Game theory behind Digital Trust Protocol

Carsten Keutmann
7 min readJul 29, 2019

--

The incentives that drive the Digital Trust Protocol and ensures that information is available and updated in a decentralized system.

Photo by Randy Fath on Unsplash

An introduction to Digital Trust Protocol (DTP) if you are unsure what it is, otherwise continue.

The Incentive

The DTP system assumes it is generally harder to gain trust than to lose trust, both for humans and machines. This gives the users an incentive to guard their trust highly, as they otherwise may lose attention, influence, and opportunities. The trust network is based on a subjective viewpoint, as each subject has individual preferences of trust in subjects and items.

By assigning trust to everything possible to represent digitally; it becomes possible to leverage on the viewpoints and opinions on everything from trusted sources, this enables users to get information about entities that will help to make decisions about that entity. Imagine news articles flagged for their trustworthiness, products in a supermarket trusted for their quality, and the car mechanic rated for services, all within a single users personal trust network.

For an entity to keep trust already gained, creates an incentive to avoid bad behavior and keep up its predictability, this also applies to DTP servers to avoid being selective in hosting and sharing trust for uses, as this otherwise leads to distrust of the server and ultimate losing its customer base. Therefore the distribution, sharing, and searching for trust, rely on this incentive.

Bitcoin is an excellent example of a system that relies on an incentive to function properly. The incentive is to preserve the wealth accumulated in the Bitcoin system. Therefore the behavior is to act accordingly to the intentions of the protocol. The technical features of the Bitcoin system have been made so trying to go against consensus protocol or game the system, is very likely more expensive than the gains from the attack.

Byzantine Generals problem

In simple terms, it is a problem of coordination.
The Byzantines are trying to conquer a city, but the attack will only be successful if all generals coordinate and attack together.
The problem is how to ensure that all generals will follow the plan, even if they are located in different places and do not trust each other.

The Bitcoin code cannot prevent attacks on a larger scale that does not have economic incentives; however, it is unlikely that this would every occur as it will require massive coordination from many participants without any stake in the process. Furthermore, the existing community can always continue on a fork that is unaffected by the attack. The fundamental value of Bitcoin lies within the community and not in the bits and bytes in the blockchain. To attack Bitcoin, one needs to attack the community and not the code itself. This is also why forking a coin does not inflate the number of coins, as you cannot fork the community.

The DTP protocol defines a set of rules for the data structure of Trust and how to search on it. The DTP protocol can be used in a centralized or in a decentralized manner. The DTP protocol avoids using a blockchain as a consensus system, to void the limitation that a blockchain otherwise would apply. The benefits are that the DTP protocol can scale infinitely and cheaply. The DTP protocol does not technically enforce a consensus of data, but still defines Web of Trust graphs for its users that need synchronization of data in a distributed environment. So the problem is how to ensure synchronization of data between unrelated third parties in a decentralized environment.

The solution is reputation

The capital of the DTP protocol in a decentralized context is Reputation. The incentive is to preserve reputation. Reputation is derived from the aggregation of trust from many sources. Reputation is a vital aspect when dealing with human entities. When you are dealing with other human beings, you are making yourself potentially vulnerable in the process, and therefore to minimize risk, you rely on their reputation. However, every time you are dealing with other people, you are also putting your reputation on the line.

The problem with centralized systems is that they control the trust and can manipulate it at will. Also relying on their guarantee that the trust is valid is not possible, even they cannot always fact check it.

To cross trust across platforms and systems, it needs to be open and decentralized. The issuing of Trust is basically for free; it’s just an opinion on someone; therefore, it needs to be able to scale unlimited.

The solution is a decentralized network of servers sharing and handling trust. The reputation incentive is used to keep the server honorable about keeping themselves updated with the lastest trust data, and present the correct results to their clients.

The DTP protocol claim data is immutable and time-stamped; therefore, the DTP servers cannot produce fake data, simply because they cannot fake a signature from the issuer. Claims are time-stamped, so there is proof of existence. The only thing a server can do to manipulate the result of a query on a users personal Web of Trust network is to ignore some claims and only present claims that suit the server.

The DTP Web of Trust graph is defined here

The only way for a user to verify if the search result on a personal web of trust network is up to date is to verify the result against other servers.

Query and verify

If irregularities are discovered, a request to the server can be issued to update its Web of Trust database with the missing claims. If the server continues to prove unwilling to produce correct results, distrust can be issued to the server, and the server will lose reputation.

Server distrusted from bad behavior

The user that distrusted the server will affect the whole users own network as they will now identify the server as bad. This way, a server can very quickly lose all its customers and be left isolated.

Family and friends now know about bad server

Servers to servers are also using the reputation system, as the trust is digitized and therefore easy to implement in automated software. This enables for automated protection from outside attacks like DDOS, as servers will require some form of reputation before allowing the query of resources, both for users and from other servers.

Potential Attacks

The strength of the system is that it is subjective, and the trust is self-provable authentic. This makes it hard to perform attacks where a massive number of claim messages are issued from a bot network, trying to influence a specific subject. Because it only has a minimal effect for the users of the system besides taking up resources, as nobody trusts the spam in the first place and therefore the spam will have no influence on the user’s networks of trust. Entities trusting the spam can quickly be identified and distrusted if necessary to shield off the spam from the personal network.

A personal trust network is unaffected by a bot network

The prediction attack is from users trying to make predictions by creating a million ‘guessing’ messages and not / barely share them, to make it seems that the issuer has created a correct trust when presented in the future scenarios. This can be countered by looking at packages containing the trust when trusts are published on a DTP server. A package is always time-stamped and signed by the server and then shared with other servers. If no packages with the trust presented, can be found on any servers, then the trust may seem not to be shared publicly and therefore may have limited historical value. Furthermore, if the identity behind the prediction has a minimal history, one may assume that the trust has been fabricated to this scenario.

Multiple servers have the same package, confirms its existence.

Conclusion

The capital of the DTP protocol in a decentralized context is Reputation. The incentive is to preserve reputation. Reputation is derived from the aggregation of trust from many sources. Reputation is a vital aspect when dealing with human entities. When you are dealing with other human beings, you are making yourself potentially vulnerable in the process, and therefore, to minimize risk, you rely on their reputation. However, every time you are dealing with other people, you are also putting your reputation on the line.

Therefore the system of Reputation incentive for good behavior and discourage bad behavior. This is especially useful in decentralized scenarios where some form of open interaction is needed.

--

--