I've been thinking about it for months, and I don't know how to write this out properly, so I'm just going to give an example and hopefully people will understand it.
A little background... I have been fascinated with the concept of truly decentralized anonymous online marketplaces, but there are inherent flaws in all of the ones I've examined so far which imposes considerable risk to both the vendors and consumers participating in them.
I think most of all of the problems can be related to a few simple things:
1) Imperfect privacy
2) Collusion
3) Sybil attacks
At first I started looking for obvious solutions... Notably:
1) Use currencies with better anonymity such as ZeroCash
2-3) Use better trust systems such as EigenTrust
Now, I don't think pursuing these solutions is a bad idea. However, they're far from perfect solutions when you start to examine how all of this fits together in practice from a consumer and vendor's perspective.
For example, you might imagine that in a decentralized marketplace the purchasing process looks something like this:
1) A vendors puts up a bond
2) A vendor places an item for sale
3) A consumer sends currency to the vendor's currency account
4) The same consumer asymmetrically encrypts their shipping address and sends it to the vendor
5) The vendor decrypts the consumer's message into plaintext and then ships a package to the consumer
In this scenario, all of the privacy of the software falls apart at step #4 and after. This is because the consumer must divulge identifying information to the vendor - their location, and to avoid suspicion from the government (i.e., USPS), presumably they would be sharing their name with the vendor as well.
These aren't minor leaks in privacy. Assuming the vendor takes reasonable precautions before sending the mail (such as sending from random places every time), the consumer is still at considerable risk of being identified by both the vendor and the government (i.e., USPS).
Good rating systems will reduce the likelihood of a vendor abusing this information, but that still leaves the government as a privacy leak. Furthermore, since many vendors are likely to be using the government for shipping, or even if they used private companies such as FedEx or UPS, then this system is gradually losing centralization and the privacy leak is exponentially greater. At least in the case of vendors, the privacy leak is likely to be stopped early due to the reliability of rating systems.
So let's examine the larger problem - the government (USPS). If you start to look at the USPS as a system, as you would software, you'll realize that it functions a lot like the internet. A package will relay between several different locations before it reaches a final destination. The USPS can easily determine where it originated (most likely a relatively random place, if the vendor took decent precautions) and where the final destination is (the consumer).
But what if the origin and destination of the shipment were bogus? What if it were possible to randomly send a package to a stranger, and know that same stranger will unknowingly send it to another stranger who unknowingly sends it to another, who eventually unknowingly sends it to the real recipient?
It's actually pretty easy to come up with a way to do this in a p2p network. However, it gets tricky when you take into account the individual motives, incentives, and decisions of the random participants in the transaction. You can't trust them. Thus, the trick was designing a properly incentivized, collusion resistant, and scalable method for anonymously and reliably orchestrating real world tasks between three or more random peers in a peer-to-peer network without trust, rating systems, and custodial third parties.
Now when I thought of this, I was initially only intending on solving this one problem (anonymizing the U.S. Postal Service) -- but as it turns out, I quickly realized that this algorithm is probably much farther reaching than just this. Thus, the appropriate name for it is...The Death Note Incentive System.
Here is how it would work:
A sender would map out an anonymous route, comprised of "nodes". Nodes are random, incentivized, voluntary participants (peers) in this p2p network who know nothing about the sender, the real recipient, nor any other nodes in the transit.
A couple of prerequisites:
1) The route has to be orchestrated in reverse order for this system to work.
2) There must be at least one node randomly selected who is not the real recipient, but there is no maximum limit.
3) Although this algorithm is going to be explained in terms of how it is unobtrusively applied to the U.S. Postal Service, please contemplate that you are orchestrating real world instructions between random peers in a network yet it requires no trust.
The first step is to sign a digital smart contract with the destination node (recipient). In this contract, both you (the sender) and the recipient would each put up a bond totaling the value of the package. For this same contract, you (the sender) would generate a random private/public key pair. The public key would be a part of the contract and signify how the funds can be released (only by publishing a transaction with a signature verifiable by the included public key).
The recipient would also generate a random private/public key pair. The public key would not be included in this contract. Instead, it would be encrypted and sent to the sender.**
Now you both have a bond equal to the package value locked in a smart contract. The sender controls the private key to release the bonds. The recipient holds a private key as well and sends the public key associated with it to the sender.
Now the sender would choose a random peer (note: this step can repeated as many times as desired, but at least one selection required). The sender would propose entering into a smart contract with the peer that works like this:
The peer would put up a bond for the value of the package (the peer does not know about the package, only that he/she must put up a bond of X value -- the value must be equivalent to the economic worth of the package). The sender would also put up a bond for the value of the package PLUS a commission value (incentive) that is redeemable to the peer when the contract bonds are released. This commission should be greater than the postage costs the peer will incur when delivering to the recipient.
The public key that the recipient sent to the sender after signing the previous contract will be referenced in this new contract. A signature from the private key associated with that public key (which the recipient controls) will release the bond.
Over a secure channel, the sender tells the peer the recipient's address and instruct the peer to deliver the package to that address after the peer receives the package.
The sender now sends the package to the peer. The peer receives the package. The peer sends it to the recipient. The recipient confirms the package has been delivered and signs a transaction with the private key he/she controls to release the bonds associated with the peer's and sender's contract. The peer receives commission for his/her participation and knows nothing about the sender and recipient. The recipient may not be the real recipient, and could just be another peer in the network who will repeat the same instructions to another peer or real recipient.
After the final recipient confirms the package was delivered, he/she informs the sender over a secure channel. The sender, using the private key known only to him associated with the sender-recipient contract, publishes a transaction to release the bonds the sender and recipient have put up.
With the conclusion of this transaction, the sender has anonymously orchestrated real world actions between random peers in a network with no trust. In a way where no peer has any advantage to collude with any other peer (it would cost them their bonds with nothing to gain) and the sender has no incentive to scam the recipient or any other node, as the sender has one bond of the package value associated with every peer in the chain.
Sybil attacks are obsoleted as no peer has a reputation to hinder, only a bond to protect. Execution haste and reliability among peers is incentivized so that the peers can acquire their bonds ASAP and not lose them.
Please review this system and let me know your thoughts.
Below are two graphs. The first shows the simplest chain and the second shows how you would start to scale to larger chains.
Thank you.