OpenBazaar - Ratings, reviews and reputation

OpenBazaar
Ratings, Reviews, and Reputation
1
Chris Pacia
Dr Washington Sanchez
Austin Williams

Overview
1. What is identity on OpenBazaar?
2. What are Ricardian Contracts?
3. What is reputation on OpenBazaar?
4. What is a valid rating?
5. Where is the rating stored?
6. What about privacy?
2
The above picture isn’t relevant to anything, the slides just
felt awkward with all this white space.

Before we talk about ratings,
reviews and reputation…
Let’s talk about identity
3
What is identity on OpenBazaar?

4
BITCOINNETWORK BLOCKCHAIN ID

NETWORK
Network identity begins with an elliptic curve cryptographic (EC)
key [secp256k1; same as Bitcoin)
Key is used to generate a global unique identifier (GUID)
GUID = first 20 bytes of SHA512(self-signed pubkey),
where the last 32 bytes < difficulty target
5

NETWORK
GUID IP Address Port
34e57db64ce7435ab0f75
9cca81386527c670bd1
215.1.22.125 45785
Distributed Hash Table
6

No one can spoof your GUID unless they compromise
your private key
Can someone spoof my GUID?
7
The difficulty target introduces computation work that must be
performed to create a GUID, making it difficult to perform certain
types of network attacks.

Network communications on OpenBazaar
“Hi, my name is GUIDAlice and
this is my public key!”
“Hi GUIDAlice , yep that checks out. I’m
GUIDBob and this is my public key!”
“Yep that checks out!”
Step 1: Say Hello; verify GUIDs match the public key.
8

“Want to buy some
‘My Little Pony’ DVDs?
“Yeah sure”
Step 2: Encrypt messages with a peer’s public key so
only they can read it.
9

{
“item”: “My Little Pony volume 1”…
}
{
“shipping_address”: “1060 West Addison St, Chicago, IL”…
}
These messages will also carry the terms and
conditions of the Ricardian contracts
10

Some nuance
1. GUID keys will be used for session authentication
2. Message content will be encrypted with the recipient’s
public GUID key
3. Ephemeral EC keys will encrypt these messages sent
between peers after authentication
(Forward secrecy)
11

GUID EC key is used to sign the
Ricardian Contracts
12

13
BitcoinNetwork BLOCKCHAIN ID

BITCOIN
Bitcoin keys used for controlling the
multisignature escrow address
14
BIP32 hierarchical deterministic keys to
create 1 key per contract

The Bitcoin master private key =
SHA256(GUID.private_key)
15
GUID public key is hashed by SHA256 to create the
Bitcoin master private key of a BIP32 HD keychain

16
BITCOINNETWORK BLOCKCHAIN ID

Blockchain ID is a portable identity that can be used to:
1. Register a storefront handle
2. Cryptographically link:
• Multiple nodes on the network
• Identities outside of OpenBazaar
BLOCKCHAIN ID
17
Blockchain ID operates according to the Bitcoin Naming System
protocol, designed by Onename

18
Blockchain ID allows users to associate as much or as little
personally identifiable information (PII) as they desire with a GUID
GUID:
34e57db64ce7435ab0f759cca81386527c670bd1
Blockchain ID: +gillian_a_thompson
Cryptographically link identities
Register handle for the node
+ Certificate authority style ID verification
+ Business address
+ Phone number
Optional

19
A blockchain ID can be associated with multiple nodes that the
user controls and can also contain ‘subdomains’

Ricardian Contracts & the
Trade Flow
20
Ricardian Contracts and the Trade Flow

21
A digital contract that defines the terms and conditions of an
interaction, between two or more peers, that is cryptographically
signed and verified
Results in a tamper-proof contract that is formatted in XML or
JSON to be both human and machine readable
What are
Ricardian Contracts?

22
In OpenBazaar, it is also used to record the major
stages of the transaction. A completed contract is
called the trade receipt.
What are
Ricardian Contracts?

23
Cryptographic keys to establish identity
Semantic data to establish the terms and conditions of an
interaction (e.g. money exchanged for a good/service)
Digital signatures to create fraud-proof evidence that an
identity agreed to these terms and conditions
Cryptographic hash of the contract to create a tamper-
proof record of the contract
Major components

24
Application populates listing data into JSON
This data is saved locally and becomes the Ricardian Contract
There is a template attribute schema for physical goods, digital
goods, and services
Peers will request the values corresponding to the attribute
schema when downloading a contract
Ricardian Contracts in OpenBazaar

25
Contract schema divided into four stages, as per the trade flow
1. Stage 1: Vendor makes a listing
2. Stage 2: Buyer places an order
3. Stage 3: Vendor {ships the item; discloses link to digital content;
places an invoice for services rendered}
4. Stage 4: Buyer releases funds and makes rating
Ricardian Contracts in OpenBazaar
Some areas are expanded in more detail later

26

What is reputation on
OpenBazaar?
27
What is reputation on OpenBazaar?

Context is king
(aggregation is the enemy)
Not a vouching system
(web-of-trust is another layer, not an alternative)
28

29
Reputation is comprised of individual
transaction ratings

Transaction Ratings
6 Rating Parameters
30
1. Feedback rating
2. Item, Content, or Service Quality
3. Item, Content, or Service Description
4. Item, Content, or Service Delivery
5. Vendor Customer Service
6. Review
Tx Rating
Item: X
Buyer: Jim

CRITERIA STARS
I was very happy with the outcome of this trade. Based on this experience, I
would do business with them again without hesitation.
5
I was satisfied with the outcome of this trade. Based on this experience, I will
probably to do business with them again.
4
While the trade was successful, I wasn’t satisfied with the experience. I would
only do business with them if I couldn’t find anyone else.
3
The trade wasn’t successful and I had a bad experience with the Vendor. I will
not do business with them again.
2
The trade wasn’t successful and I had a terrible experience with the Vendor.
This is a scam, avoid at all costs.
1
1. Feedback Rating
31
What was the overall feedback when
purchasing the item from the vendor?

Transaction Ratings
6 Rating Parameters
32
1. Feedback rating
6. Review
Tx Rating
Item: X
Buyer: Jim

CRITERIA STARS
I was very happy with the quality of the item/content/service. I would
purchase it again and recommend it to others without hesitation.
5
I was satisfied with the quality of the item/content/service. I might purchase it
again and recommend it, but I’d still look for alternatives first.
4
The quality of the item/content/service was borderline acceptable. I would
only purchase and recommend it if I couldn’t find anything else first.
3
The quality of the item/content/services was bad, and I would not purchase it
again or recommend it.
2
The quality of the item/content/services was terrible, avoid this at all costs. 1
33
What was the quality of the item, content, or
service from the vendor?

Transaction Ratings
6 Rating Parameters
34
1. Feedback rating
6. Review
Tx Rating
Item: X
Buyer: Jim

CRITERIA STARS
The listing description was perfectly accurate. 5
The listing description was mostly accurate, there were 1-2 minor things that
were slightly inaccurate or missing in the description.
4
The listing description was barely acceptable. There were >2 minor things that
were inaccurate or missing from the description.
3
The listing description was largely inaccurate. The number of inaccurate or
omitted things in description outnumbered the anything that was correct.
2
The listing description was 100% false. 1
35
How accurate was the listing description of
the item, content or service?

Transaction Ratings
6 Rating Parameters
36
1. Feedback rating
6. Review
Tx Rating
Item: X
Buyer: Jim

CRITERIA STARS
The item/content/service was delivered earlier than the Vendor said it would
arrive.
5
The item/content/service was delivered within the time frame the Vendor said
it would arrive.
4
The item/content/service was delivered <3 days later than the Vendor said it
would arrive.
3
The item/content/service was delivered >3 days after the time frame that the
Vendor said it would arrive.
2
The item/content/service was never delivered. 1
37
How quickly was the item sent, content
accessible, or service performed after ordering?

Transaction Ratings
6 Rating Parameters
38
1. Feedback rating
6. Review
Tx Rating
Item: X
Buyer: Jim

CRITERIA STARS
The Vendor kept in contact with me at every stage of the trade. The Vendor
answered my questions, clearly and concisely, <12 hours after I asked.
5
The Vendor only contacted me if there was a problem. The Vendor answered
my questions, with some clarity, <24 hours after I asked.
4
The Vendor only contacted me after I reached out to them. The Vendor
answered some questions, with passable clarity, >24 hours after I asked.
3
The Vendor rarely responded. The Vendor was not clear or understandable. 2
The Vendor never communicated. 1
5. Customer Service
39
How do you rate the quality of the vendor’s
communication?

Transaction Ratings
6 Rating Parameters
40
1. Feedback rating
6. Review
Tx Rating
Item: X
Buyer: Jim

Leave some written feedback on the item and the
vendor for other buyers
6. Review
Review
Character limited review text
41
Not too long, maybe 280 characters (2 tweets length)?

Transaction Rating
Summary
42
1. Feedback rating
6. Review “The item was great…”
Tx Rating
Item: X
Buyer: Jim

43
Reputation is comprised of individual
transaction ratings

44
Item Reputation
The sum of transaction ratings from a single item
Buyer Reputation
The sum of transaction ratings from all items
Vendor Reputation

45
Tx Rating
Item: X
Buyer: Bob
Tx Rating
Item: X
Buyer: Jim
Item X Reputation
Item Reputation
The sum of transaction ratings from a single item
1. Feedback rating
2. Item Quality
3. Item Description
4. Item Delivery
5. Customer Service
6. Review … see all …

46
Tx Rating
Item: X
Buyer: Bob
Tx Rating
Item: X
Buyer: Jim
Tx Rating
Item: Z
Buyer: Jim
Tx Rating
Item: Y
Buyer: Tom
Vendor Reputation
Vendor Reputation
1. Feedback Rating (60)
2. Item Quality (60)
3. Item Description (56)
4. Item Delivery (58)
5. Customer Service (56)
6. Review … see all …

47
Tx Rating
Item: X
Vendor: Jim
Buyer Reputation
Buyer Reputation
Tx Rating
Item: Z
Vendor: Eve

48
What about Moderator Reputation?
Difficult problem to solve as there will always be one party
that is happy with the result, and one that is unhappy
Transparency is the best approach
The claim and dispute decision should be publicly accessible
for both Vendors and Buyers to assess:
1) Quality of the decision
2) Feedback from the winning and losing parties
3) Dispute resolution standards

49
Moderator Ratings
Individual dispute summaries would include the claimee, the winner,
rating and review from each side; also link to Ricardian Contract

50
Moderator Reputation
Ratings will be aggregated from the winners and losers of each disputed
transaction
Negative or positive consensus on the quality of dispute resolution will inform
Vendors and Buyers
Click for list of reviews Click for list of reviews

Ratings are assigned to a Vendor’s GUID
Reputation will be calculated by combining
ratings from all cryptographically linked nodes
51
What is a valid rating?

How is a rating made?
52

53
Making a rating
1. When the Buyer places an order, a multisignature escrow
address is generated from 3 keys: the Vendor, Buyer, and
Moderator.
However, the redeem script is slightly different to normal, as
it contains OP_DROP at the beginning of the script.
This will be important later.
Hash of the redeem script creates the multisignature address
(35YrNgXZ2wYouisYxA7dDsok2ydbUB6Gxo)

54
2. After receiving the order, the Vendor sends a digital signature of
the multisignature address, signed with their GUID private key.
This is called the Vendor GUID sig.
Making a rating
The Vendor GUID sig is very important as it establishes that the Vendor was
involved in this transaction
Verification is done with the Vendor’s GUID public key
Remember that bitcoin addresses are used only once in OpenBazaar, so
signatures need to be made with the Vendor’s GUID private key
ee0a04462c02ba0f30d29d62b5fc1614aab1cf2f1bb3849e6e88e968e4988fa9cbbc2223efbc705fc70615ea7eeb5b59b8606e232ae5db0e69689edbb59626d6ba12eb12dd2392ef
Example of the Vendor GUID sig

55
3. Once the item is received, the Buyer creates the rating just
before releasing funds to the Vendor. The rating data is attached
to the Ricardian contract (stage 4 of the trade flow).
Making a rating
Ricardian contract
(rating section)

56
4. The transaction releasing funds from the multisignature escrow
address to the Vendor is embedded (by the application in the
background) with the following rating data:
The Vendor GUID sig is added to scriptsig (64 bytes) as a pseudo third signature
The presence of OP_DROP as the first command in the redeem script removes the top stack item
(i.e. the Vendor GUID sig) when processing the transaction
It is added here as the signature is unlikely to be picked up by miners if placed in OP_RETURN
given that it is > 40 bytes; also OP_RETURN is needed for other data
This hack doesn’t add to the UTXO, and minimally increases the size of the transaction, which is
compensated by a marginal increase in fees if necessary
Making a rating
Vendor GUID sig
Redeem script
35YrNgXZ2wYouisYxA7dDsok2ydbUB6Gxo
scriptsig

57
4. The transaction releasing funds from the multisignature escrow
address to the Vendor is embedded (by the application in the
background) with the following rating data:
The Vendor’s GUID is added to OP_RETURN (20 bytes)
The serialized rating is added to OP_RETURN (5 bytes)
The first few bytes of the contract hash is added to OP_RETURN (5 bytes)
Making a rating
OP_RETURN data is used as the reference key for storing
trade receipts in Blockstore (more on that later)

58
5. The Vendor also signs the transaction and broadcasts it to the
Bitcoin network; the funds are released to the Vendor and the
rating data is stored in the blockchain.
Making a rating
To scan for ratings made to a Vendor, the blockchain is queried
OP_RETURN outputs where the Vendor has been tagged
Any transactions that do not have the Vendor proof in the scriptsig
are ignored as invalid

59
Making a rating
What happens in a direct transaction, where no multisignature
address is used?
2 transactions are made:
Transaction 1 – Payment in full to Vendor
• 2 outputs:
1. Direct payment to the Vendor
2. Small amount of Bitcoin (equivalent to a miner’s fee) to a multisignature address
(2-of-2; vendor-buyer)
• OP_DROP at the top of the redeem script as before
Transaction 2 – Rating transaction
• Input from multisignature address in transaction 1
• Output:
• Mining fee
• Vendor GUID sig in scriptsig
• OP_RETURN with rating data

How do we know a trade is real?
60

We can never know 100% if a trade and its
rating is real or not
But we can set reasonable criteria to
evaluate a rating
61

Criteria for a valid rating:
1. Evidence of a multisignature transaction
2. A trade receipt
62

63
Evidence of a multisignature transaction
Bitcoin transactions made with OpenBazaar have
specific properties:
OP_RETURN has the Vendor’s GUID embedded, which will be used filter
relevant multisignature transactions from the blockchain when scanning
for ratings
Of these tagged multisignature transactions, only those with the
Vendor’s GUID sig within the scriptsig are considered valid, as it is
unforgeable evidence that the Vendor was involved in the transaction

Criteria for a valid rating:
1. Evidence of a multisignature transaction
2. A trade receipt
64

Trade Receipt
A completed Ricardian Contract
with verifiable digital signatures
Rating data is included in the last stage
of the trade flow where funds
are released to the Vendor
65

Remember, the trade flow…
Ricardian Contract (stage 4)
66

Where is the trade receipt stored?
3 layer storage:
1. Vendor
• As the trade history of a Vendor is auditable on the
blockchain (i.e. the Vendor’s GUID sig in the scriptsig),
Vendor’s are incentivized to make every trade receipt
accessible to the network
• The absence of a trade receipt may be penalized by
potential Buyers and Moderators
2. Moderator
3. Blockstore
67
Where is the rating stored?

3 layer storage:
1. Vendor
2. Moderator
• The Moderator is incentivized to develop their own
reputation graph of Vendors that frequently use their
services
• Only problem is that Moderators may not store trade
receipts for Vendors where another Moderator was used
3. Blockstore
68

3 layer storage:
1. Vendor
2. Moderator
3. Blockstore
• An open source, decentralized and peer-to-peer network
for redundantly storing data that is referenced in the
blockchain
• There will be an OpenBazaar namespace in Blockstore
where trade receipts can be submitted and store within
the Blockstore DHT (and mirror servers)
• Trade receipt data can be retrieved via a DHT lookup or
API access to the mirror servers
69

2 types of Sybil (sockpuppet) attacks:
1. A third party creates fake ratings targeting a Vendor (good or bad)
2. A Vendor creates fake positive ratings for themselves
70
Reputation Threat Model

1. A third party creates fake ratings targeting a Vendor
(good or bad)
71
How OpenBazaar mitigates this type of attack:
1. Creating sockpuppet GUIDs involves a non-trivial amount of
computational work (i.e. proof of work)
2. Multisignature escrow transactions include a digital signature
from the Vendor’s GUID key (i.e. the Vendor’s GUID sig that is
found in the scriptsig of any multisignature transaction), which
(like the trade receipt) cannot by forged by a third party
3. Trade receipts must have valid signatures from the Vendor that
cannot be forged by a third party

2. A Vendor creates fake positive ratings for themselves
72
How OpenBazaar mitigates this type of attack:
1. Creating sockpuppet GUIDs involves a non-trivial amount of
computational work (i.e. proof of work)
2. Multisignature transactions are required to make a rating,
which –at scale– involve a non-trivial cost in fees on the Bitcoin
network
• A close examination of the transaction must also demonstrate
patterns of a typically ecommerce transaction in terms of time
Bitcoin must be locked up in escrow while the item is ‘shipped’
• This introduces a cost in terms of time in addition to fees

What about privacy?
73
What about privacy?

What about privacy?
Two types of privacy:
Network Privacy
74
What about privacy?
Metadata Privacy

What about privacy?
75
What about privacy?
Network Privacy Metadata Privacy
TOR
VPN
Embedding encrypted
contracts into the DHT
Proxy
Forward Secrecy
(OTR-style)
peer connections

What about privacy?
76
What about privacy?
Network Privacy Metadata Privacy
Data within the Ricardian Contract that can be used to
determine the identity and behaviour of the buyer

What about privacy?
If the Ricardian Contract is necessary to make a
listing and validate a rating…
… then buyer metadata is available to everyone
77
What about privacy?

By default, the application creates a
pseudonymous identity in OpenBazaar
(covered earlier)
78
What about privacy?
These identities are nothing more than keypairs
used for encrypting and digitally signing

The only way to protect the identity of the Buyer is to omit
their network, PGP and any associated ID from the
Ricardian Contract
The Buyer’s identity in a trade is merely a bitcoin multisig
signing key (one key per transaction; never reused)
79
What about privacy?
The Vendor knows the network ID where the orders are
coming from, but this data isn’t recorded within the contract
Leaving a rating no longer poses a direct identity leak
to the Buyer

What about the Shipping Address?
80
What about privacy?
To avoid PII metadata leaks from the Ricardian Contract,
the shipping address needs to be encrypted
Step 1: XOR Shipping
Address with Nonce
C = R ⊕ Shipping Address
R: Nonce; random number {0,1}128
Step 2: Encrypt the XOR’d Shipping
Address with PGP pubkeys of the
Vendor and Moderator
Step 3: Embed encrypted XOR’d
shipping address and sha256(nonce)
into the Ricardian Contract
Step 4: Send the encrypted nonce to
the Vendor so they can decrypt the
shipping address
Step X: If there is a dispute RE the shipping
address, the Vendor can reveal the nonce to the
Moderator, who is the only other person who can
provably determine the shipping address
XOR’ing the shipping address with the nonce prevents the moderator from discovering the
shipping address unless the nonce is revealed by either the buyer or vendor

Using bitcoin private keys to generate GUIDs
81
What about privacy?
A variation of this idea is to import a bitcoin private key to
generate GUID (since they’re both ECC keys)
Interesting application of this is that it enables a user to
communicate and trade ‘as’ or ‘to’ a bitcoin address

82
What about privacy?
Feedback welcome
With this many slides, I’m sure I made a couple of errors
Please join our Slack room to leave feedback,
corrections, and suggestions:
https://openbazaar-slackin-drwasho.herokuapp.com/
^ Drop in your email and you’ll get an invite to join openbazaar.slack.com

OpenBazaar - Ratings, reviews and reputation

Recommended

Recommended

More Related Content

What's hot

What's hot (10)

Viewers also liked

Viewers also liked (17)

Similar to OpenBazaar - Ratings, reviews and reputation

Similar to OpenBazaar - Ratings, reviews and reputation (20)

Recently uploaded

Recently uploaded (20)

OpenBazaar - Ratings, reviews and reputation