Abstract
In the play Peter Pan, the fairy Tinker Bell is about to fade away and die because nobody believes in her any more, but is saved by the belief of the audience. This is a very old meme; the gods in Ancient Greece became less or more powerful depending on how many mortals sacrificed to them. On the face of it, this seems a democratic model of trust; it follows social consensus and crumbles when that is lost. However, the world of trust online is different. People trust CAs because they have to; Verisign and Comodo are dominant not because users trust them, but because merchants do. Two-sided market effects are bolstered by the hope that the large CAs are too big to fail. Proposed remedies from governments are little better; they declare themselves to be trusted and appoint favoured contractors as their bishops. Academics have proposed, for example in SPKI/SDSI, that trust should flow from individual users’ decisions; but how can that be aggregated in ways compatible with incentives? The final part of the problem is that current CAs are not just powerful but all-powerful: a compromise can let a hostile actor not just take over your session or impersonate your bank, but ‘upgrade’ the software on your computer. Omnipotent CAs with invisible failure modes are better seen as demons rather than as gods.
Inspired by Tinker Bell, we propose a new approach: a trust service whose power arises directly from the number of users who decide to rely on it. Its power is limited to the provision of a single service, and failures to deliver this service should fairly rapidly become evident. As a proof of concept, we present a privacy-preserving reputation system to enhance quality of service in Tor, or a similar proxy network, with built-in incentives for correct behaviour. Tokens enable a node to interact directly with other nodes and are regulated by a distributed authority. Reputation is directly proportional to the number of tokens a node accumulates. By using blind signatures, we prevent the authority learning which entity has which tokens, so it cannot compromise privacy. Tokens lose value exponentially over time; this negative interest rate discourages hoarding. We demotivate costly system operations using taxes. We propose this reputation system not just as a concrete mechanism for systems requiring robust and privacy-preserving reputation metrics, but also as a thought experiment in how to fix the security economics of emergent trust.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Such subversion might involve a national-scale malware implementation programme; see for example Gamma’s ‘Project Turkmenistan’ disclosed on wikileaks.
- 2.
We initially designed our system without knowledge of BRAIDS then amended this paper to refer to it, but did not set out to design an improvement to BRAIDS.
References
Acquisti, A., Dingledine, R., Syverson, P.F.: On the economics of anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 84–102. Springer, Heidelberg (2003)
Androulaki, E., Raykova, M., Srivatsan, S., Stavrou, A., Bellovin, S.M.: PAR: payment for anonymous routing. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 219–236. Springer, Heidelberg (2008)
Biryukov, A., Pustogarov, I.: Proof-of-work as anonymous micropayment: rewarding a tor relay. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 445–455. Springer, Heidelberg (2015)
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, New York (1983)
Chen, Y., Sion, R., Carbunar, B.: XPay: practical anonymous payments for Tor routing and other networked services. In: Proceedings of the 8th ACM workshop on Privacy in the electronic society, pp. 41–50, ACM (2009)
Dingledine, R., Freedman, M.J., Hopwood, D., Molnar, D.: A reputation system to increase MIX-Net reliability. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 126–141. Springer, Heidelberg (2001)
Dingledine, R., Freedman, M.J., Molnar, D.: The free haven project: distributed anonymous storage service. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 67–95. Springer, Heidelberg (2001)
Dingledine, R., Mathewson, N., Syverson, P.: Reputation in P2P anonymity systems. In: Workshop on Economics of Peer-to-Peer Systems, vol. 92 (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, DTIC Document (2004)
Dingledine, R., Syverson, P.: Reliable mix cascade networks through reputation. In: Blaze, M. (ed.) Financial Cryptography. LNCS, vol. 2357, pp. 253–268. Springer, Heidelberg (2003)
“Johnny” Ngan, T.-W., Dingledine, R., Wallach, D.S.: Building incentives into Tor. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 238–256. Springer, Heidelberg (2010)
Ghosh, M., Richardson, M., Ford, B., Jansen, R.: A TorPath to TorCoin: proof-of-bandwidth altcoins for compensating relays. In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2014)
Jansen, R., Hopper, N., Kim, Y.: Recruiting new Tor relays with BRAIDS. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 319–328, ACM (2010)
Jansen, R., Johnson, A., Syverson, P.: LIRA: lightweight incentivized routing for anonymity. Technical report, DTIC Document (2013)
Jansen, R., Miller, A., Syverson, P., Ford, B.: From onions to shallots: rewarding Tor relays with TEARS. HotPETS, July 2014
Levien, R.: Attack-resistant trust metrics. In: Golbeck, J. (ed.) Computing with Social Trust. Human–Computer Interaction Series, pp. 121–132. Springer, London (2009)
Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol-version 2. Draft, July 2003
Moreton, T., Twigg, A.: Trading in trust, tokens, and stamps. In: Proceedings of the First Workshop on Economics of Peer-to-Peer Systems (2003)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)
Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank citation ranking: bringing order to the web (1999)
Ray, J.: Malpertuis, vol. 142. Marabout, Brussel (1943)
Rivest, R.L., Shamir, A.: PayWord and MicroMint: two simple micropayment schemes. In: Lomas, M. (ed.) Security Protocols. LNCS, vol. 1189, pp. 69–87. Springer, Heidelberg (1997)
Wang, Q., Lin, Z., Borisov, N., Hopper, N.: rBridge: user reputation based Tor bridge distribution with privacy preservation. In: NDSS (2013)
Acknowledgements
The first author thanks colleagues Laurent Simon and Stephan Kollmann for discussions regarding anonymity networks.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Baqer, K., Anderson, R. (2015). Do You Believe in Tinker Bell? The Social Externalities of Trust. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds) Security Protocols XXIII. Security Protocols 2015. Lecture Notes in Computer Science(), vol 9379. Springer, Cham. https://doi.org/10.1007/978-3-319-26096-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-26096-9_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26095-2
Online ISBN: 978-3-319-26096-9
eBook Packages: Computer ScienceComputer Science (R0)