncing around my head for the last couple of days:

One piece of functionality missing from bitcoin is the ability for somebody to prove that they own a certain bitcoin address.

I'm thinking that if there was a way to ask bitcoin to:
  1) Sign an arbitrary bunch of data with a bitcoin address' private key, and return the signature.
  2) Take a bitcoin address and signed data and verify that the signature is valid.

... then maybe that could function as the building block allowing webs of trust to develop in an application independent of 'core bitcoin'.

And secure, pseudo-anonymous communication between people who know only each other's bitcoin addresses.  And probably a bunch of other interesting things I haven't thought of.

Trust is something that can be created and destroyed at will, plus it's subjective, so it doesn't make sense to have a market in trust.

Oh, a similar different network, not a thing attached to this one.

You mean the coins themselves would be generated by people's claims of trust?

If you think about it regular bitcoin is a little bit like that but for all 'value' instead of merely 'trust'. If someone has bitcoins it means they supported the network and/or did something for someone else who did or are trusted by them.

Even if you made a system intended for indicating trust only people could use it for trade and now it would represent trust and value anyway.

In conclusion, I think we are already implementing your idea. If not, maybe you could highlight what could be different.

I don't know if You are referring to him or to me, but to be clear, i was wondering if is it possible to create crypto-"trust coins" that can be distributed using anonymous network similiar way as BitCoins are.

The main way you are going to get burned would be non-payment. There wouldn't be anything to rate. Maybe I don't understand what you mean though.

Depends how it's done.

There's what I would call the static trust model. This is the one most commonly found on the web. It's used by Ebay, Amazon, Web of Trust, and many others.  The trustworthiness measure is simply a constant assigned to each agent.  The number is some sort of average of ratings of all people who have done business with that agent, perhaps weighted according to the size of the transaction or the trustworthiness of the payer.

This static model would not work with Bitcoin because Bitcoin is anonymous. There is no way of proving whether bitcoin address X belongs to person Y. If you allowed static rating of bitcoin addresses people would simply create new adresses and inflate their rating by sending money to themselves.

Then there is what I would call the network trust model. The trustworthiness measure of each agent is not a constant but a function of your location in the network. The idea is that a bitcoin address would only show up as trustworthy to you if it has been rated trustworthy by address owners that you yourself have rated trustworthy.   

This model would work well for bitcoin IMO. It's similar to a social network except that you can have "relationships" with anonymous users, and the relationship strength depends on transaction size and how long you have been doing business with them.

Hello,

I was wondering. Strictly theoretically - is it possible to create a user-trust system linked with bitcoin so that the person who is sending money can rate the other side of transaction ?

I mean it would be cool if it was possible, because IMHO that's the only thing that's stopping Bitcoin from becoming most awesome.