collusion: subtask definition is a toxic secret - golemfactory/golem-rd GitHub Wiki

This is an idea of a solution for the Collusion problem.

It's an improvement(?) over collusion: assignment is a toxic secret idea

Summary

Treat subtask itself as a toxic secret. If it leaks - punish provider. Ergo provider will never reveal it to anyone, making collusion impossible. Problems: thole thing relies on very hard (non-existing?) cryptography. Needs more thinking.

Very general flow:

  1. parties create a set of secret subtasks (with known replication degree; replicated subtasks are identical copies)
  2. subtasks are distributed using mental poker techniques
  3. providers publicly commit to their assignments (salted, hashed)
  4. if verifier (anyone) learns some secret subtask (not his own), it places a bond in GNT on Ethereum and reveals the subtask
  5. everyone must reveal their assignments, otherwise they lose their deposits
  6. party who's secret was found out loses deposit; if subtask was assigned to two parties than both loses deposits
  7. if no such party exists, verifier loses his bond

This approach places two requirements on the subtasks:

  • it must be a secret
    • generated by group in a way which is verifiable
    • set of all subtasks is a secret for every member (including requestor)
    • each provider can learn his own subset of subtasks and commit to them publicly
  • some of the subtasks are copies of each other

How the subtask can be a secret? Instead of dividing task in predictable pieces, do some wiggling at the borders to introduce overlapping and randomness. Some of the subtasks still need to be exact copies of each other, otherwise we can't compare binaries. Amount of randomness and number of providers should be chosen in a way that makes guessing nonprofitable.

Deadend

Conspirators can actually buy and sell not whole subtasks but their components. They still get what they want - reduction in costs, but without revealing actual shape of a subtask. Basically both "assignment as toxic secret" and "subtask as a toxic secret" can be gamed in similar way. In "assignment" approach perpetrators can just hide identities to make their action indistinguishable from false flag, and in "subtask as toxic secret" external observer can't distinguish between false flag and actual trading of subset of a subtask.