Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] A decentralized anonymous marketplace

Dionysis Zindros dionyziz at
Mon Mar 24 14:43:10 PDT 2014

Dear LiberationTech,

We are interested in developing software for a decentralized anonymous
marketplace. There have been centralized non-anonymous marketplaces,
such as eBay, and centralized anonymous marketplace attempts, such as

There are some ideas around this concept: Goshakkk's [1], some reddit
discussions [2][3] and bitcointalk discussions [4], as well as some
ideas around the concept that involve some centralization by
OpenTransactions [5]. There has also been some work on the notion of
decentralized trust [6] and cloud markets [7]. Some of these are
appropriate, while others are not, based on our goals stated below.

Before I get into details about our thoughts, I wanted to ask the list:

* Are there any similar attempts we can contribute to or borrow ideas
  from instead of implementing something on our own?
* What is the list's opinion on such software?
* Are there research papers that we can base our work on?

Based on preliminary discussions, we have the following high-level goals:

* Allow sellers to maintain online lists of products and transact with buyers.
* Achieve anonymity for buyers and sellers on the network and between
  each other.
* Allow users to maintain a pseudonymous identity that carries
  anonymous trust across transactions.
* Enable trusted transactions between people based on a reputation,
  escrow, and deposit system to ensure the safety of all parties.
* Achieve reasonable performance for transactions and market-related operations.
* Do not depend on any centralized third trusted party for
  transactions; do not trust any funds on third parties.
* Avoid single points of failure such as servers.

The benefits for the creation of such a system are multiple:

* It will allow people to transact anonymously, without having to
report to corporations or governments about their whereabouts.
Governments and corporations look into the transactions of
individuals, thereby often violating their privacy. This can protect
both sellers and buyers - a seller may sell goods that they want to avoid
being known for, while a buyer may purchase goods they don't want to
be known for. For example, a seller may want to sell books of
questionable political content, and a buyer may want to purchase such
books. A similar case exists for films.

* It will enable journalists who are willing to make a profit out of
their writings to remain anonymous while transacting with newspapers,
especially when dealing with sensitive material. Recent developments
have shown that journalists are often in danger when dealing with such
matters. While it is noble for journalists to work publicly and fight
for freedom of speech and freedom of the press, they should be given
the option to remain anonymous if they so wish, while still making a
profit and helping the world by publishing information. This can
protect both sellers and buyers, especially as we move towards online
journalism where newspapers can also remain anonymous. For example, a
journalist may want to illustrate that they have a particular piece
available for sale, and may want to get a fair price for it based on
the market instead of going to a particular newspaper.

* Individuals and businesses alike will be able to purchase goods from
within countries that are limited in their transactions through law
that intervenes with their personal freedom. For example, a person who
is worried about their government eliminating their Internet
connection in the future can purchase satellite or antenna equipment
and use it for applications that have been mentioned in this list several
times [8]. Or, on a lighter example, they may want to purchase porn
or sex toys in a country that considers them illegal.

* We believe research in this area will help enforce byzantine-style
networks. There are strong use cases for proof of work schemes and
truly decentralized networks. We believe proof-of-work is a
fundamental building block for future cryptographic and security
tools. Anonymizing such networks is also an engineering challenge and
there are important cryptography-related challenges as well, from an
academic point of view. We believe this research may open up
possibilities for a better understanding of how these systems can work
in the future and improve the world.

Bitcoin was an important step towards this direction, as it allows
payments that can be, in principle, anonymous, when combined with
schemes such as zerocoin [16]. However, bitcoin assumes that the sellers
and buyers are already known to each other and doesn't offer catalog
features. This is the gap we are aiming to fill.

A decentralized anonymous marketplace can be used for the purchase of
digital goods (books, music, movies, newspaper articles, software,
subscriptions) as well as physical goods (printed books, blu-ray movies,
antennae). The delivery of physical goods is beyond the scope of this project,
but we aim to allow buyers and sellers to exchange information that allows
physical deliveries.

Here are some ideas of how such a system could work, at a high level.
All these ideas are under discussion and we would love to hear your
criticism about them:

The system consists of a piece of open-source software, a "node" which
consists of a low-level library that communicates with the network
(bitcoin-style) and a user interface. The user installs the program on
their computer, runs it, and can subsequently have access to the
marketplace. We'd like to MIT license this and collaborate on GitHub.
We'd like to build the front-end of the application on a widely known
programming language which is easily accessible to anyone who wants to
collaborate, so that we can leverage the talent of programmers around
the world. We think web languages such as HTML/CSS and Javascript are
appropriate (think node-webkit). The technologies for the back-end may
be different or similar.

Each user maintains one (or more) private/public key pairs that
constitute their identity. Their identity can have a friendly name
through namecoin [9] which they own (Twister [10] successfully
achieved such a scheme for a Twitter-like decentralized network).

There are three types of users: Buyers, sellers, and escrows. Each of
them maintains a key and has a reputation.

Sellers maintain catalogs of goods that live on the network
(freenet-style). Catalogs are lists of available items, with content
associated with them. Content can include a title, a description,
potentially with some markup, a picture, a price. Other metadata can
be where it ships from and where it can ship to for physical goods,
how much the delivery costs, and how long it would take. For digital
goods, one can include the file size and hash. Catalogs are bound to
their owners' key. This key can be used to update or delete catalogs
in the future. This data is stored on a DHT and is available even when
the seller is offline, ridding us of the server-client architecture of
Tor hidden services that have been used for this purpose in the past.
This helps avoid single points of failure.

Which technology we will use for such storage remains yet unclear;
there are distributed stores that have some anonymity; there's also
the possibility to use a more traditional DHT over Tor. There are
always issues about performance, anonymity, and denial of service
interventions that must be guarded against, and all these must be
balanced appropriately.

Buyers can browse catalogs or search for goods based on categories.
They can view goods or decide to purchase goods. Both a seller and a
buyer must agree to perform a transaction (although the approval by
the seller can be automated if they so wish).

The reputation of each user is based on a net-of-trust: Alice can view
the trust of Bob, but Charlie will see a different trust for Bob;
trust is "projected". This projection is an important and challenging
problem. The initial idea is for each user to directly give trust to
certain people; then a model of trust transitivity can be employed,
but in a way that each user cannot indirectly vouch for others for
more trust that they have been given themselves directly or indirectly
already. This ensures that a party is not able to build up an
arbitrarily large amount of trust by creating a large graph in which
they reinforce their own trust. I have some more precise mathematical
results for this idea and I'm willing to discuss it further if there
is interest. For this system, a preexisting model can be used, and
would be preferred to inventing something separate, and we are open to
suggestions. What are some systems we could use? One of the important
issues with projected trust is that a new user in the network will
need an invite by a friend to join it (otherwise they will not see any
trust at all), a problem that ultimately undermined the success of
Freenet, so it is a big question to ask.

After the buyer and seller agree to perform a transaction, they can
exchange GPG or OTR-encrypted and signed messages, ensuring their
pseudonymity and legitimacy, which can be used to discuss the delivery
of goods.

Payments can be done through bitcoin scripting to allow temporary
decentralized locking of funds before goods are delivered;
finalization can follow the delivery of goods. This would be a
two-out-of-two [19] signature scheme. A two-out-of-three digital signatures
scheme can also be used, involving a third party escrow [11]. For this
reason, a list of escrows, with their ratings, is maintained by the
network. The escrow can be paid for their services, like The Market
Place [12] does. However, the choice of escrow remains upon the buyer
and seller in a free market sense, is not the responsibility of a
centralized administrator, and does not impose fees that are paid to
the system (although there can be fees paid to the escrows).  This
system provides a game-theoretic proof that there is no incentive,
for a closed system and rational agents, for anyone to deviate from
the rules.

In addition to such an escrow system, each vendor could deposit a
certain amount of money as "security" to illustrate their legitimacy.
This money can be either destroyed as proof, or maintained in a way
that the vendor cannot withdraw it for a predetermined, public period
of time that they decide. In the first case, the destroyed money is
sent through bitcoin to a provably unspendable address. The money is then
associated with a particular vendor, and the money destroyed is published
on the vendor's catalog as a way to ensure that the vendor is not completely
ephemeral. In the latter case, agents that have been unsatisfied with their
purchases can make claims on this deposit, a part of which can be released
to them if the network considers it fair. How such a decision will be made
remains unclear, and it is unknown if it is possible at all. A similar
scheme for deposits can be made for buyers also.

We understand this project is a huge proposal. For now, we want to
implement a very small part of it, as proof of concept: Only the
product catalog, while maintaining anonymity and basic performance,
with fundamental CRUD operations available to sellers. This excludes
the ability to perform transactions at all, and of course also
excludes two-out-of-two or two-out-of-three finalized transactions,
escrows, and the database of trust or deposits. But it will allow
vendors to create, update, and delete catalogs, and buyers to view and
search catalogs.

The ways to technically realize such a system are various. Tor can be
used as a layer to maintain anonymity. Various DHTs can be used to
store data, or even bitstorage [13]. Bitmessage [14] can be used to
relay messages or broadcasts. Namecoin [9] can be used for
user-friendly names, under a dedicated namespace, overcoming Zooko's
triangle [15]. And bitcoin or zerocoin [16], if desired, can be used
for payments. Ethereum [17] could be used in almost anything's stead.
All of these are under discussion.

An important issue with such a project are its ethical implications. A
truly decentralized anonymous market can't be shut down by any
government, and cannot be censored. We want to distance ourselves from
illegal applications, but they may be inevitable. Academic research
and open source software implementations are concerned with the
progress of mankind. We perform scientific research and study these
concepts to ensure this knowledge is available to the public and can
be used for good. We will do so even if some applications are
illegitimate. While academics are not legally responsible for
inappropriate use of their findings, we are ethically concerned about
uses such as drugs, weapons, murder-for-hire, national security
information, or illegal pornography. As engineers, we try to always
ask the right ethical questions when it comes to uses of our software.
We would like to inquire about the list's opinion on this matter.

A principle of our design is to completely avoid designing any new
technologies if possible and essentially only combine existing pieces
to form what we want. This way, we can leverage from the network power
of existing peer-to-peer networks with strong proof-of-work (such as
bitcoin) as well as the security and anonymity of systems that have
been tried extensively (such as tor). "Don't roll your own crypto."

A few words about us are appropriate. My advisor is Aris Pagourtzis,
a theoretical computer scientist with research interest in
cryptography and byzantine networks [18]. I'm an engineering student at
the National Technical University of Athens. In the past, I worked in
the product security team of Twitter. We are also hoping to involve
some additional undergraduate and graduate students eventually, or,
really, anyone else interested.

We'll start working on this project at the source code level after the
15th of April. This is a request for comments and an invitation for

Thank you for your time,


More information about the liberationtech mailing list