Sorry for the massive quote but I'm on my phone...
Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.
With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:
1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology
I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.
I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.
My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.
latency isn't accurate, stable or dependent on one variable like geography. On top of that, by itself, it can be spoofed to the extent a fake node can delay communication to reach a known latency.
But, in a bigger picture of a network, average latency over time can be a means to confirm that node X is probably node X, if attested by node N1 attesting its latency is in normal range, N2 attesting it is normal, N3 saying it is near normal, where N1, N2 and N3 are known nodes who's public keys you posses. Node X can pass these attestations to you, provable by the signatures of N1, N2 and N3.
But then we have to trust N1, N2, and N3, who would all have to be presumably verified by N4, N5, and N6, and so on. Does this bootstrap in a decentralized manner?
Yeah, but you trust N1-3 enough to vouch for X because:
- You connected to them previously from a "trusted" network (your home), whereas now you're connected to X from an "untrusted" network, such as a wifi hotspot in a cafe.
- No one is vouching for trustworthiness, per se. They are only vouching that the latency of X is within historical norms since T (time), and they know other facts about X, such as how long they've "known" X and other things they have learned about X.
The bottom line is if you're trying to detect the integrity of a node you're talking to, you are asking peers that have talked to that node in the past that you've talked to in better contexts. Each node can track latency, uptime, etc, on all the nodes they talk to. They don't have to share details, just how normal it is.
To be sure, you can't 100% trust any node. That's not the goal. You're just trying to make it more difficult for someone to create a fake bitcoin network on a wifi spot they are hosting. This can make it virtually impossible to pop up a bunch of new nodes with no history on the bitcoin network, or to bring them up and down. Does it rule out every type of node fraud? No, but it makes it much harder. You'd have to create a history on the network with your nodes. And, as soon as your nodes are identified as bad, that history would become moot, requiring a new history.
You are creating higher credibility for nodes with a HISTORY of uptime, consistent latency with its peers, and presence on the blockchain over those that are new, credibility you'd primarily use when on an untrusted local network and you need transaction confirmation quickly, the scenario Mike is trying to address with passports.
This is not the same as real world trust networks. This is based purely on network data, with the network reinforcing itself, increasing its own integrity dynamically. This is still conducive to a trustless network so long as you don't make it part of your core, but an add-on to offset those times when you can't otherwise trust the network and nodes you are currently talking to without a historical linkage.