Chlu Protocol — an overview

Chlu is an open and decentralized reputation platform where vendors are in control of their reputation data and all reviews and ratings are backed by payments made through existing cryptocurrencies.

Chlu Protocol describes how customers, vendors and marketplaces can a) request payments, b) make payments with a review, c) update a review and d) validate reviews. Our previous post on medium describes the goals of the protocol in detail. This post gives a brief overview of how the Chlu protocol achieves the most important goals.

The Chlu protocol provides means for customers, vendors and marketplaces to easily prove the following:

1. Each review was created in response to a payment requested by a vendor.
2. The customer made a payment to earn the right to create a review.
3. The vendor who is sharing the review with the marketplace is the same entity that requested the initial payment.
4. The review created by the customer has not been modified or tampered with by anyone, including the vendor.

There are other detailed requirements for the Chlu protocol but we do not delve into them in this post. Our position paper and the protocol specification on github provide detailed discussion and specification of the protocol. In this blog post we give a brief overview of the responsibilities of the vendor wallets, the customer wallets and marketplace libraries. We describe how the three components work together to provide a decentralised reputation platform.

Vendor Wallets — Requesting Payments

Chlu requires that a vendor should request a payment from the customer before the customer makes a payment.

The protocol provides mechanisms to prove that the vendor requested this payment, and that the request is signed by a vendor’s key pair explicitly generated for this purpose.

The vendor’s private key is kept safe by the vendor’s wallet and the public key is stored on a vendor controlled IPNS location.

Customer Wallets — Making a payment and writing reviews

Customer wallets can receive payment requests through a number of channels. The requests can come through a marketplace checkout, a QR code or a URL sent directly to the customer.

Once a customer wallet receives a payment request, it validates that the payment request hasn’t expired and has a valid signature. The public key to validate the signature is published on IPNS and the IPFS content address for the same is contained within the payment request.

The identity of who owns this public key is not important. Instead what is more important is that later on, when a marketplace or any other user wants to validate a review it can check that the key used to sign the initial payment request and the key used to encrypt the review are controlled by the same person. This is made possible by Chlu protocol requirement that both these keys are published under the same IPNS location.

Marketplace — validating reviews

The Chlu protocol specifies how a marketplace can receive new reviews for a vendor. A marketplace can watch the blockchain or IPFS locations to listen for any new reviews generated for a vendor. In the future there can be other ways for a marketplace to receive new reviews — Chlu leaves open such possibilities by choosing to publish reviews in an open and decentralised storage network like IPFS.

Once the marketplace is aware of a new review, it needs to validate that there is a valid payment request from the vendor to the customer and that the customer has made a valid payment to the vendor.

Once a marketplace receives a review, it has access to the location of the vendor’s key used to sign the payment request. Using this key the marketplace can validate that the vendor requested the payment and it can check that there is a payment to support this review.

The marketplace looks up the transaction in the blockchain for the currency specified, the customer address, the vendor address and the amount specified in the review record. Once one or more transactions are found matching the three parameters, the marketplace can verify that the content address reference to the review record embedded in the transaction matches the review record being validated.

Once a match is found the marketplace has a proof that the vendor requested the payment from the customer and that there is a payment made in response to this request, and finally, that the customer’s review has not be modified or tampered with by anyone else.

Conclusion

This blog post provides a brief overview of how the Chlu protocol works. The details of the protocol are specified in our github repository and our white paper published on our website.

Please contact us if you want to help us improve the protocol or want to help us implement the open source reference implementation. You can reach us on slack, telegram or on github.