[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [freehaven-dev] mix-acc paper: incentives for Alice to play fair, system asnetwork flow problem


Michael J Freedman wrote:
> I noticed some mention about Alice freeloading on reputation system.
> Although I currently don't have a solution for this, I do have for
> providing Alice with an incentive not to report false failures (i.e., for
> Alice only telling the truth.)  Namely, if Wally the witness performs spot
> checks on Alice's failure claim (he no longer needs to verify each, just
> some small number of them), and he finds that Alice is giving a false
> claim, then he can punish Alice by providing her with delayed reputation
> information -- or simple efuse her requests for information.

Alice reports failures anonymously, so I don't see how this will work.
I don't think there is a lot we can do about Alice reporting false
failures as a denial of service attack (other than requiring micropayments
to verifiers, perhaps). In any case, this doesn't seem to be more effective
than any other DoS attack.

If Alice reports false failures but they are rejected, and don't cause a
denial of service, then there isn't a problem.

> We have just described a simple metric for measuring MIX-net
> reliability on a per-node basis.  In reality, a reputation system
> provides a feedback mechanism to account for dynamic network
> reliability.  As users engage in the MIX-net protocol and report
> failures accordingly, their data is inputted into the reputation
> % we removed scorers totally -- witnesses score, right?  -mjf

Technically, witnessing and scoring are different roles, although for
the most part they should probably be done by the same people, so that
scorers don't have to trust witnesses (more precisely, a scorer trivially
trusts itself).

- -- 
David Hopwood <hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip

Version: 2.6.3i
Charset: noconv