Establish + Real-time display of Blockchain trust

[synctext]

this is the master ticket of the TI2806 Blockchain Context Project

All major updates will be displayed here.

This is a cutting edge research project within a highly competitive emerging research area. This assignment is suitable for scientific publication, ambitious students, and honor track participants.

Within this project you will build a solution to establish + visualize trust. The basic technique of using reputations to craft trust has been pioneered 22 years ago by eBay. Showing rating of both sellers and buyers on marketplaces provide basic trustworthiness hints. Online market Silk Road created honesty amongst online drug dealers using simplistic trust building mechanism, resulting in a 2.2% ratio of unsatisfactiory deals.

We build trust based upon well-known techniques of tamper-proof datastructures, recently popular under the name blockchain. For basic information about Blockchain technology, see this online book: https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf or the video lectures: http:https://bitcoinbook.cs.princeton.edu/

A blockchain database is provided, used to retrieve various transaction records, you must use these transactions to calculate trust scores. Trust scores need to be updated in real-time. As a starting point you will get a real-world blockchain transactions dataset in SQLight. An existing (expensive) algorithm in Python is provided. You will need to explore the literature on algorithms such as PageRank and EigenTrust to understand various performance trade-offs. You will need to understand how to visualize trust and other constraints. Will your work scale to blockchain databases with 10k or even 100k transactions? Your final product will be a tested and documented piece of software, superior to existing prototype:
https://github.com/Tribler/ /issues/2803

Current operational implementation to show trust within a Bittorrent client with Tor-like relay protocol:

[synctext]

Required background reading:

• web-of-trust
• the basics of key signing
• International Monetary Fund view on Trust and blockchain
• trust critically depends on your ability to store and control identities
• detailed read on blockchain and identity matters

Different sub-projects all form the key components of the total project.
Sub-project list:

• trust somebody within an app using public/private key cryptography, offer an alternative to the nerd-only approach. Outcome is an Android app with easy to use pairing. The app creates your public/private key pair, input randomness. Your app exchanges this key information using bluetooth offline bluetooth MITM-proof signature methods. Improve usability and friction by avoiding the typing of multi-digit codes, using images. to validate identity. See bluetooth secure pairing as an example on the usability problem. See also exotic solutions.
  

• create a blockchain-based web-of-trust
  This sub-project will try to make many attacks on the integrity of the public key impossible. Security is enhanced using the append-only nature of the blockchain.
  Thus fraud with trust becomes harder. Publish validated public-key pairs on your own blockchain implementation. Publishing and revoking compromised or lost keys becomes fully transparent.
  Do a quick-and-dirty implementation of friendship stuff from project 1. Bonus for full integration later.
  Implement the scalable TUDelft blockchain in Java for Android. Design a new message layout and protocol for storing public keys. Background reading: understand "key attestation".

• strengthen a web-of-trust with complete privacy using person-to-person IBAN bank transfers and encrypted challenge/response handshakes. Do a quick-and-dirty implementation of friendship stuff from project 1 (like a list of trusted public keys). Open a bank account with a bank with an open API, for instance ING has one it seems or this small starting bank. Extra costs will be refunded. Evaluate the usability of these APIs for this sub-project. Build an Android app which can validate bank accounts of other users. Your app will use the public key of your friend to send a IBAN transfer of a few cents with an encoded challenge in the payment description field. Use a mainstream ed25519 based challenge / response protocol for this description field. The receiver returns another payments of a few cents with cryptographic proof that he fully controls both the bank account funds and private key. This is an open source Android app.

• create a real-time visualisation of web-of-trust, like this work from 16 years ago and recent node.js like stuff based on experimental Python code. Trust scores need to be updated in real-time. As a starting point you will get a real-world blockchain transactions dataset in SQLight. Your work will be fully integrated into the Tribler code base. Do a quick and dirty implementation of the PageRank algorithm and existing code. Integration within code which has been evolving in Delft since 2005 will take significant effort. You are advised to first do a quick stand-alone visualization of this dataset. Then do a minimal implementation within Tribler and start expanding that work.

• Expand the existing approach within Tribler with a random-walk algorithm. Existing approach is limited to simply showing your own blockchain. You will create industry-grade software to calculate trust of others within Tribler. Create a quick and dirty visualization and focus on theoretically-grounded real-time calculations. Try to apply the state-of-the-art incremental Stanford-Twitter-Stanford algorithm.

• Your trust in others and your own security critically depends on how good you can shield your cryptographic secrets. Procure some standard consumer hardware to securely store your identity outside your smartphone, for instance using Fidesmo or Yubikey with the HMAC-based One-time Password Algorithm (HOTP) or the Time-based One-time Password Algorithm (TOTP). Funds will be provided. Do a quick-and-dirty implementation of friendship stuff from project 1 (like a list of trusted public keys). You will now sign incoming friendship requests using your private key stored outside your device. These requests come from nearby Bluetooth devices! Use state-of-the-art approaches to implement this signing procedure in the safest way possible. Final product is an Android app capable of cryptographic validating of friendship requests with minimal security vulnerability within the system architecture.

[MrHug]

And a permanent record for GitHub. The groups have been assigned based on their preferences:

• Bulls, Bears, and Wolves: create a blockchain-based web-of-trust (bullet 2)
• Blockchainboys: create a real-time visualisation of web-of-trust (bullet 4)
• Chainabletech: strengthen a web-of-trust with complete privacy using person-to-person IBAN bank transfers and encrypted challenge/response handshakes. (bullet 3)
• NervousFish: trust somebody within an app using public/private key cryptography, offer an alternative to the nerd-only approach. (bullet 1)

[devos50]

Implementation of our scalable blockchain (TrustChain): https://github.com/Tribler/tribler/tree/devel/Tribler/community/multichain

[synctext]

Progress overview

A total of 20 student in 4 teams. All teams have produced a prototype.

• Team: Android app with easy to use pairing
  Prevent MITM attack for key pairing. Use rythm tapping or pictogram ordered tapping. 100+ pull requests and discussions in repo

• Team: create a blockchain-based web-of-trust
  Key product is a Java based implementation of the Trustchain blockchain. Will result in a library for storage of trust in identity of contacts. Thus Trustchain library for the other teams.

• Team: validate people in your web-of-trust with IBAN bank transfers
  BankChain using the Bunq semi-open API and CI. Can make challenge and/response using payment-description field.

• Team: create a real-time visualisation of web-of-trust in Python
  PR on main codebase. Operational Linux code with trust calculations.
  Note, other ongoing work is creating a hard 3 GByte freerider reject mechanism.

• Team: customs office, Hyperledger prototype
  (advised by Zeki)

other Delft team with operational Android blockchain, not trustchain

[MrHug]

@synctext
You can find an apk from the Android app with easy to use pairing-team here

[ghabbenjansen]

Sneak preview of the Tribler Trust Network Visualization:

[Ishadijcks]

ChainableTech
Final report [Draft]
Contextproject_Draft_Report_ChainableTech_BankChain.pdf

[yinghaodai]

BlockchainBoys Final Report Draft.pdf

[ericcornelissen]

Draft for the NervousFish app (i.e. Team: Android app with easy to use pairing) can be found
here (pdf)

[ghost]

bulls-bears-wolves.pdf Final Report Draft

[joskuijpers]

ChainableTechnologies.zip

Final reports and information.

[vandenheuvel]

All of our deliverables in a single zip.

[ericcornelissen]

All deliverables (including the final report) for the Nervoush Fish app can be downloaded here

[ghost]

deliverables for Bulls, Bears & Wolves

[synctext]

Releases of self-sovereign identity Android Apps:

• Key attestation with MITM attack prevention (tapping, rythm, NFC, QR codes).
• Bank IBAN for sybil attack prevention
• Java Android blockchain library
• web-of-trust visualization

[synctext]

All work now moved to #10, closing this issue.