Topic: Please help me solve the problem of trust - page 2. (Read 4652 times)

Yes, Ripplepay itself is a centralized thing, but the IDEA of what it is can be implemented in a decentralized manner.  Did you watch the Ripplepay introductory video???  All it takes is an algorithm analogous to finding the shortest route from City A to City B to find a ripplepay-like node route from Person A to Person B.  Coding this kind of thing into a peer-to-peer client should be fine.

I see a few problems with Ripplepay for solving the particular problem of trust rankings (please correct me if I misunderstand it):

1) It's centralized. You have to trust the Ripplepay people to be able to use the system. Correct?

2) I didn't see any mention of degrees of trust. Shouldn't trust be represented with shades of grey?

I envision a system such that when I can meet someone, I can 1) Verify their identity by asking for a signature. 2) Verify that they are trustworthy enough for the particular transaction we are partaking in. 3) Not have to find a mutually trusted third party for this to be possible.

They will have a public key (separate from their bitcoin addresses) which has a trust ranking. When you meet someone, ask for their public key. Check if it has a good trust rating. Ask them to send you a signed message containing their bitcoin address. That proves the person with the good trust rating owns that particular bitcoin address. Online wallets would need to allow you to sign the bitcoin addresses you send out.

Proving your identity is always going to involve signing messages. Services will need to allow this one way or another or you won't be able to know who you're dealing with.

I think it could be set up in such a way that the rating could be moved to another address using the private key from the rated address. Thus they could be confident that only the owner of the rated address could transfer ratings to his other address.


The rating system would have to require proof of work on the raters part, otherwise you could spam ratings using virtual machines to run multiple copies of the Bitcoin client and having them give false ratings, by requiring a certain amount of work to create a rating you would prevent, or at least make difficult, rating farming.

One problem with eBay is still hacked/sold/stolen accounts.

One time I "purchased" 100 nintendo DS consoles from a seller with 15,000+ 100% feedback .. was THIS CLOSE to sending them their payments... when I got an email from paypal/ebay security saying STOP, NO, DON'T!!! That account has been hacked!!!

So... you can never really trust anybody, when it comes to buying more than a chocolate bar that is.

If I want to sell you a house and royally fuck you in the process, I only need to "borrow" somebody's good name.

And how do you intend to tie these trust ratings to Bitcoin transactions? Remember that it's likely that people will use new addresses for each transaction, use online wallet services where they don't directly control the Bitcoin address, etc.

I apologize for not commenting directly on your solution, but here's an option:

http://bitcointraining.wordpress.com/2011/07/13/introducing-ripple-pay-with-bitcoin/

Dear Bitcoiners,

How do you know if you can trust 1CU8KRSTcrYKyjfeGRTjpJ1S57jViwqrnh? If you don't know the reputation of this person, you can't know if you can trust them. This problem doesn't just apply to bitcoin, but to any person or organization. Whenever you meet a stranger, you have no idea what their reputation is. I believe this is a giant problem---perhaps the biggest impediment to commerce anywhere, on the internet or in real life. We need a global record of reputation. eBay has solved this problem in a centralized way for their own service: Sellers have rankings. You can be pretty sure how trustworthy someone is based on their rating.

However, eBay ratings only work for eBay. We need a general purpose reputation tracking system. Users need to be able to specify how much they trust one another, then the trustworthiness of any other person can be computed based on the web of trust. It could be like the #bitcoin-otc web of trust. But it shouldn't be centralized, because we don't want to have to trust some arbitrary third party before knowing if we can trust the stranger we are interested in. We need a decentralized trust rating system. We need to solve the problem of trust in a decentralized way like bitcoin solved the problem of currency in a decentralized way.

Part of the problem is solved by using public/private key pairs to represent identity. A person can simply sign that they trust another person with a certain raiting between 0 and 1. Other people can confirm that only the person with the private key could have signed that rating. However, how do other people get the information about who you trust? We need some sort of decentralized information sharing service. BitTorrent exists for this purpose. Unfortunately, BitTorrent (so far as I'm aware) only works with static files. But who you trust will constantly change without end. Bitcoin technology might also work, if we could store trust ratings in an on-going block chain. Perhaps we could make a new currency, Trustcoin, to encourage miners to apply proof-of-work to the trust rating block chain.

I believe there is a simpler, more appropriate way to share information. We just need a broadcast network, where users log on to a channel, and broadcast messages. Just like bitcoin broadcasts transactions on a P2P network, we could broadcast trust ratings on a P2P network. However, there is no reason to limit a broadcast network to trust ratings. It could be a general purpose information broadcast system. Trust ratings would be just one of the things you could broadcast.

The problem with this is that any information broadcast network would likely be flooded with spam. We could possibly solve this problem by paying nodes to rebroadcast your message. But then you would have to know if you trusted them first, defeating the purpose of the network. We need nodes to rebroadcast messages without having to trust them first. Thus, we can use proof-of-work. Messages with higher proof-of-work are considered more valuable, and nodes will give preference to them when rebroadcasting. I have described this system, Proofnet, here: https://forum.bitcoin.org/index.php?topic=31038.0

The trust network will work by containing messages that say in effect "I, user with public key X, do hereby rate User Y with A" where A is a number between 0 and 1. Any user can then compute how much they should trust other users through the web of trust. So long as everyone is connected somehow, you could determine the likely trustworthiness of another user. (Ratings must be relative. Objective ratings are meaningless because anyone could create new identities and rate themselves up.) If User X trusts User Y with 0.9, and User Y trusts user Z with 0.5, then User X would know to trust User Z with about 0.45 that is, not very much). It would be more complicated than this in reality, because User X might be connected to User Z in more than one way. But this is not a problem, because all of this information would be valuable in helping User X decide if they trust User Z. If someone scams you, give them a rating of 0. Your friends will then know to avoid them. People would have an incentive to use this system, if it were popular, because they would want to increase their trust ratings so they could get more business.

The problem with a broadcast system is that you would need to be online continuously to record the trust ratings, or whatever other information was being broadcast. However, services could be established that record the broadcasts continuously, and you could download them from them. They could charge for this, but they might be willing to offer this service for free since trust ratings are a nice charity service to offer. And people who use the system would probably be willing to let you download their trust ratings and their friends' trust ratings directly. They would not be able to tamper with the ratings because the messages are signed.

This is the best solution to the problem of trust I have come up with. It involves broadcasting trust ratings, where identity is tracked by public keys. One public key signs their trust rating of another user, and gives it to everyone. For this to be possible, we must first have a broadcast network. So I have designed one, called Proofnet. I think the problem of trust is extremely important. This is the best solution I have come up with. If you have a better proposal, let's hear it.

Astrohacker