Do You Believe in Tinker Bell? The Social Externalities of Trust
In the play Peter Pan, the fairy Tinker Bell is about to fade away and die because nobody believes in her any more, but is saved by the belief of the audience. This is a very old meme; the gods in Ancient Greece became less or more powerful depending on how many mortals sacrificed to them. On the face of it, this seems a democratic model of trust; it follows social consensus and crumbles when that is lost. However, the world of trust online is different. People trust CAs because they have to; Verisign and Comodo are dominant not because users trust them, but because merchants do. Two-sided market effects are bolstered by the hope that the large CAs are too big to fail. Proposed remedies from governments are little better; they declare themselves to be trusted and appoint favoured contractors as their bishops. Academics have proposed, for example in SPKI/SDSI, that trust should flow from individual users’ decisions; but how can that be aggregated in ways compatible with incentives? The final part of the problem is that current CAs are not just powerful but all-powerful: a compromise can let a hostile actor not just take over your session or impersonate your bank, but ‘upgrade’ the software on your computer. Omnipotent CAs with invisible failure modes are better seen as demons rather than as gods.
Inspired by Tinker Bell, we propose a new approach: a trust service whose power arises directly from the number of users who decide to rely on it. Its power is limited to the provision of a single service, and failures to deliver this service should fairly rapidly become evident. As a proof of concept, we present a privacy-preserving reputation system to enhance quality of service in Tor, or a similar proxy network, with built-in incentives for correct behaviour. Tokens enable a node to interact directly with other nodes and are regulated by a distributed authority. Reputation is directly proportional to the number of tokens a node accumulates. By using blind signatures, we prevent the authority learning which entity has which tokens, so it cannot compromise privacy. Tokens lose value exponentially over time; this negative interest rate discourages hoarding. We demotivate costly system operations using taxes. We propose this reputation system not just as a concrete mechanism for systems requiring robust and privacy-preserving reputation metrics, but also as a thought experiment in how to fix the security economics of emergent trust.
KeywordsTrust Reputation Metrics Unlinkability Anonymity
The first author thanks colleagues Laurent Simon and Stephan Kollmann for discussions regarding anonymity networks.
- 5.Chen, Y., Sion, R., Carbunar, B.: XPay: practical anonymous payments for Tor routing and other networked services. In: Proceedings of the 8th ACM workshop on Privacy in the electronic society, pp. 41–50, ACM (2009)Google Scholar
- 8.Dingledine, R., Mathewson, N., Syverson, P.: Reputation in P2P anonymity systems. In: Workshop on Economics of Peer-to-Peer Systems, vol. 92 (2003)Google Scholar
- 9.Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, DTIC Document (2004)Google Scholar
- 12.Ghosh, M., Richardson, M., Ford, B., Jansen, R.: A TorPath to TorCoin: proof-of-bandwidth altcoins for compensating relays. In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2014)Google Scholar
- 13.Jansen, R., Hopper, N., Kim, Y.: Recruiting new Tor relays with BRAIDS. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 319–328, ACM (2010)Google Scholar
- 14.Jansen, R., Johnson, A., Syverson, P.: LIRA: lightweight incentivized routing for anonymity. Technical report, DTIC Document (2013)Google Scholar
- 15.Jansen, R., Miller, A., Syverson, P., Ford, B.: From onions to shallots: rewarding Tor relays with TEARS. HotPETS, July 2014Google Scholar
- 17.Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol-version 2. Draft, July 2003Google Scholar
- 18.Moreton, T., Twigg, A.: Trading in trust, tokens, and stamps. In: Proceedings of the First Workshop on Economics of Peer-to-Peer Systems (2003)Google Scholar
- 19.Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)Google Scholar
- 20.Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank citation ranking: bringing order to the web (1999)Google Scholar
- 21.Ray, J.: Malpertuis, vol. 142. Marabout, Brussel (1943)Google Scholar
- 23.Wang, Q., Lin, Z., Borisov, N., Hopper, N.: rBridge: user reputation based Tor bridge distribution with privacy preservation. In: NDSS (2013)Google Scholar