Credence: thwarting p2p pollution?August 04, 2005
Keywords: peer to peer p2p credence voting pollution
Certain peer to peer networks suffer from a high ratio of pollution: files that are fake, damaged, infected with viruses or similar. First attempts to lower the pollution were simple voting systems where users voted on whether a specific file was good or bad.
I haven't had much faith in such voting systems because it seemed too easy to spam the systems with fake votes. Surely enough, various companies have already been identified who pollute the peer to peer networks with fake files and rate the files as good.
Credence is an academic project that has a different approach to the problem: it implements a voter correlation scheme.
Users that vote similarly become grouped together and results on a particular object (e.g. a p2p file) are then correlated by the voting group you belong to.
This means that malicious users will quickly form their own voting communities and have little effect on groups of honest voters.
There is a second benefit from this strategy. Votes from malicious users will not be disregarded but will ultimately start being counted as direct opposites. If a dishonest voter votes positively on an object, the honest user will count that as a negative vote for that object. The dishonest voting circles will not even be aware of what the current status of an object is to other voting communities.
One possible attack on Credence would be by a user that votes honestly on a large amount of certain files but votes dishonestly on one or a few specific target files. It is however very complex trying to analyze how many honest votes need to be placed for each dishonest vote while retaining it's own credence.
Another common vulnerability of voting systems is the possibility for a single node to assume many different identities (also known as The Sybil Attack). Credence attempts to minimise the risk for a Sybil attack by requiring a large download for each new identity.
For honest users it will not be a problem to download one single large file. For dishonest individuals it will be very costly to download a large amount of files in order to set up fake identities.
Now if it only was possible to combine this robust voting system with the anonymous P2P networking protocol I wrote about earlier. This would make it much more reliable and risk free to share let's say political opinions..