New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proof of work based ID providers #1258

Closed
HelloZeroNet opened this Issue Jan 24, 2018 · 16 comments

Comments

Projects
None yet
8 participants
@HelloZeroNet
Owner

HelloZeroNet commented Jan 24, 2018

Why?

The current, whitelist based listed ID provider solution leads to unnecessary centralization.

How?

Proof-of-work based ID providers could let anyone create his/her own one and use it on any site that supports these kinds of ID providers.

What?

The site could add required prefixes for ID providers instead of specific listing the supported ID providers.

Example for current, white-list based configuration:

...
"user_contents": {
 "cert_signers": {
  "zeroid.bit": ["1iD5ZQJMNXu43w1qLB8sfdHVKppVMduGz"]
 }
}
...

This allows only one certificate provider on the site for the user contents.

Example for new, Proof-of-work based id specification

...
"user_contents": {
 "cert_pattern": "^1ZeroiD"
}
...

It would allow any certificate provider that's Bitcoin address starts with "1ZeroiD".
Currently, it takes around 6 hours on a ~200USD GPU or 30 USD on https://bitcoinvanitygen.com/
to generate an address with this prefix, which should be eligible to fight against spam.

Using the permission rules the site owners able to ban/set specific limits or rules based on ID provider address.

The users who don't have the possibility to generate his/her own ID provider could use
already existent ID providers that accept third-party registrations.

Problems

Backward compatibility

An older client won't accept user files signed by these id providers.

ID provider naming

We can't add readable name for the id providers, so they will appear as bitcoin address eg.: user@1ZeroiDJnkHkugPNd8UzSwceH8HfsnYtC

Possible solution: Display only the first few letter of the unique part, eg.: user@JnkH...

Unlimited number of users

We can't limit the number of users issued by the ID provider the per-user size limit going to lose some effectiveness.

Possible solution: A per-ID provider limit.

@HelloZeroNet HelloZeroNet added the idea label Jan 24, 2018

@HelloZeroNet

This comment has been minimized.

Owner

HelloZeroNet commented Jan 24, 2018

I just generated a 1ZeroiDJnkHkugPNd8UzSwceH8HfsnYtC address in 3 hours, so maybe we should make it harder like "1ZeroiD[0-9]" should take ~2-3days on my machine

@imachug

This comment has been minimized.

Contributor

imachug commented Jan 24, 2018

Hm... The idea itself look interesting, but ~2-3 days... Not sure if that is acceptable for users who join the network.

@HelloZeroNet

This comment has been minimized.

Owner

HelloZeroNet commented Jan 24, 2018

It's not acceptable for new users, but they would able to use already existing id providers. So if you do that 2-3 days of calculation you are also able to issue new certificates for users you trust.

@imachug

This comment has been minimized.

Contributor

imachug commented Jan 24, 2018

Okay, looks reasonable.

@jaros1

This comment has been minimized.

jaros1 commented Jan 25, 2018

Will cert pattern "cert_pattern": "^1" be allowed in this implementation? (while list all cert providers).

@HelloZeroNet

This comment has been minimized.

Owner

HelloZeroNet commented Jan 25, 2018

Sure, but if you don't want to have any control over the content submitted to your site, then I recommend self-signed certificate.

@grez911

This comment has been minimized.

Contributor

grez911 commented Jan 25, 2018

I like this solution because it doesn't require a blockchain.

@martinvahi

This comment has been minimized.

martinvahi commented Feb 13, 2018

Heaven forbid, AVOID THE PROOF-OF-WORK algorithm!!!!!!
Isn't the Bitcoin already contributing enough to the global warming?
Details are described at
http://fouryears.eu/2017/07/09/the-blockchain-consensus-problem/
(archival copy)

@6543

This comment has been minimized.

6543 commented Feb 22, 2018

  1. Do you have a saver Proof-Of... wich is as secure as ...work?
  2. BTC's Protokoll didnt need souch a heavy load - it only says the more miner they are they more they have to calc!
  3. teoretikal If we replace all banks and stok markets wit BTC,ETC and 1-2 other blokchainsolutions we could save mouch more!
  4. This is a dev discusion ethical discusions are needet but i think this is the wrong place :(
@martinvahi

This comment has been minimized.

martinvahi commented Feb 22, 2018

Do you have a saver Proof-Of... wich is as secure as ...work?

I believe that if I, or You, @6543, modified the idea that I have described at
https://www.softf1.com/cgi-bin/tree1/technology/flaws/silktorrent.bash/wiki?name=Experiment:+mmmv_symsig_t1
(archival copy)
then that might work.

@Thunder33345

This comment has been minimized.

Thunder33345 commented Apr 10, 2018

i think it should be varied and we can gauge trust on said cert pattern
say a looser pattern means less trust and more limits like less storage space, higher post cooldown vote means more etc and gets looser for harder patterns and that could account for not everyone having a good setup to generate it
"cert_pattern": "^10id" would be lowest
"cert_pattern": "^1Zero" would be mild
"cert_pattern": "^1Zeroid" would be higher trust

@martinvahi

This comment has been minimized.

martinvahi commented May 15, 2018

For the sake of contemplation, suppose we have a
MAGICAL BLACK BOX (does not exist in reality)
that is
RELIABLY ALWAYS ACCESSIBLE TO EVERYBODY (an oxymoron in practice)
and
NOT A CENTRAL POINT OF FAILURE (another oxymoron)
and that it
ALWAYS WORKS PERFECTLY and RELIABLY (yet another oxymoron)
and let's suppose that this magical black box gives ticket pairs, one
ticket to the server, telling that user U_n can perform
a single action A_x, and another ticket to the user, telling that
You, the user U_n, are allowed to perform action A_n only once per ticket
at server S_n, then what would be the answers to the following questions:

Q_1: Who gets to modify/post to a forum that is about 
    some supermafia/government/regime that loves to 
    apply censorship (id est Russia, China, Saudi Arabia, etc.)?

Q_2: How to stop a well paid, persistent, 
    supermafia/government paid human troll 
    from flooding the forum without limiting the posting rate of 
    non-trolls, who's accounts, aliases, are as old or older than
    that of the troll and that have the same posting frequency 
    pattern as the troll has?

Q_3: What to do, if the keys of a valid user get "confiscated"
    and the supermafia/authorities start to post as that user?

Q_4: In game theory the wins and losses are calculated 
    in respect of a specific player. If we're talking about 
    trust and mistrust, different trust levels, then who are the players?
    (A ZeroNet forum would be an interesting test case.)

Basically, I believe that more clarity might be brought to
the contemplation, if the James Bond style requirements (social requirements)
were laid out first and the set of technical requirements
were assembled after the social requirements are fixed.

Thank You for reading my comment.

@HelloZeroNet

This comment has been minimized.

Owner

HelloZeroNet commented Nov 8, 2018

Added as experimental feature to Rev3703: 6bc1ac1

Eg.: "cert_signers_pattern": "1Zero" to accept all signer starting with 1Zero (regexp supported)

To make a PowID compatible site:

  • Cloned ZeroChat
  • Changed the title to "ZeroChat with PoWID" using the sidebar
  • Edited data/users/content.json: removed "cert_signers": ..., added "cert_signers_pattern": "1Zero"
  • Changed this.cmd("certSelect", {accepted_domains: ["zeroid.bit"]}) to this.cmd("certSelect", {accepted_pattern: "1Zero"}) in the source code (index.html) to accept PowID as valid option on cert selection.
  • Signed data/users/content.json and content.json using sidebar

To generate a PowID provider:

  • vanitygen 1Zero (should take minutes using CPU and seconds using GPU)
  • Get my auth_address by entering to site's JS console (F12) zeroframe.cmd("siteInfo", [], (res) => console.log(res.auth_address))
  • Issue a certificate for that auth_address: zeronet.py cryptSign 1Fmvt3rAZnVsNz1o2uLnDd5W4fWor5tdpD#web/nofish 5KX... where 1Fmvt.. is the auth_address given by the previous command and 5KX... is the private key generated by vanitygen
  • To add certificate to client enter to JS console: zeroframe.cmd("certAdd", ["1ZeroyQs73YThofLjs8zYHevtA3mRiXaY", "web", "nofish", "HATgIoBr7CNmg56BIMVECW1B7pO6W9jUYTcckyIQJwcWU0uGf3bnHan6EelMkGR+8XZIB092wWFJtFpPjMGv1MQ="])
  • Done!
@DaniellMesquita

This comment has been minimized.

Contributor

DaniellMesquita commented Nov 8, 2018

@HelloZeroNet @shortcutme

All ID providers must use 1Zero?

@HelloZeroNet

This comment has been minimized.

Owner

HelloZeroNet commented Nov 8, 2018

its defined by the site. "1ZeroiD[0-9]" recommended (few days on average GPU) and probably will be enabled on ZeroTalk/ZeroMe hubs.

@DaniellMesquita

This comment has been minimized.

Contributor

DaniellMesquita commented Nov 8, 2018

recommended (few days on average GPU) and probably will be enabled on ZeroTalk/ZeroMe hubs

You is against mobile phones
ZeroNet will do sh*t till realize that Web of Trust is need

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment