Trust is Risk

A decentralized financial trust platform

Orfeas Stefanos Thyfronitis Litos

Dionysis Zindros

Blockchain Lab - Edinburgh University 29/11/2018

Motivation

  • Decentralized marketplaces, e.g. OpenBazaar:
    • Anonymous purchases (can't call the cops!)
    • Can't just have simple stars + ratings!
      • Adversary can create 1,000,000 accounts (Sybil)
      • ...and 1,000,000 fake "good transactions"
    • Can we build it without fees?
    • We need decentralized reputation

An example purchase

Buyer - Dave

Vendor - Carol

Dave wants to buy sneakers from Carol

But who sends first?

Can't just use escrow: How to trust escrow?

A new type of wallet

You trust your money to your friends

You risk 60m฿ in exchange for being part of the network.

Bob: 24m฿

Charlie: 36m฿

Bob: 22m฿

Vendor: 6m฿

Charlie: 32m฿

Funds are redistributed

Your wallet decides how

Trust graph

  • Player = node
  • Direct trust (1-of-2 multisig) = directed edge
  • Weighted & directed graph

Turn Example

Steal(1,A)
Steal(1,A)Steal(1,A)
Add(4,C)
Add(4,C)Add(4,C)
Add(-1,B)
Add(1,B)Add(-1,B)
Add(4,C)
Add(4,C)Add(4,C)
Add(-1,B)
Add(1,B)Add(-1,B)
Steal(1,A)
Steal(1,A)Steal(1,A)

Desired properties

  • Risk Invariance

    • Risk to vendor ≤ risk to friends

  • Sybil Resilience

Indirect Trust intuition

  • Alice and Bob are strangers.
  • What's the worst that can happen to Alice if Bob is Evil?
  • He steals all his incoming direct trust.
  • Other players try to minimize losses.

Trust flow theorem

IndirectTrust_{A \rightarrow B} = maxFlow(A, B)
IndirectTrustAB=maxFlow(A,B)IndirectTrust_{A \rightarrow B} = maxFlow(A, B)

The Transaction Problem

maxFlow(
maxFlow(maxFlow(
,
,,
) = 2
)=2) = 2

Client

Vendor

1฿

฿

Risk Invariance theorem

  • Alice reduces direct trust to friends

  • She uses that money to pay Vendor

Risk (Alice → Vendor) before trade

=

Risk (Alice → Vendor) after trade

...

2฿

...

Sybil Attack

Collusion

Sybil Resilient!

More accounts don't increase incoming direct trust

Thank you!

Questions?

https://github.com/decrypto-org/TrustIsRisk

https://github.com/decrypto-org/TrustIsRisk.js

 

45DC 00AE FDDF 5D5C B988  EC86 2DA4 50F3 AFB0 46C7
<dionyziz@gmail.com>

5132 1DA9 DCCA 16B8 B2AC  7D7F D8E8 8F3A B8A0 CEA4
<o.thyfronitis@ed.ac.uk>

Security & Privacy Seminar 29/11/18

By orfeas

Security & Privacy Seminar 29/11/18

15' - 20' presentation + 5' - 10' questions

  • 691