Orfeas Stefanos Thyfronitis Litos
Dionysis Zindros
Financial Cryptography 2017
Buyer - Dave
Vendor - Carol
Bob wants to buy sneakers from Alice
But who sends first?
Can't just use escrow: How to trust escrow?
You risk 60m฿ in exchange for being part of the network.
Bob: 24m฿
Charlie: 36m฿
Bob: 22m฿
Vendor: 6m฿
Charlie: 32m฿
Example:
Alice trusts Bob with 5m฿. Both Alice & Bob can spend.
Bitcoin graph
Trust Is Risk graph
Alice trusts Bob will not steal 5m฿ from her.
1-of-2 multisig
is the maximum loss Alice can suffer if:
We call this a Transitive Game.
Treat Direct Trusts as graph capacities.
Proof intuition:
Client
Vendor
1฿
฿
...
2฿
...
฿
...
2฿
...
฿
...
1฿
...
฿
...
1฿
...
฿
Risk exposure of Alice to Vendor before
=
Risk exposure of Alice to Vendor after
Collusion = Corrupted Set ∪ Sybil Set
Corrupted Set: Originally trustworthy players, now compromised by Eve. Honest players may directly trust them.
Sybil Set: Players fabricated by Eve. No honest players directly trust them.
Collusion
Proof intuition:
MaxFlow cannot be increased by adding nodes without incoming direct trusts.
Collusion
It's pointless for an attacker to create multiple accounts!
https://github.com/decrypto-org/TrustIsRisk
https://github.com/decrypto-org/TrustIsRisk.js
45DC 00AE FDDF 5D5C B988 EC86 2DA4 50F3 AFB0 46C7
<dionyziz@gmail.com>
FB61 4CCD 94E1 9201 D144 8D5A 9481 00FD BA28 707E
<orfeas.litos@hotmail.com>