Towards global Consensus on Trust

[synctext]

Placeholder issue for master thesis work. End date firm: 16:00, Friday 31 August 2018, Cum Laude potential. Concrete idea:

• We aim to build a global consensus system for trust
• a required intermediary step is obtaining lists of trust rankings
• Each participant in the network puts periodically the Top-1000 nodes it trusts the most on their Trustchain.
• A signed trustranking record contains a list of known public keys of nodes, ordered by level of trust. Nodes with highest level of successful interaction and trust are listed first.
• Calculate Trustrankings using incremental personalised temporal pagerank #2805
• Extend trustchain on top of IPv8 #3272 to parse and interprete these records
• Calculate from numerous individual signed Trustranking records an estimation of the global trust consensus. Consensus Ranking
• Who is the most trusted of us all? In future work we can then run a Byzantine Fault Tollerant Consensus algorithm for true global consensus on trustranking. NP-Hard problem:

  We are given a set of N rankings, or permutations1
  on n objects. These rankings might represent individual
  preferences of a panel of N judges, each presented
  with the same set of n candidates. Alternatively, they
  may represent the ranking votes of a population of N
  voters. The problem of rank aggregation, or of finding
  a consensus ranking, is to find a single ranking π0 that
  best “agrees” with all the N rankings. This process
  can also be seen as a voting rule, where the N voters’
  preferences are aggregated in an election to produce
  a consensus order over the candidates, the top ranked
  being the winner.

• This enables random appointment of a node for some governance role, weighted by your global trust ranking. A fascinating mix of a meritocracy and democratic lottery. All based on the transaction graph and emergent trust network:

[synctext]

Protect - solid algoritm work for the core of a thesis.

[synctext]

Vital dataset we need with real attacks on trust, reputation systems. http://users.eecs.northwestern.edu/~hxb0652/HaitaoXu_files/TWEB2017.pdf Abstract:

In online markets, a store’s reputation is closely tied to its profitability. Sellers’ desire to quickly achieve high reputation has fueled a profitable underground business, which operates as a specialized crowdsourc- ing marketplace and accumulates wealth by allowing online sellers to harness human laborers to conduct fake transactions for improving their stores’ reputations. We term such an underground market a seller- reputation-escalation (SRE) market. In this article, we investigate the impact of the SRE service on repu- tation escalation by performing in-depth measurements of the prevalence of the SRE service, the business model and market size of SRE markets, and the characteristics of sellers and offered laborers. To this end, we have infiltrated five SRE markets and studied their operations using daily data collection over a con- tinuous period of two months. We identified more than 11 thousand online sellers posting at least 219,165 fake-purchase tasks on the five SRE markets. These transactions earned at least $46,438 in revenue for the five SRE markets, and the total value of merchandise involved exceeded $3,452,530. Our study demon- strates that online sellers using the SRE service can increase their stores’ reputations at least 10 times faster than legitimate ones while about 25% of them were visibly penalized. Even worse, we found a much stealthier and more hazardous service that can, within a single day, boost a seller’s reputation by such a degree that would require a legitimate seller at least a year to accomplish. Armed with our analysis of the operational characteristics of the underground economy, we offer some insights into potential mitigation strategies. Finally, we revisit the SRE ecosystem one year later to evaluate the latest dynamism of the SRE markets especially the statuses of the online stores once identified to launch fake transaction campaigns on the SRE markets. We observe that the SRE markets are not as active as they were one year ago and about 17% of the involved online stores become inaccessible likely because they have been forcibly shut down by the corresponding E-commerce marketplace for conducting fake transactions.

[jghms]

Again a short status update:

I ran a first simple experiment which is similar to the other experiments I plan to do. We have 20 honest agents that perform the PROTECT mechanism as described above (however still a simplified verfication). Also there is one dishonest agent who withholds one block from his chain when engaging in an interaction (when the other agent starts the interaction the agent behaves normal, that is why he still has some interactions). Other agents verify the chain and find it not complete. Therefore they reject the interaction with the agent. We let the agents interact for 100 seconds with approximately 1 transaction per agent per second. We see that the dishonest agent has significantly less transactions that the honest agents. I will create more experiments like this, but they only prove the correctness of the mechanism. Next to this, there should also be a scalability experiment which I still need to design. For that I will probably also need to make the software work with gumby to run it on the DAS-5.

Also I have started writing on my thesis.tex, here is the current pdf: report.pdf

[synctext]

@jangerritharms 's novel idea: devise a mechanism which forces agents to disclose their full historical state of their trustchain database at each point in time. This enable the detection of historical dishonest behavior, by allowing a replay of all historical states and decisions. For instance, helping other dishonest agents in the past.

thesis storyline, especially the problem description:

• big and lab vision, your component in the 50-years: #3571 of building-trust-research. Multiple layers, fully distributed.
  • trustchain, force multi-party argeement
  • distributed incremental pagerank for detecting sybil regions
  • incentive compatible info sharing (THIS THESIS)
  • use latency to enforce honest behavior. Introduce new rule that agents physically within few hundred km are your neighbors. You can't replace your neighbors and you can't bend the laws of physics. High latency peers are never trusted, they need to be guaranteed by low-latency peers.
  • strong identities. finally use expensive identities, such as government issued passports to create costly identities. They can't be re-used or re-newed.
• precise and narrow of thesis work

For instance: This works has successfully created a specialized component which has a proven ability to make trust systems better.

Demers, 1987 classic, "Epidemic algorithms for replicated database maintenance". First mention of anti-entropy syncing between agents. Simply sync differences and see how everybody syncs quickly. Great math. 1988 classic: "A survey of gossiping and broadcasting in communication networks"

Real attack datasets are now available, see this Twitter 8000 fake accounts, https://news.ycombinator.com/item?id=9170433

Spam a form of sybil attack #2547?

(btw dishonest agents == dramatic red in thesis figures, green == good)

[jghms]

Updated report.pdf

Quick update: Not so much happened since the last update. I mostly worked on the story for my thesis, how cooperation, reputation systems, tribler, trustchain and my work are related. Also I have reworked my code a little bit, before I had stored on the chain all public keys and sequence numbers that were exchanged, now only two hashes of the exchanges are stored, which still has the same effect as partners can sign the hash of what data they sent and having the hash later on means agents still cannot lie about which data they have. Also I see now that anti-entropy is definitely not the only way to go. We can simply define how many endorsements are required per interaction (some ratio which can be enforced by the honest nodes).

Possible next steps:

• next steps will be to make my emulation work with gumby and run a scalability experiment
• run experiments that show that in no way we can not share all data and still be acknowledged by honest agents
• run experiments on Sybil attacks

[synctext]

• title? "Key building block for creating online trust"
• "Trust is the bedrock of society"; opening line?
• application-agnostic
• Our audacious ambition is to create a global trust system
• model with both trust and reputation
• paper which explains difference between trust system and reputation system
• Chapter 1, more in-depth. Reader knows trust, reputation, and incentive work by then.
  • copy and expand argument?
  • subsections
  • 1.1 Trust and reputation
  • 1.2 Pris Dil
  • 1.3 Trustchain and Tribler
  • faults: https://www.ccn.com/eos-blockchain-grinds-to-halt-as-software-bug-freezes-transactions/
• Chapter 2
  • describe The Magic Thing
  • connects all digital humanity
  • uses all past transactions for estimating trustworthiness
  • disputed outcomes
  • Aims to identify the small minority of dishonest behaving individuals
  • Works in preventive manner, 100% fraud detection deters
  • transparency breeds honesty and honesty leads to trust
  • non-profit public utility
  • define trust vector
  • story
  • global trust
  • trust data dissemination
  • no solution yet, prior work
• 4.1. Applications of decentralized accounting systems
  • table with requirements
  • nothing does it all !
  • except this thesis
  • ProTeCT naming
• Turn around: we now have money without banks. Banks can default. 2007 global financial crisis resulted in numerous collapsing banks (465?)
• Bitcoin is Chapter 1 material
• 4.1.3 Partial view and scalability is Problem Description material
• Chapter "Concept of internal agent state transparency" or "transparency of trust vectors to prevent attacks"
• Chapter "the ProTeCT algorithm for trust vector integrity"
• Experiments and performance analysis
  • 3 dishonest and 4 honest
  • 6 dishonest and 4 honest (+no honesty among thieves)

[synctext]

Mental note: huge Trustchain dataset and picture; not (yet) in thesis

[lylamaria]

Good luck today Jan!

[jghms]

Status update report.pdf

This is the current thesis.tex. Next week I will be on vacation so this is pretty much the work that we can look at at the next meeting on monday 16th of July. Have made a start in each of the chapters of the final report. Was not yet able to implement all feedback from the previous round but that will be the next step.

[synctext]

remarks:

• You engineer! You are not writing in social sciences style
  • recent 2017 work, "Cooperation in the Finitely Repeated Prisoner’s Dilemma".
  • "Finding cooperators: Sorting through repeated interaction", 2017 related work
  • "Persistent cooperation and gender differences in repeated Prisoner's Dilemma games: Some things never change".
  • Note: humans have only limited control on the "Tribler agent", all about the defaults and massive cyberattacks like we see on social media.
• experiments:
  • forking is the key manipulative behavior (double spend detection)
  • transaction hiding
  • whitewashing
  • colluding / Sybil (6.4.1. Sybil attack)
• thesis has a "fast" storyline in chapter 1.
  • expand beyond 3 pages
  • recommend mentioning 1) Uber and Airbnb and 2) Bitcoin in the intro text of Chapter 1
  • then you explain connection of trust to these inside Chapter. (Taxi without taxi license, money without banks)
• 1.4. Solution to abuse of Trust: decentralization explain in 1 sentence to the poor reader what this subsection is about. Like: We claim in this thesis that a global system to create trust on the Internet and our economy can't have a single-point-of-failure. It needs to be fully decentralized.
• namyly, no spelling checker?
• 2. In the introduction we have made a case for our audacious ambition to design and create a layer of reputation on top of the core infrastructure of the internet that enables application agnostic trustful relationships between relative strangers. or shorter and more powerful: our audacious ambition is to create trust on the internet.
• suggestion: open Chapter 2 with the Mui 2001 MIT picture. Provides context and intro, then do the boring requirement stuff.
• Definition 7 (Transaction block). missing signatures and switches away from formal model in Def 1-6.
• Chapter 4: Honesty is rewarded and cheating is reduced when we introduce the novel concept of 'state transparency'. In this chapter we introduce the main idea of the thesis, solve the trust problem by exposing your own state. Our proposed mechanism publicly records the action of sharing knowledge.
• Chapter 6: we aim to prove the properties of the mechanism and architecture by experimental analysis. We implemented our mechanism and now establish how it handles strategic manipulation.
• " All agents run a main decision loop at high frequency and have a small chance of starting an interaction each time step.", informal, imprecise. How exactly? interaction probability?
• Your mechanism seems to have an recursion explosion. Talking to a peer triggers Exchange block creation, next peer you talk to will always lead to the creation of a new record, because you created at least a single exchange block on your own chain. Thus leading to another exchange block creation. Each encounter leads to a new record being created on Trustchain. (positive wording: gossip transparency)

[jghms]

report.pdf

Worked mostly on the experiments, updated parts of the introduction and created an example case for my mechanism in chapter 5.

[synctext]

Comments

• more citation needed, none in Section 1.1.1 and no source for Figure 1.1
• Section 1.4, citation of #3571 as the lab goal
• Figure 2.1, larger.
• Table 3.1; use survey to expand number of entries.
• Figure 5.1, depiction of subjects A and B is bit silly
• Style violation
  • Mixing theory, formal notation with pictures of pens to indicate a digital signature
  • confuses the reader
  • the 19 definitions do not lead to an impossibility result or proof.
  • Mixing Tribler details and dirty implementation with clean formal model (e.g. Nowak level)
  • you spend much more time of coding, less on theory; how much theory in thesis?
  • can you prove something cool? Like: you can't strategically manipulate my algorithm! You are forced to share or you can not-share (freeride), lie and will be caught -guaranteed-.
• genesis block == "0"
• The Sybil problem
  • Cardinal example "Sybilproof Reputation Mechanisms" - very good short read
  • "problem formulation" with formal model
  • their hard theoretical science: "Theorem 1. There is no symmetric sybilproof nontrivial reputation function"
  • "We have presented a possible framework for assessing a reputation mechanism’s robustness to sybils. We have shown that no nonconstant, symmetric reputation function exists. Further, we have given a collection of flow-based asymmetric reputation functions which are sybilproof, under some conditions."
• block tampering, forking and double spending, block withholding
• Section 6.x system architecture picture and text
• The same happens when the selected partner is a known malicious agent. be more clear and explicit about this essential behavior.
• The first experiment to run is concerning the dissemination free-riders more like: our first experiment analyses the performance of our proposed algorithm against freeriding. the why
• algorithm has no forgiveness, DFR flatlines (shorthand distracts)
• Figure 6.1 very boring similar outcomes. compact same message into 1 figure.
• multiple dissemination free-riders join forces and collaborate in creating a subnetwork. collusion experiment ! we now present an experiment to determine the outcome if freeriders detect and decide to collude against the honest agents. again explain why.
• Collusion leads to network partitioning... thus Figure 6.3 needs to be red for the zeros. figure title "quantification of the network partitioning"
• Figure 6.5 versus 6.6: honest agents without "deep check" and with.
• Jan-Gerrit idea: creating identities become expensive, you are born with a negative reputation, you first need to perform work for the community. You can't collude with other negative agents anymore. Attack-edges becomes essential.

[synctext]

Creating trust through verification of interaction records

Final thesis on official repository

Thesis Abstract Trust on the internet is largely facilitated by reputation systems on centralized online platforms. How- ever reports of data breaches and privacy issues on such platforms are getting more frequent. We argue that only a decentralized trust system can enable a privacy-driven and fair future of the online economy. This requires a scalable system to record interactions and ensure the dissemination and consistency of records. We propose a mechanism that incentivizes agents to broadcast and verify each others interaction records. The underlying architecture is TrustChain, a pairwise ledger designed for scalable recording transactions. In TrustChain each node records their transactions on a personal ledger. We extend this ledger with the recording of block exchanges. By making past information exchanges transparent to other agents the knowledge state of each agent is public. This allows to discriminate based on the exchange behavior of agents. Also, it leads agents to verify potential part- ners as transactions with knowingly malicious users leads to proof-of-fraud. We formally analyze the recording of exchanges and show that free-riding nodes that do not exchange or verify can be detected. The results are confirmed with experiments on an open-source implementation that we provide.

[synctext]

Related work: Mustafa Al-Bassam seems to have re-invented our approach in 2019. His work and Celestia combines our 2018 work and prior 2017 Chico implementation along with our 2016 bottom-up consensus model. Brilliant wording: "virtual side-chains", we just called it a scalable ledger :smile: Superior marketing and acquisition of funds then we did!

2004 background Total Order Broadcast and Multicast Algorithms: Taxonomy and Survey