You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WoT is a great alternative to tokenomics, but it seems blockchains currently offer more anonymity. The problem with pseudo-anonymity is that accumulating trust takes time and this usually destroys anonymity.
Russia and China have been testing to cut off global internet, and for a user of a censorship-resistant protocol leaking IP address along with a high reputation identity might lead to arrests.
Blind signature. That zkp algorithm provides a way to prove trustworthiness, ie. certificate chains, and blind signature could then be used to issue trust.
Ring signature. It should mix trust in a public WoT while keeping trust graph open. We calculate trust based on groups and estimate trust scores of individuals. However, under some circumstances it can be statistically analyzed.
Mercurial signature.
WoT is one of the solutions to decentralized reputation system (usually pseudo-anonymous but here we need anonymity). Maybe there can be alternative ways as long as they sum up people's attitude with authenticity.
This is a scheme similar to zerocash, which proves ownership by showing a Merkel Dag contains some commitment, and the proof can be generated only if one knows the secret. The main difference is that WoT is subjective and partition tolerant.
Each peer announces what she trust by showing a Merkel Dag of commitments. And she shows her commitment to others so that other people can include her commitment into their Merkel Dag (to express trust), and remove her commitment when they want (to prune expired commitment).
To prove one's trustworthiness to someone, she generate a zksnark proof to prove that the verifier's Merkel Dag contains her commitment and she knows how that commitment is computed (only she can generate the proof since commitment is usually a hash of some secret) without telling which one, hence avoiding de-anonymization.
A possible attack to de-anonymize is to intentionally generate DAGs that contain her commitment and DAGs that don't. Since she can't generate proofs for the latter it reveals her relationship with specific commitment (which the attacker didn't know) This problem doesn't exist when there's a common ledger. The probability difference comes from the fact that she certainly can't generate proof of trust for random DAGs.
We calculate transitive trust given the method to calculate one-to-one trust. Also, one could announce different commitments for different sessions and show different DAGs, and the secret behind commitment can be shared. And one could transfer tokens (basically everyone holds a ledger anyway)
In practice, proofs should be generated as few as possible and range-proof one's trust (like proving balance) to avoid statistical analysis. It's anonymous enough when the Merkel Dag contains enough items. Ideally one proves to a single Dag and others acknowledge this since they already trust each other.
Anonymity here means unlinkability of pseudo-anonymous identities. When someone sends her commitment to a peer, her pseudo-anonymous identity at the moment is certainly linked with that commitment. In conclusion knowing more secrets that are acknowledged via inclusion of commitments, means more reputation. For a session one shows three things, DAG, zkp trustworthiness proof and commitment(s). Avoid repeatedly proving to maintain anonymity set, and a verifier should collect as many trustworthy commitments as possible, and calculate the respective trust score for a commitment so that for a proof she know most commitments that the proof's DAG contains.
Somehow instead of users now commitments form a graph, since for each session the user shows a commitment to be trusted and a set of commitments she trusts and the proof itself can't change the scores of WoT. Then the graph of commitments can be called WoT, which is subjective since the user directly chooses some commitments to trust and transitive trustworthiness scores are calculated afterwards. While each peer keeps a calculated mapping of commitments to their trust scores, few global mappings are also produced (along with global DAGs so less proofs are needed) The prover proves that a DAG contains some commitments and the values of respective commitments in the mapping add up to be greater than some trust value
A prover could optionally reveal her SN number, and prove her commitment is not in the Merkel tree of spent commitments. This ensures the actor can be distrusted when others want to. Along with the revealed SN number, she announces a replacement commitment so she can start new sessions anonymously if not being distrusted. Then some commitments end up unusable, so we add expiration dates, and nodes renew their commitments periodically.
To start a session account (anonymous user)
ZKP proof of trust, computed against verifier's or well-known or custom Merkel DAG of commitments
Commitments, proven to be owned by this user in the same proof binary, which has a public output that acknowledges a publickey as the session publickey.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
WoT is a great alternative to tokenomics, but it seems blockchains currently offer more anonymity. The problem with pseudo-anonymity is that accumulating trust takes time and this usually destroys anonymity.
Russia and China have been testing to cut off global internet, and for a user of a censorship-resistant protocol leaking IP address along with a high reputation identity might lead to arrests.
We need a way to provide unlinkability.
WoT is one of the solutions to decentralized reputation system (usually pseudo-anonymous but here we need anonymity). Maybe there can be alternative ways as long as they sum up people's attitude with authenticity.
Modified Zerocash to form WoT
https://ieeexplore.ieee.org/document/6956581
This is a scheme similar to zerocash, which proves ownership by showing a Merkel Dag contains some commitment, and the proof can be generated only if one knows the secret. The main difference is that WoT is subjective and partition tolerant.
Each peer announces what she trust by showing a Merkel Dag of commitments. And she shows her commitment to others so that other people can include her commitment into their Merkel Dag (to express trust), and remove her commitment when they want (to prune expired commitment).
To prove one's trustworthiness to someone, she generate a zksnark proof to prove that the verifier's Merkel Dag contains her commitment and she knows how that commitment is computed (only she can generate the proof since commitment is usually a hash of some secret) without telling which one, hence avoiding de-anonymization.
A possible attack to de-anonymize is to intentionally generate DAGs that contain her commitment and DAGs that don't. Since she can't generate proofs for the latter it reveals her relationship with specific commitment (which the attacker didn't know) This problem doesn't exist when there's a common ledger. The probability difference comes from the fact that she certainly can't generate proof of trust for random DAGs.
We calculate transitive trust given the method to calculate one-to-one trust. Also, one could announce different commitments for different sessions and show different DAGs, and the secret behind commitment can be shared. And one could transfer tokens (basically everyone holds a ledger anyway)
In practice, proofs should be generated as few as possible and range-proof one's trust (like proving balance) to avoid statistical analysis. It's anonymous enough when the Merkel Dag contains enough items. Ideally one proves to a single Dag and others acknowledge this since they already trust each other.
Anonymity here means unlinkability of pseudo-anonymous identities. When someone sends her commitment to a peer, her pseudo-anonymous identity at the moment is certainly linked with that commitment. In conclusion knowing more secrets that are acknowledged via inclusion of commitments, means more reputation. For a session one shows three things, DAG, zkp trustworthiness proof and commitment(s). Avoid repeatedly proving to maintain anonymity set, and a verifier should collect as many trustworthy commitments as possible, and calculate the respective trust score for a commitment so that for a proof she know most commitments that the proof's DAG contains.
Somehow instead of users now commitments form a graph, since for each session the user shows a commitment to be trusted and a set of commitments she trusts and the proof itself can't change the scores of WoT. Then the graph of commitments can be called WoT, which is subjective since the user directly chooses some commitments to trust and transitive trustworthiness scores are calculated afterwards. While each peer keeps a calculated mapping of commitments to their trust scores, few global mappings are also produced (along with global DAGs so less proofs are needed) The prover proves that a DAG contains some commitments and the values of respective commitments in the mapping add up to be greater than some trust value
A prover could optionally reveal her SN number, and prove her commitment is not in the Merkel tree of spent commitments. This ensures the actor can be distrusted when others want to. Along with the revealed SN number, she announces a replacement commitment so she can start new sessions anonymously if not being distrusted. Then some commitments end up unusable, so we add expiration dates, and nodes renew their commitments periodically.
To start a session account (anonymous user)
Beta Was this translation helpful? Give feedback.
All reactions