Closed rymnc closed 1 year ago
staheri14
commented
1 year ago Thanks @rymnc for opening the issue! Nice one! One thing that would be good to capture is the dynamic of the Interrrep group, for example, when a peer's status may change over time (especially after registration to the RLN group). For the first PoC, we may want to scope out this aspect, but it would be good to keep it on the radar for the future.
rymnc
commented
1 year ago Thanks @rymnc for opening the issue! Nice one! One thing that would be good to capture is the dynamic of the Interrrep group, for example, when a peer's status may change over time (especially after registration to the RLN group). For the first PoC, we may want to scope out this aspect, but it would be good to keep it on the radar for the future.
Thanks for your comment! We could eventually incentivise peers to be a feedback loop to Interep group changes, but, yes, as you said, this can be dealt with later
oskarth
commented
1 year ago Thanks for the issue, it's a good start and summarizes useful background! A few things worth mentioning:
1) In terms of motivation, being able to get sybil resistant messaging without requiring user to have crypto funds is a big motivator -- e.g. this is why Status Communities don't want to rely on current RLN Relay with ETH/ERC20 as stake -- this requires thinking a bit about how contract updates work (e.g. relayer, maybe batcher? or non smart contract version?)
2) It'd be good to connect this back to https://ethresear.ch/t/decentralised-cloudflare-using-rln-and-rich-user-identities/10774 and decentralized captcha
3) Finally, the issue currently provides background and a rough sketch for how they can work together. It is missing a scope for MVP / next steps and what would be must-have and what can be added later as nice to haves. If we can create a tight scope for MVP POC + spec that'd make things more concrete.
rymnc
commented
1 year ago Thanks for the issue, it's a good start and summarizes useful background! A few things worth mentioning:
- In terms of motivation, being able to get sybil resistant messaging without requiring user to have crypto funds is a big motivator -- e.g. this is why Status Communities don't want to rely on current RLN Relay with ETH/ERC20 as stake -- this requires thinking a bit about how contract updates work (e.g. relayer, maybe batcher? or non smart contract version?)
- It'd be good to connect this back to https://ethresear.ch/t/decentralised-cloudflare-using-rln-and-rich-user-identities/10774 and decentralized captcha
- Finally, the issue currently provides background and a rough sketch for how they can work together. It is missing a scope for MVP / next steps and what would be must-have and what can be added later as nice to haves. If we can create a tight scope for MVP POC + spec that'd make things more concrete.
Updated the issue to include -
rymnc
commented
1 year ago An update on the PoC for those interested -
rymnc
commented
1 year ago Something to note with interep is that it requires a trusted intermediary which collects auth tokens (which have pii) and id commitments, and adds them to the merkle tree, which is then used to update the onchain root of the tree at intervals. We will have to design the relay protocol for this in a way that we have trusted relayers for a specific groupId (provider + tier, i.e github gold) which accept membership requests, and then submit the updated merkle root onchain, for a fee. This action could then be contested by other relayers, if a malicious action is detected. To ensure that all relayers see all membership requests(so that they can compute the same root), we will have to introduce a delay, in terms of number of blocks, etc. This would lead to worse UX, at the cost of decentralizing the trusted intermediary. May be worth to note that censorship can happen, because the auth token of the user is passed around, and by extension their PII as well. Even if one relayer does accept this membership request, the other relayers can contest it. We will have to design a threshold of non-malicious relayers to ensure that censorship does not occur.
rymnc
commented
1 year ago Something to note with slashing is that the actual identity_secret of the malicious peer is not revealed. It is the identity_secret_hash from which the id_commitment is derived. Due to this, there is no real-world disincentive/consequence for a peer who registered with Interep to be malicious, unless we link this to a reputation system, where their reputation reduces if they are removed from the membership set.
rymnc
commented
1 year ago Since we have completed the spec as well as the forum post I will close this issue. Please feel free to re-open when required!
Background
Interep
Interep is an Identity protocol which allows trustless verification of the reputation of a given "peer". This reputation is derived from one or more metrics on a given centralised service (Github, Twitter, Reddit). It banks on the assumption that bot accounts do not or, will not, gain a large number of human-like characteristics on these services. For example, only a real developer (and not a bot) would have more than a 100 stars on Github. However, it is difficult to trust that these centralised services will continue to operate with the same degree of bot prevention, over a longer period of time. For example, there are bots on Reddit which have over 100 "coins". The way we can use Interep safely is by increasing the threshold of what "peers" we allow to use the system, i.e only Silver tier or above on any of the centralised services. This would greatly reduce the number of bots and would make the system anti-sybil upto a degree.
RLN
RLN (Rate Limiting Nullifier), is used for spam prevention in a peer-to-peer network, while preserving anonymity. A "peer" registers themselves to be a part of a membership group, either with funds (See: https://rfc.vac.dev/spec/17/), or with their social reputation. The membership group refers to the set of anonymized "peers" that are allowed to send messages. Each message includes a ZK proof that proves that this "peer" belongs to the membership group. If spamming is detected, the message is dropped, and the sender is subsequently "slashed", and removed from the membership group. When the sender is removed from the membership group, their messages are no longer propagated, and therefore, spam prevention occurs. "Slashing" refers to the financial/social stake being taken away from the "peer". We will discuss more about social-slashing below.
Motivation
The motivation to use social-staking vs financial-staking is to lower the barrier of entry in a sybil-resistant manner. There are applications which do require this, and would benefit greatly from the lowered difficulty to participate in spam prevention. The barrier of entry is further reduced by implementing gasless transactions (EIP-2771) for the registering to be a part of the membership group.
Examples -
How RLN and Interep can work together
We are operating under the following assumptions -
The RLN contract can be forked/updated to add the following functions -
providercan be (Github, Twitter, Reddit), and thenamecan be (Gold, Silver, Bronze)To generate proofs for the messages, the "peers" can use their existing ID Commitment that they used with Interep, but using the RLN circuit, as described here. They can then be removed from the membership group by following the slashing scheme described here.
There are 2 disincentives to spamming the network with social stake -
MVP PoC Details
Must Haves
[x] Updates to the RLN contract to -
[x] A simple UI to demonstrate -
Nice to Haves
Further reading