[Crypto-practicum] Open-source cooperative security using low-cost HSMs?

[grarpamp]

On Fri, Dec 30, 2016 at 10:36 PM, Bill Cox <waywardgeek at gmail.com> wrote:
> One problem is shills.  IIUC, TOR has a problem where an attacker can create
> a ton of nodes that collude.
> TOR could be > 50% shills and we would not know.  Is this something that could
> be implemented effectively with the dreaded web of trust?

Yes. It has been repeatedly brought up among tor that relay
operators, being globally spread and relatively physically mobile for
the purpose of keysigning, can cross sign their node keys with gpg
keys, have their gpg keys signed in person under proof of relay
ownership as usual, dump the fingerprints into the consensus and sks,
then build relay selection algorithms that download and verify the wot
into user run tools that then build their circuits in the controller.
Users can elect to use variant levels of trust present in the wot,
anon / nym / context signing, ID signing, photo signing, multisig
assertions, etc. Beyond just the wot, all sorts of other external metrics,
even subscriptions to third party metrics services, could be applied
to such a relay selection process. 7000 relays, even at low 10% shill
and 1:1 would require 700 unique persons of the adversary that pass
the smell test of other operators and principals, that has real costs.
Or your allies just supply the number of validated nodes needed
to prevent network saturation and users simply decline to route
anything but CNN and gerbil pr0n through the 700 unvalidated nodes.
Pretty simple really, needs nothing more than one structured
comment field in the consensus and some external tools, but
nobody has rolled it out or even developed concept further yet.