[Cryptography] Ynt: Anonymous rendezvous (was Business opportunities in crypto)

[Osman Kuzucu]

This is where all kinds of discussions about pseudonyms go south.  Yes, the system can be constructed so that I'm sure I'm communicating with some particular pseudonym - and further I can be sure that a series of communications are to "the same" pseudonym (where "the same" means "in possession of some particular secret").  All that's fine (and very useful) as long as you "live" in the virtual world.  But it's precisely in binding that virtual world to the real world that we have problems.
Who in a virtual world can you trust?  You can bootstrap trust from the real world - I can trust a public key a friend of mine handed to me on his business card.  (It's interesting that that idea - mentioned in early discussions of public-key crypto - never caught on, probably because the keys are just too long.)  I can choose - or be forced - to put trust in a third party:  An organization that creates accounts only for those who the organization accepts; a government on-line identity, as some countries are providing.  All that's fine, as far as it goes - though it creates its own set of issues.  Where it does *not* go to is a purely virtual world with no trusted third parties.  Such a world can exist on its own, but it can't have any trusted ties to the real world out here.
This is actually what I have been thinking for sometime now. I think first we should understand how we actually know people, or verify that they are them in real life. We identify people from their government issued IDs and they have security measures on them so it is hard to fake an e-ID card (the ones with the chip and the e-ID symbol). So we accept that we are indeed talking with this person. Now assume that I lost my ID card and need a new one issued. When I visit the government office, the person working there don't know who I am and because I don't have my ID card, they can't just give away a new ID card to me. So they ask for two other government issued IDs (maybe driving license and a passport) and a lot of other extra documents to issue a new one. At the end, the person doesn't know me and needs valid documents to issue another valid document to me that will prove others that it is me.

The same goes for babies too. When they are born, they have no option but to trust people who feed them and take care of them. Later when they are introduced to new people, they might be scared or afraid to interact, so the parents say everything is okay and the baby trusts the previously trusted parent to trust new people. And this chain keeps going on, and we meet new people, observe their actions, and determine whether we want to trust them or not.

In a virtual world, this could happen too and actually happens in games. We meet with totally random strangers and play together and over time share our secrets and trust each other. But even this doesn't happen in the first second. It takes time. So, the trust is based on the actions of people or objects we observe. Based on that trust, we can buy those people's products, or trust on their audits or promises. In virtual world this step is omitted. Many think that trust can be achieved in a decentralized way, in seconds. While our feeling of trust literally comes from our observations of the outer world and third parties, I don't know how a purely virtual world with no trusted third parties can exist.

One approach could be where we start with a new solution, nothing related with payments or confidential information. A platform where individuals create and share content that doesn't require any trust (call it sharing memes with the world). Based on individuals' virtual identities' actions, over time a non-biased ranking system could be developed with users' feedbacks. And then people can start trading, exchanging goods in small amounts and over time other different interactions that require more trust. Only then we can have a no trusted central third party but we still would have to trust others to have our own sense of trust.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210505/5a6b7eb3/attachment.htm>