i think it could be done with zero knowledge proofs, but it's meaningless without connecting their graph to yours anyway. all of the vertexes matter in the calculation.
Discussion
Yeah I think some vague notion I had of this was the practical issue
keep in mind that npubs are pseudonyms. but webs of trust can't be easily manufactured. so, there isn't really much point in hiding identity using zkp range proofs.
whether they doxx themselves with their nostr identity or not is a separate thing to their social graph.
So is Deep Throat kind of the use case you’re thinking of? DT wants to spill the beans on some stuff, he wants the world to trust what he says but he doesn’t want to reveal his name. One option is to tell your story to Bob Woodward who pinky swears that DT is really truly in a position to tell the story he’s telling. So the question is: can we come up with another option that doesn’t require Bob Woodward?
I think it’s a valid use case.
Yeah, basically that, if you're asking me and not mleku (or both). A situation where you really need iron clad anonymity and don't trust your opsec. Other uses too, just being inflammatory on occasion etc
Ring signatures would be one method.
In the DT case: produce a list of N npubs that my WoT can verify work in the Nixon administration, tell your tale, then sign it with a ring signature that proves you’re one of the N npubs without revealing which one. Obviously N needs to be sufficiently high to make you feel safe.
A more generic case: make a list of N accounts that are widely perceived as having high generic Trust Scores (eg GrapeRank or some other metric), then use a ring signature using that list.
I wrote a NIP for Ring Signatures with this exact use case in mind back in April:
Were you collabing with waxwing at the time, or am I remembering something/someone else?
Will have a look
That works, but it isn't free. You are averaging the trust and burning a bit of everyone in the ring's anonymity. In the case of abuse you burn some amount of everyone's trust.
How you pick these high generic trust accounts? Are you choosing for a known audience?
Those questions will be highly specific to each use case. WoT is one of those areas where there will be few if any perfect solutions, only tradeoffs. But in many cases — once again, highly dependent on the particulars of the use case — the tradeoffs will be worth making. To answer your question: the person crafting the message chooses the audience, depending on the message being sent.
Would also be important that the nsec behind it would be able to check if they published it (what if your nsec was compromised and attacker laid in wait for the post of this form...you'd then want to be able to check if it was your nsec behind the post and denounce it publicly if it wasn't actually sent by you). Just thinking aloud fw(little)iw