[bisq-network/projects] Research on solutions for DIDs (decentralized IDs) in Bisq (#55)

chimp1984 notifications at github.com
Sat May 1 18:40:25 CEST 2021


Just a few nodes to avoid potential confusion:
The intended identity system is fully under control of the user. The user can choose between maximal privacy (appear always like a new users with zero reputation/fresh identity) or an identity used for reputation which enables new features like usage for trade protocols, access to certain features without financial cost.

Any permissionless and open system needs to protect against abuse. This protection can be achieved by different means.  
If no reputaton is in place financial costs or proof of work are the best protection against abuse. To avoid such costs (e.g. bonds, security deposits, fees) users can choose to provide some sort of reputation based on identity (e.g. a key pair). 

Current Bisq has several forms of identity/reputation:
- Onion address is currently global and re-used (we want to avoid that in Bisq 2.0)
- Public signature and encryption keys are global (we want to avoid that in Bisq 2.0)
- Account age and account age witness (only used for fiat accounts where it is enabled)
- Local reputatiuon based on the onion address and past trades (see number of past trades, tag trader, block trader)
- Merit in the DAO (past earned BSQ of contributors)
- Bonded reputation in DAO
- Bonded roles in DAO (for contributors taking a bonded role)
- Burned BSQ used as reputation
- P2P network internal peer management (a node which produces too much traffic or invalid messages gets limited or blocked) 
- And informal reputation via the different platforms used in the project (keybase, Github, Forum,....)

For protection of the p2p network proof of work is considered as further dos protection, thought that might have limitations (mobile use case) and an access token based approach is considered as well. So if the node cannot generate enough pow an access token can be used instead (e.g. based on BSQ bond/fee or some other model).
Other intended features like chats, allowing users to add custom payment methods, assets, contracts,... require protection against abuse as well. 
And finally it will allow new trade protocols with a lower security but with lower costs and higher convenience. 

All those things will be optional. Users still can use Bisq with high security protocols only and either have limited access to those new features (chat) or only read access. And Bisq 2.0 will fix a few privacy issues present in the current Bisq model (global onion address and keys). So it will increase privacy, make it more censorship resistant and optionally allows users who prefer cheaper trade protocols options to trade off some level of privacy with convenience/lower costs.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/projects/issues/55#issuecomment-830659327
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210501/77ad375e/attachment-0001.htm>


More information about the bisq-github mailing list