Nostr Web Client

Shower thought - is there some way to do a range proof for a WoT score while keeping the npbub somewhat anonymized?

Idea behind it is, say a trusted npub (defined as WoT in some high range) isn't confident they are anon but wants to make a controversial post, and they don't want to deal with the blowback on their popular npub, or maybe aren't sure about their opsec, yet they want people to give the post a certain level of attention/trust. And the rangeproof I guess would be needed to obfuscate the exact score, otherwise one could "reverse engineer" npub.

Pretty vague, just wondering, probably flawed.

Reply to this note

Please Login to reply.

Discussion

🇵🇸 whoever loves Digit 2mo ago

Idk any math but that seems like a good idea

YODL 2mo ago

Yeah, like if Lyn Alden wanted to tell her followers "flash mob bank xyz at dawn," it would be nice in theory to get that out there with her level of cred yet without sullying her good name.

I don't know the math either, not really, but can see the issue of a static proof and the non-static situation WoT score being relative to individual reading. Oh well, wanted it out there jic

🇵🇸 whoever loves Digit 2mo ago

Jumble just made me tap 🤙 7 times before accepting it, so

🤙🤙🤙🤙🤙🤙🤙

YODL 2mo ago

It's a sign!!

Daniel Wigton 2mo ago

No, and you don't actually want this. Trust is based on knowing who you are and what you are about. I don't have to know who you are in real life, just that over time I have come to trust your account along certain lines.

If algorithmic trust doesn't match the trust in people's heads then the system is broken and will either be abused or not be trusted.

Say a con man gains widespread trust as an expert on investment. Then using the trust gained convinces a bunch of people to invest their money in a scam. This is of course exactly where the term con or confidence man came from.

In a good confidence scam the targets don't realize the con man is in on it. He passes of the trust he earned to a 3rd party who does all the burning of bridges. Then he can pretend that he was taken advantage of as well. But eventually the pattern will catch up to him and he will at the very least lose trust.

If you were to make a method by which trust could be transferred anonymously, even weakly, then scamming would be super easy with no consequences.

The fallout would be that people simply no longer trust the entire system.

YODL 2mo ago

I feel the need to defend my initial idea despite your convincing argument against, I'm simply dug in after post. I shall return

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2mo ago

i think it could be done with zero knowledge proofs, but it's meaningless without connecting their graph to yours anyway. all of the vertexes matter in the calculation.

YODL 2mo ago

Yeah I think some vague notion I had of this was the practical issue

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2mo ago

keep in mind that npubs are pseudonyms. but webs of trust can't be easily manufactured. so, there isn't really much point in hiding identity using zkp range proofs.

whether they doxx themselves with their nostr identity or not is a separate thing to their social graph.

david 2mo ago

So is Deep Throat kind of the use case you’re thinking of? DT wants to spill the beans on some stuff, he wants the world to trust what he says but he doesn’t want to reveal his name. One option is to tell your story to Bob Woodward who pinky swears that DT is really truly in a position to tell the story he’s telling. So the question is: can we come up with another option that doesn’t require Bob Woodward?

I think it’s a valid use case.

YODL 2mo ago

Yeah, basically that, if you're asking me and not mleku (or both). A situation where you really need iron clad anonymity and don't trust your opsec. Other uses too, just being inflammatory on occasion etc

david 2mo ago

Ring signatures would be one method.

In the DT case: produce a list of N npubs that my WoT can verify work in the Nixon administration, tell your tale, then sign it with a ring signature that proves you’re one of the N npubs without revealing which one. Obviously N needs to be sufficiently high to make you feel safe.

A more generic case: make a list of N accounts that are widely perceived as having high generic Trust Scores (eg GrapeRank or some other metric), then use a ring signature using that list.

david 2mo ago

I wrote a NIP for Ring Signatures with this exact use case in mind back in April:

https://github.com/nostr-protocol/nips/pull/1894

YODL 2mo ago

Were you collabing with waxwing at the time, or am I remembering something/someone else?

Will have a look

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2mo ago

schnorr multisig can enable thousands of signers too...

david 2mo ago

I should learn more about schnorr

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2mo ago

yeah, remembering this, i probably should extend my pure go and libsecp256k1 bindings to also do signature aggregation and verification in the way it's done with musig2 using schnorr

Daniel Wigton 2mo ago

That works, but it isn't free. You are averaging the trust and burning a bit of everyone in the ring's anonymity. In the case of abuse you burn some amount of everyone's trust.

How you pick these high generic trust accounts? Are you choosing for a known audience?

david 2mo ago

Those questions will be highly specific to each use case. WoT is one of those areas where there will be few if any perfect solutions, only tradeoffs. But in many cases — once again, highly dependent on the particulars of the use case — the tradeoffs will be worth making. To answer your question: the person crafting the message chooses the audience, depending on the message being sent.

YODL 2mo ago

Would also be important that the nsec behind it would be able to check if they published it (what if your nsec was compromised and attacker laid in wait for the post of this form...you'd then want to be able to check if it was your nsec behind the post and denounce it publicly if it wasn't actually sent by you). Just thinking aloud fw(little)iw