A PKI based on decentralized trust for P2P transaction processing [2004]

Context

The text below is Malte Ubl's diploma thesis from 2004. Diploma was the name of the primary academic title for engineering degrees in Germany before Europe switched to the US Bachelor/Masters system.

The thesis was originally written in German which clearly was a mistake since the audience was the worldwide computer science community. In fact, I've been sad about this decision ever since. AI to the rescue. The text below is machine-translated by Google's Gemini 1.5 Pro.

Publishing the thesis now has no practical purpose, but it is a fun historical artifact providing a perspective into the early-2000s internet. Summarized with the benefit of hindsight, the thesis proposes a blockchain-like mechanism for p2p transaction processing.

The text has a lot of boilerplate establishing baseline facts required for diploma theses. Things get a bit more interesting from 6 Trust.

1 Introduction

2 P2P Networks

2.1 Roles of Network Participants

In a P2P network, such a clear distinction between client and server cannot be made.${}^6$${}^6$^(6){ }^{6}${}^6$Each participant in the network has a user interface for client functionalities and offers services for other participants in the network. Ideally, every participant should be able to offer every transaction supported by the network.${}^7$${}^7$^(7){ }^{7}${}^7$

2.2 Organization

2.3 Structuring

2.4 Differentiation from Other Distributed Architectures

2.4.1 Clusters

2.4.2 Grid Computing

2.5 Advantages and Disadvantages of P2P Technology

2.6 Applications

• File sharing - controversially represented by Napster${}^{21}$${}^{21}$^(21){ }^{21}${}^{21}$, Kazaa${}^{22}$${}^{22}$^(22){ }^{22}${}^{22}$, Gnutella${}^{23}$${}^{23}$^(23){ }^{23}${}^{23}$, etc. Exchange of often copyrighted content over the P2P network.
• Content distribution - represented by BitTorrent${}^{24}$${}^{24}$^(24){ }^{24}${}^{24}$, among others.
  Distribution of the traffic load of a download, which is accessed by many, among all downloaders.
• Resource sharing - represented by SETI@Home${}^{25}$${}^{25}$^(25){ }^{25}${}^{25}$, among others.
  Participants make their unused resources available to the network.
• Communication - represented by ICQ${}^{26}$${}^{26}$^(26){ }^{26}${}^{26}$, among others.
  Participants communicate with each other via direct channels.

2.7 Characteristics

From the characteristics /P2P 20-40/, it follows that the P2P network as a whole represents a kind of distributed database that provides services for publishing and searching for information.

2.8 Identifiers

2.9 Functions

• publish(Tuple)

• $\mathrm{search}(\mathrm{Pairs}(\mathrm{Tuple-field},\mathrm{Value}))$$\mathrm{search}(\mathrm{Pairs}(\mathrm{Tuple-field},\mathrm{Value}))$search(Pairs(Tuple-field,Value))\operatorname{search(Pairs(Tuple-field,~Value))~}$\mathrm{search}(\mathrm{Pairs}(\mathrm{Tuple-field},\mathrm{Value}))$

• $\mathrm{search}(\mathrm{publish}(...))$$\mathrm{search}(\mathrm{publish}(...))$search(publish(...))\operatorname{search(publish(...))~}$\mathrm{search}(\mathrm{publish}(...))$

• Tuple ${}_2=$${}_2=$_(2)=_{2}=${}_2=$request ${}_i($${}_i$_(i)(:}_{i}\left(\right.${}_i($Identifier ${}_j$${}_j$_(j)_{j}${}_j$, Tuple ${}_1)$$\left.{}_1\right)${:_(1))\left._{1}\right)${}_1)$

3 Scenario

3.1 Business Perspective

3.1.1 Business Process

1. Offer selection (marked turquoise in Figure 4)
2. Bid submission (marked yellow)
3. Exchange of money for goods (marked orange)

3.1.2 Assumptions

3.1.3 Data Modeling

3.1.4 Risk

3.1.5 Requirements

3.1.6 Use Cases

3.2 Implementation

3.2.1 Current Online Auction Platforms

3.2.1.1 Architecture

3.2.1.2 Business Model

3.2.1.3 Reputation Model

3.2.2 Implementation Approach

The architecture of the auction platform in the P2P network represents a natural mapping of the business process. Abstractly speaking, data, goods, and money flows follow the same path.

4 Cryptography

• Confidentiality (Secrecy) The goal of confidentiality is to transmit a message to a recipient without third parties learning about the transmission or even the content.
• Data Integrity The goal of data integrity is to ensure that a message is not altered during transmission.
• Authentication
  • Participant Authentication The goal of participant authentication is the unambiguous identification of a participant, whereby local identification is also considered here (e.g., to an ATM), so communication over an insecure channel does not necessarily have to be assumed.
  • Message Authentication (Non-repudiation, Attribution) The goal of message authentication is to prove the authorship of a document in order to be able to unambiguously determine the author and to prevent them from denying authorship. In daily life, this is usually guaranteed by signatures. Message authentication is thus the basis for many business transactions.

4.1 Symmetric Encryption

4.2 Asymmetric Encryption

A so-to-speak "byproduct" of asymmetric cryptography is the possibility of a digital signature. If Bob encrypts a message with his own private key, a signature is created. This can be verified by decrypting the signature with Bob's public key and comparing it with the original text.${}^{39}$${}^{39}$^(39){ }^{39}${}^{39}$In addition to the participant authentication guaranteed by the signature, it also guarantees the integrity of the data associated with it.

4.2.1 Public Key Problem

4.3 Cryptographic Hash Functions

4.4 Notation

5 Public Key Infrastructure

• The interface must be known and easy to use.
• The results of using the infrastructure must be predictable and useful.
• The way these results are generated does not need to be known to use the infrastructure.

5.1 Goals of PKI

5.2 PKI Components and Services

5.2.1 Certificate

5.2.2 Certification Authority

5.2.3 Certificate Repository

5.2.4 Certificate Revocation

5.2.5 Key Backup and Recovery

5.2.6 Automatic Key Update

5.2.7 Key History

5.2.8 Cross-Certification

5.2.9 Support for Non-Repudiation

5.2.10 Time Stamping

5.2.11 Client Software

5.3 Trust Models

5.3.1 Strict Hierarchy of Certification Authorities

In a strict hierarchy of Certification Authorities, there is a Root CA from which all trust in the PKI originates. This means that all participants must trust the Root CA. The Root CA's certificate is self-signed.${}^{47}$${}^{47}$^(47){ }^{47}${}^{47}$There can be further levels of CAs below the Root CA, whose certificates are signed by a CA at the respective higher level. The leaves of the resulting tree are the actual participants in the PKI. Valid participant certificates refer to the Root CA via the certificate chain by tracing the respective CAs.${}^{48}$${}^{48}$^(48){ }^{48}${}^{48}$

5.3.1.1 Architecture with Distributed Trust

5.3.2 Web of Trust

6 Trust

6.1 Transitive Trust

6.2 Small-World Networks

6.2.1 Trust in Small-World Networks

6.3 Trust Relationships

6.4 Trust Metrics

6.4.1 Use in P2P Networks

6.5 Global Trust

6.6 EigenTrust

• Other participant $j$$j$jj$j$behaved positively towards $i$$i$ii$i$in an auction: $(tr(i,j)=1)$$(tr(i,j)=1)$(tr(i,j)=1)(tr(i, j) = 1)$(tr(i,j)=1)$. This is the case, for example, if an auction winner paid promptly and in full.
• Other participant $j$$j$jj$j$behaved negatively towards $i$$i$ii$i$in an auction: $(tr(i,j)=-1)$$(tr(i,j)=-1)$(tr(i,j)=-1)(tr(i, j) = -1)$(tr(i,j)=-1)$. This is the case, for example, if the auctioneer does not deliver after the auction.
• All participants trust themselves: $(tr(i,i)=1)$$(tr(i,i)=1)$(tr(i,i)=1)(tr(i, i) = 1)$(tr(i,i)=1)$.
• The local trust value from $i$$i$ii$i$to $j$$j$jj$j$is $s_{ij}=\sum t{r}_{ij}$$s_{ij}=\sum t{r}_{ij}$s_(ij)=sum tr_(ij)s_{ij} = \sum tr_{ij}$s_{ij}=\sum t{r}_{ij}$.

6.6.1 Normalization of Local Trust Values

6.6.2 Aggregation of Local Trust Values

• $C$$C$CC$C$be the matrix $c_{ij}$$c_{ij}$c_(ij)c_{ij}$c_{ij}$,
• ${\overrightarrow{t}}_i$${\overrightarrow{t}}_i$vec(t)_(i)\vec{t}_{i}${\overrightarrow{t}}_i$be the vector $t_{ij}$$t_{ij}$t_(ij)t_{ij}$t_{ij}$,
• ${\overrightarrow{c}}_i$${\overrightarrow{c}}_i$vec(c)_(i)\vec{c}_{i}${\overrightarrow{c}}_i$be the vector of local normalized trust values of $i$$i$ii$i$, then:

6.6.3 Probabilistic Interpretation

6.6.4 Simplified EigenTrust Algorithm

6.6.4.1 Refinement

• $p_i=1/|P|$$p_i=1/|P|$p_(i)=1//|P|p_{i} = 1 / |P|$p_i=1/|P|$if $i\in P$$i\in P$i in Pi \in P$i\in P$, otherwise
• $p_i=0$$p_i=0$p_(i)=0p_{i} = 0$p_i=0$

6.6.4.2 Convergence

6.6.5 Distributed EigenTrust Algorithm

• $A_i$$A_i$A_(i)A_{i}$A_i$: Set of participants who have made a trust statement about $i$$i$ii$i$.${}^{79}$${}^{79}$^(79){ }^{79}${}^{79}$
• $B_i$$B_i$B_(i)B_{i}$B_i$: Set of participants about whom $i$$i$ii$i$has made a trust statement.

• Let $k$$k$kk$k$be the round index and $a,b,c$$a,b,c$a,b,ca, b, c$a,b,c$be participant indices.

• Let $k$$k$kk$k$be the round index and $i$$i$ii$i$be the participant index.

• Let $t_i^{(a)}$$t_i^{(a)}$t_(i)^((a))t_{i}^{(a)}$t_i^{(a)}$be global variables for $a=k$$a=k$a=ka = k$a=k$and $a=k+1$$a=k+1$a=k+1a = k+1$a=k+1$.

• Round 0
  $i$$i$ii$i$can calculate $compute\mathrm{\_}round(0,i)$$compute\mathrm{\_}round(0,i)$compute_round(0,i)compute\_round(0, i)$compute\mathrm{\_}round(0,i)$because it can calculate $step(0,j,i)$$step(0,j,i)$step(0,j,i)step(0, j, i)$step(0,j,i)$.
  $i$$i$ii$i$can calculate $step(0,j,i)$$step(0,j,i)$step(0,j,i)step(0, j, i)$step(0,j,i)$because it knows $c_{ji}$$c_{ji}$c_(ji)c_{ji}$c_{ji}$and has requested $t_j^{(0)}$$t_j^{(0)}$t_(j)^((0))t_{j}^{(0)}$t_j^{(0)}$.
  $i$$i$ii$i$sends $step(1,i,j)$$step(1,i,j)$step(1,i,j)step(1, i, j)$step(1,i,j)$to $j\in B_i$$j\in B_i$j inB_(i)j \in B_{i}$j\in B_i$.
  $i$$i$ii$i$can calculate $step(1,i,j)$$step(1,i,j)$step(1,i,j)step(1, i, j)$step(1,i,j)$because it knows $c_{ij}$$c_{ij}$c_(ij)c_{ij}$c_{ij}$and $t_i^{(1)}=compute\mathrm{\_}round(0,i)$$t_i^{(1)}=compute\mathrm{\_}round(0,i)$t_(i)^((1))=compute_round(0,i)t_{i}^{(1)} = compute\_round(0, i)$t_i^{(1)}=compute\mathrm{\_}round(0,i)$.
• Round 1
  $i$$i$ii$i$can calculate $compute\mathrm{\_}round(1,i)$$compute\mathrm{\_}round(1,i)$compute_round(1,i)compute\_round(1, i)$compute\mathrm{\_}round(1,i)$because $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$sends $step(1,j,i)$$step(1,j,i)$step(1,j,i)step(1, j, i)$step(1,j,i)$.
  $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$can send $i$$i$ii$i$$step(1,j,i)$$step(1,j,i)$step(1,j,i)step(1, j, i)$step(1,j,i)$because it calculated this value in round 0.
  $i$$i$ii$i$sends $step(2,i,j)$$step(2,i,j)$step(2,i,j)step(2, i, j)$step(2,i,j)$to $j\in B_i$$j\in B_i$j inB_(i)j \in B_{i}$j\in B_i$.
  $i$$i$ii$i$can calculate $step(2,i,j)$$step(2,i,j)$step(2,i,j)step(2, i, j)$step(2,i,j)$because it knows $c_{ij}$$c_{ij}$c_(ij)c_{ij}$c_{ij}$and $t_i^{(2)}=compute\mathrm{\_}round(1,i)$$t_i^{(2)}=compute\mathrm{\_}round(1,i)$t_(i)^((2))=compute_round(1,i)t_{i}^{(2)} = compute\_round(1, i)$t_i^{(2)}=compute\mathrm{\_}round(1,i)$.
• Round 2
  $i$$i$ii$i$can calculate $compute\mathrm{\_}round(2,i)$$compute\mathrm{\_}round(2,i)$compute_round(2,i)compute\_round(2, i)$compute\mathrm{\_}round(2,i)$because $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$sends $step(2,j,i)$$step(2,j,i)$step(2,j,i)step(2, j, i)$step(2,j,i)$.
  $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$can send $i$$i$ii$i$$step(2,j,i)$$step(2,j,i)$step(2,j,i)step(2, j, i)$step(2,j,i)$because it calculated this value in round 1.
  $i$$i$ii$i$sends $step(3,i,j)$$step(3,i,j)$step(3,i,j)step(3, i, j)$step(3,i,j)$to $j\in B_i$$j\in B_i$j inB_(i)j \in B_{i}$j\in B_i$.
  $i$$i$ii$i$can calculate $step(3,i,j)$$step(3,i,j)$step(3,i,j)step(3, i, j)$step(3,i,j)$because it knows $c_{ij}$$c_{ij}$c_(ij)c_{ij}$c_{ij}$and $t_i^{(3)}=compute\mathrm{\_}round(2,i)$$t_i^{(3)}=compute\mathrm{\_}round(2,i)$t_(i)^((3))=compute_round(2,i)t_{i}^{(3)} = compute\_round(2, i)$t_i^{(3)}=compute\mathrm{\_}round(2,i)$.
• Round $k$$k$kk$k$
  $i$$i$ii$i$can calculate $compute\mathrm{\_}round(k,i)$$compute\mathrm{\_}round(k,i)$compute_round(k,i)compute\_round(k, i)$compute\mathrm{\_}round(k,i)$because $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$sends $step(k,j,i)$$step(k,j,i)$step(k,j,i)step(k, j, i)$step(k,j,i)$.
  $j\in A_i$$j\in A_i$j inA_(i)j \in A_{i}$j\in A_i$can send $i$$i$ii$i$$step(k,j,i)$$step(k,j,i)$step(k,j,i)step(k, j, i)$step(k,j,i)$because it calculated this value in round $(k-1)$$(k-1)$(k-1)(k-1)$(k-1)$.
  $i$$i$ii$i$sends $step(k+1,i,j)$$step(k+1,i,j)$step(k+1,i,j)step(k+1, i, j)$step(k+1,i,j)$to $j\in B_i$$j\in B_i$j inB_(i)j \in B_{i}$j\in B_i$.
  $i$$i$ii$i$can calculate $step(k+1,i,j)$$step(k+1,i,j)$step(k+1,i,j)step(k+1, i, j)$step(k+1,i,j)$because it knows $c_{ij}$$c_{ij}$c_(ij)c_{ij}$c_{ij}$and $t_i^{(k+1)}=compute\mathrm{\_}round(k,i)$$t_i^{(k+1)}=compute\mathrm{\_}round(k,i)$t_(i)^((k+1))=compute_round(k,i)t_{i}^{(k+1)} = compute\_round(k, i)$t_i^{(k+1)}=compute\mathrm{\_}round(k,i)$.