A Privacy Preserving Reputation System is possible on Steemit
Introduction
One of the issues with reputation systems is the fact that the ratings by customers may necessarily have to be private or kept anonymous from the service providers. Achieving this level of privacy through blockchain technology is not trivial but it is possible. In this article I will discuss some of the latest research papers and offer some ideas on the topic.
Can privacy be preserved in a decentralized reputation system?
The answer is yes. In a paper released recently titled: "A trustless privacy preserving reputation system" there is a detailed description of how to create this kind of reputation system on a blockchain. Ideas from this particular research paper can be adopted by Steem, for use in Steemit, and also be used for Graphene.
The paper discusses and provides solutions for problems such as trust, or suitability for e-commerce. As an example here is a pertinent quote:
As the identity of a customer will be most certainly revealed during a transac-tion, the system should enforce the unlinkability of transactions and ratings,i.e. for a given rating, it should not be possible to determine which trans-action it is related to (it should however be possible to identify the relatedSP). It should, however, not be possible for a customer to submit a rating if no transaction took place.
As a priority in the paper their solution seeks to avoid any central points of failure, or and central points of control. This is a similar criteria to what Steemit would need to offer for effective e-commerce to become viable. Another highlight from the paper is the need for ratings to be un-linkable to the customers:
The anonymity of the customers should be preserved. More precisely, the ratings and the identities of the customers should be unlinkable, as well as the ratings among themselves. The later kind of unlinkability is also crucial to preserve the anonymity of the users,
Knowing that the objectives of Steemit e-commerce match the objectives of this research paper, now we can look at some of the solutions offered by the research paper.
Blind signatures
Using blind signatures, a signer of a message can know nothing about the content of the message. This could be particularly useful as a technique to preserve customer privacy in our context. Okamoto or Chaum offer viable blind signature schemes.
Blind token exchange
Steemit will have to offer an equivalent version of the blind token exchange offered by the research paper. I would recommend going with Okamoto's provable blind signature scheme as outlined in the paper, adapted to the purposes of Steem. This would be possible to implement over Steem and is in my opinion necessary.
A quote from the paper says:
Before the transaction takes place, the customer will receive a token from the SP that will guarantee that its review will be accepted. For this purpose, the customer hashes the previously generated public key and requests a blind signa-ture on this, for example using Okamoto’s provable blind signature scheme (in the complete, not partial blinding setup), or the much simpler Chaum’s blind signature algorithm. This will make the token unlinkable to the transaction, and therefore guarantee the anonymity. The customer will also check that there are enough coins in the wallet associated with the SP. Then, the transaction can take place.
Conclusion
This research paper proves that Steemit can offer a privacy preserving reputation system for e-commerce. It can be implemented, even enhanced, and the key technique is the use of Okamoto's blinded signature scheme to preserve customer anonymity. I request that Dan and others take a look at this paper and comment on it if they have any thoughts, or if they have knowledge of this technique already to offer some indication of when we can expect something like this on Steemit.
References
Schaub, A., Bazin, R., Hasan, O., & Brunie, L. (2016, May). A trustless privacy-preserving reputation system. In IFIP International Information Security and Privacy Conference (pp. 398-411). Springer International Publishing.
Confidential transfers are already on the roadmap... so I guess they can easily
include "privacy reputation"
https://steem.io/roadmap/confidential/
That was my intention with this post. To suggest that blind signatures and Okamoto's blind token exchange be used specifically because it's fit for purpose. Ring signatures and confidential transactions work for a different purpose to solve the problem of private value transfer between participants, but for the problem of reputation, and private reviews, that is what the privacy preserving reputation system does.
I hope Steemit can have both.
http://www.acsij.org/documents/v4i4/ACSIJ-2015-4-4-755.pdf
Yeah, I guess this could be really bad from a political standpoint, or for a whistleblower posting on steemit. I can imagine an ISP leaking your entire url logs to the press. The actual tech is a little over my head, but I appreciate the research work you're doing to help build Steemit into the best platform possible.
I hope so. Privacy is so important with governments snooping into everything under the guise of combatting terrorism. It's why I invested in Dash, and I hope it will be brought to STEEM as well.
I've read somewhere that steemit will add stealth payments in the future using the same technologiy backing Monero https://getmonero.org/ (Ring signatures)
So, I think devs ( hi @smooth ) have this in mind too
Dear User known as @dana-edwards
Steemit has a BOT problem! Your Vote Counts... Maybe
https://steemit.com/steemit/@weenis/bots-steemit-s-first-community-based-decision-on-bots-your-vote-counts-to-be-or-not-to-be-details-inside
word wrap in word transaction, is this correct?
Thanks for keeping the core team and us regular folk up to date with what we need to be on the lookout to prepare properly for the future. Looking forward to the future updates.
Not sure however if what is published in the public domain is sufficient to outrule tech. that might break the best efforts - but in the end that is all that can be done ;-)
Great post!