Trust is Risk
A decentralized financial trust platform
Orfeas Stefanos Thyfronitis Litos
Dionysis Zindros
Blockchain Lab - Edinburgh University 29/11/2018
Motivation
- Decentralized marketplaces, e.g. OpenBazaar:
- Anonymous purchases (can't call the cops!)
-
Can't just have simple stars + ratings!
-
Adversary can create 1,000,000 accounts (Sybil)
-
...and 1,000,000 fake "good transactions"
-
Adversary can create 1,000,000 accounts (Sybil)
-
Can we build it without fees?
-
We need decentralized reputation
An example purchase
Buyer - Dave
Vendor - Carol
Dave wants to buy sneakers from Carol
But who sends first?
Can't just use escrow: How to trust escrow?
A new type of wallet
You trust your money to your friends
You risk 60m฿ in exchange for being part of the network.
Bob: 24m฿
Charlie: 36m฿
Bob: 22m฿
Vendor: 6m฿
Charlie: 32m฿
Funds are redistributed
Your wallet decides how
Trust graph
- Player = node
- Direct trust (1-of-2 multisig) = directed edge
- Weighted & directed graph
Turn Example
Steal(1,A)
Steal(1,A)
Add(4,C)
Add(4,C)
Add(-1,B)
Add(−1,B)
Add(4,C)
Add(4,C)
Add(-1,B)
Add(−1,B)
Steal(1,A)
Steal(1,A)
Desired properties
-
Risk Invariance
-
Risk to vendor ≤ risk to friends
-
-
Sybil Resilience
Indirect Trust intuition
- Alice and Bob are strangers.
- What's the worst that can happen to Alice if Bob is Evil?
- He steals all his incoming direct trust.
- Other players try to minimize losses.
Trust flow theorem
IndirectTrust_{A \rightarrow B} = maxFlow(A, B)
IndirectTrustA→B=maxFlow(A,B)
The Transaction Problem
maxFlow(
maxFlow(
,
,
) = 2
)=2
Client
Vendor
1฿
฿
Risk Invariance theorem
-
Alice reduces direct trust to friends
-
She uses that money to pay Vendor
Risk (Alice → Vendor) before trade
=
Risk (Alice → Vendor) after trade
...
2฿
...
Sybil Attack
Collusion
Sybil Resilient!
More accounts don't increase incoming direct trust
Thank you!
Questions?
https://github.com/decrypto-org/TrustIsRisk
https://github.com/decrypto-org/TrustIsRisk.js
45DC 00AE FDDF 5D5C B988 EC86 2DA4 50F3 AFB0 46C7
<dionyziz@gmail.com>
5132 1DA9 DCCA 16B8 B2AC 7D7F D8E8 8F3A B8A0 CEA4
<o.thyfronitis@ed.ac.uk>
Security & Privacy Seminar 29/11/18
By orfeas
Security & Privacy Seminar 29/11/18
15' - 20' presentation + 5' - 10' questions
- 692