Sandi: A System for Accountability and Applications in Direct Communication
We construct a system, Sandi, to bring trust in online communication through accountability. Sandi is based on a unique “somewhat monotone” accountability score, with strong privacy and security properties. A registered sender can request from Sandi a cryptographic tag encoding its score. The score measures the sender’s trustworthiness based on its previous communications. The tag is sent to a receiver with whom the sender wants to initiate a conversation and signals the sender’s “endorsement” for the communication channel. Receivers can use the sender’s score to decide how to proceed with the sender. If a receiver finds the sender’s communication inappropriate, it can use the tag to report the sender to Sandi, thus decreasing the sender’s score. Sandi aims to benefit both senders and receivers. Senders benefit, as receivers are more likely to react to communication on an endorsed channel. Receivers benefit, as they can make better choices regarding who they interact with based on indisputable evidence from prior receivers. Receivers do not need registered accounts. Neither senders nor receivers are required to maintain long-term secret keys. Sandi provides a score integrity guarantee for the senders, a full communication privacy guarantee for the senders and receivers, a reporter privacy guarantee to protect reporting receivers, and an unlinkability guarantee to protect senders. The design of Sandi ensures compatibility with any communication system that allows for small binary data transfer. Finally, we provide a game-theoretic analysis for the sender. We prove that Sandi drives rational senders towards a strategy that reduces the amount of inappropriate communication.