ShadowOfHarbringer (OP)
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 01, 2010, 08:10:41 AM |
|
Hello,
I was wondering. Strictly theoretically - is it possible to create a user-trust system linked with bitcoin so that the person who is sending money can rate the other side of transaction ?
I mean it would be cool if it was possible, because IMHO that's the only thing that's stopping Bitcoin from becoming most awesome.
|
|
|
|
Timo Y
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
October 01, 2010, 08:51:06 AM |
|
Depends how it's done.
There's what I would call the static trust model. This is the one most commonly found on the web. It's used by Ebay, Amazon, Web of Trust, and many others. The trustworthiness measure is simply a constant assigned to each agent. The number is some sort of average of ratings of all people who have done business with that agent, perhaps weighted according to the size of the transaction or the trustworthiness of the payer.
This static model would not work with Bitcoin because Bitcoin is anonymous. There is no way of proving whether bitcoin address X belongs to person Y. If you allowed static rating of bitcoin addresses people would simply create new adresses and inflate their rating by sending money to themselves.
Then there is what I would call the network trust model. The trustworthiness measure of each agent is not a constant but a function of your location in the network. The idea is that a bitcoin address would only show up as trustworthy to you if it has been rated trustworthy by address owners that you yourself have rated trustworthy.
This model would work well for bitcoin IMO. It's similar to a social network except that you can have "relationships" with anonymous users, and the relationship strength depends on transaction size and how long you have been doing business with them.
|
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1016
Strength in numbers
|
|
October 01, 2010, 09:39:08 AM |
|
The main way you are going to get burned would be non-payment. There wouldn't be anything to rate. Maybe I don't understand what you mean though.
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
ShadowOfHarbringer (OP)
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 01, 2010, 09:47:06 AM |
|
The main way you are going to get burned would be non-payment. There wouldn't be anything to rate. Maybe I don't understand what you mean though.
I don't know if You are referring to him or to me, but to be clear, i was wondering if is it possible to create crypto-"trust coins" that can be distributed using anonymous network similiar way as BitCoins are.
|
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1016
Strength in numbers
|
|
October 01, 2010, 10:12:13 AM |
|
The main way you are going to get burned would be non-payment. There wouldn't be anything to rate. Maybe I don't understand what you mean though.
I don't know if You are referring to him or to me, but to be clear, i was wondering if is it possible to create crypto-"trust coins" that can be distributed using anonymous network similiar way as BitCoins are. Oh, a similar different network, not a thing attached to this one. You mean the coins themselves would be generated by people's claims of trust? If you think about it regular bitcoin is a little bit like that but for all 'value' instead of merely 'trust'. If someone has bitcoins it means they supported the network and/or did something for someone else who did or are trusted by them. Even if you made a system intended for indicating trust only people could use it for trade and now it would represent trust and value anyway. In conclusion, I think we are already implementing your idea. If not, maybe you could highlight what could be different.
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
Timo Y
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
October 01, 2010, 10:22:21 AM |
|
The main way you are going to get burned would be non-payment. There wouldn't be anything to rate. Maybe I don't understand what you mean though.
I don't know if You are referring to him or to me, but to be clear, i was wondering if is it possible to create crypto-"trust coins" that can be distributed using anonymous network similiar way as BitCoins are. Trust is something that can be created and destroyed at will, plus it's subjective, so it doesn't make sense to have a market in trust.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5418
Merit: 13499
|
|
October 01, 2010, 03:41:57 PM |
|
You could build an anonymous trust system by combining some aspects of BitCoin with a web of trust. In this system, anyone would be able to send as many "trust coins" as they want to other identities, but how many of these transactions you view as valid would depend on who you trust in the network. You might say that certain identities can send unlimited coins, while others can send up to 50. No identity would have an objective balance -- the balance would be determined entirely by how you process the public list of transactions.
Example: -You know Identity A personally, so you allow him to send unlimited trust coins. -He buys a CD from Identity B. Since it went OK, A sends B 100 trust coins. -Randomly and over a long period of time, B sends these coins to addresses he controls. It is impossible for an observer to know whether any of these transactions were to real people or not, so B has plausible deniability. (This is clearly more secure if there are more real people between B and you, though.) -B wants to sell you heroin online. To prove his legitimacy, he tells you one of his anonymized trust addresses. When you enter it into your software, you see that he has a number of trust coins, somehow gotten from your trusted peers (possibly in a very indirect way, but directly in this case).
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2311
Chief Scientist
|
|
October 01, 2010, 04:50:41 PM |
|
A half-baked thought that's been bouncing around my head for the last couple of days:
One piece of functionality missing from bitcoin is the ability for somebody to prove that they own a certain bitcoin address.
I'm thinking that if there was a way to ask bitcoin to: 1) Sign an arbitrary bunch of data with a bitcoin address' private key, and return the signature. 2) Take a bitcoin address and signed data and verify that the signature is valid.
... then maybe that could function as the building block allowing webs of trust to develop in an application independent of 'core bitcoin'.
And secure, pseudo-anonymous communication between people who know only each other's bitcoin addresses. And probably a bunch of other interesting things I haven't thought of.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
Ewald
Newbie
Offline
Activity: 7
Merit: 0
|
|
October 01, 2010, 11:09:29 PM |
|
Wouldn't it be easiest to simply use PGP for this? If someone posts or emails his Bitcoin address and signs the message with his private PGP key, you can determine whether you trust the identity and trustworthiness associated with said PGP key (and web of trust) and therefore whether you trust the bitcoin address itself.
|
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
October 01, 2010, 11:12:24 PM |
|
A half-baked thought that's been bouncing around my head for the last couple of days:
One piece of functionality missing from bitcoin is the ability for somebody to prove that they own a certain bitcoin address.
I'm thinking that if there was a way to ask bitcoin to: 1) Sign an arbitrary bunch of data with a bitcoin address' private key, and return the signature. 2) Take a bitcoin address and signed data and verify that the signature is valid.
... then maybe that could function as the building block allowing webs of trust to develop in an application independent of 'core bitcoin'.
And secure, pseudo-anonymous communication between people who know only each other's bitcoin addresses. And probably a bunch of other interesting things I haven't thought of.
That's an excellent idea! Is there any reason that a function or another program can't be developed to access the wallet file and use those keypairs to sign arbitrary data, such as an email?
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
October 01, 2010, 11:21:59 PM |
|
Wouldn't it be easiest to simply use PGP for this? If someone posts or emails his Bitcoin address and signs the message with his private PGP key, you can determine whether you trust the identity and trustworthiness associated with said PGP key (and web of trust) and therefore whether you trust the bitcoin address itself.
But you can't prove that the owner of the PGP key is the same as the owner of the bitcoin address, because the bitcoin address is the public key of the keypair. What is to say that you try to spoof someone into thinking that you own an address belonging to someone else by taking one of their addresses and signing it? I don't know why someone would want to do such a thing, but it could form the basis of a 'man in the middle' attack.
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
Ewald
Newbie
Offline
Activity: 7
Merit: 0
|
|
October 02, 2010, 06:33:28 AM |
|
Wouldn't it be easiest to simply use PGP for this? If someone posts or emails his Bitcoin address and signs the message with his private PGP key, you can determine whether you trust the identity and trustworthiness associated with said PGP key (and web of trust) and therefore whether you trust the bitcoin address itself.
But you can't prove that the owner of the PGP key is the same as the owner of the bitcoin address, because the bitcoin address is the public key of the keypair. What is to say that you try to spoof someone into thinking that you own an address belonging to someone else by taking one of their addresses and signing it? I don't know why someone would want to do such a thing, but it could form the basis of a 'man in the middle' attack. True, using a system outside of Bitcoin itself, opens you up for loads of theoretical and presumably also a couple of real life attacks. Using PGP however does allow establishing trust in a certain way: a bitcoin address signed by a PGP key held by a friend, or a friend of a friend, should indicate that there's a kind of trustworthiness associated with that bitcoin address. After all, the one who holds the PGP private key has announced the authenticity or ownership of that particular bitcoin address. Now, it could be that the private PGP key is compromised. In that case the original owner should have revoked the PGP key, thereby revoking the associated trust. Also, if an attacker gains access to your private PGP key, there would usually be very little between him and your bitcoin wallet as well, so a compromised PGP key would most likely mean your bitcoin wallet is compromised as well.
|
|
|
|
|