Silk Road forums

Discussion => Newbie discussion => Topic started by: stecker on April 03, 2013, 04:10 am

Title: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: stecker on April 03, 2013, 04:10 am
http://pastebin.com/raw.php?i=2xjBk7Be

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RFC: Anonymous probabilistic physical object delivery using geocaching

The problem with buying illegal things using pseudonymous methods is that at some point you have to give someone an address to drop at, and if your seller is OPFOR engaging in a sting you get filled full of .40 S&W lead by people in blue costumes.

Alice (seller) wants to send a good to to Bob (buyer) without Eve catching either Alice or Bob.  Eve can also pose as Alice in order to catch Bob when Bob reveals himself to pick up the good.

This can be made more safe via one of a few ways:

1. Bob uses his home address but uses another name to provide plausible deniability ("What?  That package?  It arrived three days ago, it's not addressed to me, I haven't opened it and was going to give it back to the post office.")  Bad in that the gang in blue costumes may not believe you.

2. Bob uses a vacant house as a drop.  Bad in that Bob has to stake out the place, and it's a single point of failure if the seller is actually Eve.

3. Bob receives GPS coordinates from Alice for a dead drop.  Bad in that it's a single point of failure and that it's not as easy as dropping something in the mail.  Good in that it's more isolated than #2.

4. Alice and Bob use a mixmaster type physical object delivery.  This can sufficiently isolate sender from receiver, however, the fact that all of the relay couriers and mail station operators are vulnerable to being killed or kidnapped by Eve if Eve is the seller means that no one wants to be a courier or mail station.

5. Alice and Bob use web-of-trust.  However, Eve can build up a good reputation with the goal of killing Bob eventually, or compromise Alice and use Alice's identity to entrap Bob.

We want to make it so even in the degenerate case Bob can buy things safely even if Bob *knows* he's buying from Eve.

We will take it as a given that Eve does not care about "probable cause" and "rights".

However there is an option that involves using probability to transact anonymously in fungible physical goods even assuming that 100% of sellers are hostile agents like Eve that want to either kill or kidnap Bob and Alice and will stake out a single dead drop or follow a single package all the way to its destination.

Therefore, we must generate enough transactions for Eve to attempt intercept that it overloads her available resources, knowing that Bob is only going to receive one of them.

Fungible goods

We consider a class of goods G that are fungible; that is, any G is interchangeable with any other G.

G need not be all from the same seller, Alice may provide a service to aggregate several G into a pool with minimum parameters (“a G in good condition”) which Alice then sells from.

A problem is that G cannot be unique goods, say, an original Picasso of which there is only one in the world.

Some examples of fungible G, in order from “least illegal” to “most illegal” on a worldwide basis:

100 rds of 5.56x45 mm ammunition
Glock 19 pistol
Weed in small amounts
Cocaine in small amounts
1kg of RDX
1 antipersonnel grenade
1 antitank mine
1 autonomous antipersonnel drone ala US .mil's “Switchblade” series
1 FIM-92 “Stinger” or other MANPADS weapon
Chemical weapons
Biological weapons
Nuclear weapons

Probability of intercept function

The probability of an intercept of a single transaction is defined by a function I(n) where n is the number of simultaneous transactions generated.  I=I_0*I(n) where I_0 is the probability that Eve is the sender rather than Alice, and I(n) is the probability that Eve will be able to monitor all n drop points if she chooses to intercept.

That is, given n simultaneous transactions, what is the likelihood I that Eve is waiting at the drop point for Bob to kidnap or kill him?

Bob has develops his I(n) based on local knowledge as well as perhaps consulting a bookmaker.  Alice is not willing to generate an unlimited number of transactions to make Bob perfectly safe, she is willing to generate only n transactions.  If Bob's n is less than Alice's n, then the transaction goes forward.

I(n) will also depend on the relative illegality of G, as the illegality of G determines the amount of resources that Eve can call upon to kidnap or kill Bob.  If G is 100 g of fine bud, Bob may accept an n of 1 and use traditional mail.  If G is 1kg of RDX, Bob may demand an n of 10 or 20, as Bob thinks that Eve cannot realistically call up more than 10-20 tactical teams.  I(n) is a monotonic function.

It is important to note that I(n) *is not* simply 1/n.

I(n) is a monotonic function and varies by type of good G, the relative illegality of G, and the resources available to Eve's gang of thugs at different gang levels.  An illustration of this can be found at http://li7qxmk72kp3sgz4.onion/image.php?img=ff4499f8&key=mwfBDsmIxjhLegIn

(Aside: As illegality increases, n increases.  At some point, n demanded by Bob will exceed the number of G available on the market.  Thus, the market is self-limiting and will not result in a nuclear weapons bazaar.)

Method

Alice wants to sell a good G to Bob.

Bob communicates to Alice his number of simultaneous transactions n desired.

Bob specifies a geographic centerpoint and radius within which he is willing to make a pickup, this describes area A.  The centerpoint is not his home location, of course.

Bob wants to make a pickup in Washington, DC.

Bob consults a website to determine an I(n) for good G around Washington, DC.  He finds the function,  determines I_0 and figures he needs n=10 to achieve his acceptable level of risk.

He communicates this to Alice:

[x,y,r,n]= [38.89511   -77.03637   0.25   10]

Alice places in the area A greater than n goods G and records their GPS coordinates.

[[n,x,y]]=

[[1   38.9956654199   -76.7496878711]
[2   38.7847584375   -76.6999747363]
[3   38.4052113184   -76.9313895313]
[4   39.3942249902   -77.3364798633]
[5   38.5848683008   -76.8180777637]
[6   38.7087086328   -77.0772025195]
[7   38.7008656152   -77.3532034961]
[8   39.3931263574   -76.9202506152]
[9   39.257597793      -77.080712041]
[10   38.6715077051   -76.8146292773]]

However Alice cannot tell the entire list to Bob and tell him to make a pickup at random, as this exposes her to Bob simply stealing them all.

Alice instead sends Bob only the latitude of all the packages with their number. 

[[n,x]] =

[[1   38.9956654199]
[2   38.7847584375]
[3   38.4052113184]
[4   39.3942249902]
[5   38.5848683008]
[6   38.7087086328]
[7   38.7008656152]
[8   39.3931263574]
[9   39.257597793]
[10   38.6715077051]]

She also contacts Trent, an escrow agent for transactions of this type.  Alice gives Trent only the longitude of the packages and tells Trent to pick one for Bob to pick up.

[[n,y]]=

[[1   -76.7496878711]
[2   -76.6999747363]
[3   -76.9313895313]
[4   -77.3364798633]
[5   -76.8180777637]
[6   -77.0772025195]
[7   -77.3532034961]
[8   -76.9202506152]
[9   -77.080712041]
[10   -76.8146292773]]

Trent rolls some dice and sends Bob the longitude of package n_0 along with a number n.

[n,y] = [6   -77.0772025195]

Bob then consults his list and finds the number and matches the lat/long. 

[x,y] = [38.7087086328   -77.0772025195]

Bob goes and digs up the package n_0.

Bob sends Trent that he has picked up package n_0, Trent then sends Alice the number of the received package so she can remove it from her list.

Now consider the problems Eve faces to trap Bob or just anyone that wants to receive a G.

Eve both has to get Bob to buy from her in the first place, as well as have agents/teams/drones waiting at the right package at the right time to kidnap/kill Bob.  At some n defined by Bob, there will be so many packages in the field that Eve cannot monitor them all, and Bob knows that even if Eve is trying to kidnap/kill him, he has specified an n that reduces his risk to an acceptable level.

Eve can however service n transactions through n different escrow agents and wait in a single location in the hope of kidnapping/killing a single buyer, and she may succeed in this, however for each individual buyer the odds of being caught still meets their own value of n simultaneous transactions even if n is different for each buyer.

Eve can compromise Trent as well, or impersonate Trent as well as Alice.  This doubles the amount of work for Eve, as she has to be both a trustworthy escrow agent as well as a trustworthy buyer.

It must also be known that Bob is the only one buying from Alice at a given time.  This is ensured by buyer ratings of Alice – if Bob turns up an empty hole, he knows that Alice is cheating the system and reports her to Trent.

It is also important to note that in order to transact in a class of goods G in an area with a given I(n) and an average probability of intercept I_avg, to even get started Alice must have on average n_avg of G in the field in order to attract buyers.  When Bob buys one, she deploys another G in another location in A to maintain n_avg of G in the field available for sale.

Comments welcome to klacker@tormail.org

BTC address: 1AMXZef6ECpP75vGiLEtxdNXQWHHX1B6u6

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)

mQENBFFY9K0BCADqRDwmivZRenmfvtJ+KBVE/IZBp8gTKznhxZdegPRRjh3oJAZK
cFO3JyOVe57Dua1MVhFCQPK/43D2NenSdd6qN4tI1zveqMEGi5xRbkSps46AuMex
AjnR2JiWWMckqMr71q+w9xjwgITU1ySWbwqqbIs/Z45s7xwxh8B+RQnDpFKe6CTv
MF/79YHuQfCIcIN5GprmK89yCeJJ0n/cJp7n6+OGnNX7WeD05oCDgmrH5BYOLy5b
iDeNe0JJUzGGHOulAPUmecRZFAsjJj13j/y8c03mLYNRDq42jF4Fzi7ryPVzj0IE
kuh6cF4so4sv4gpnftP08DzOWPoVIiPRaTkfABEBAAG0HWtsYWNrZXIgPGtsYWNr
ZXJAdG9ybWFpbC5vcmc+iQE4BBMBAgAiBQJRWPStAhsPBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRC5ynMxFEwkTqsuB/4/arTOVe1bO42YdN/t41I+YQGe85OU
635ukamAfx+uBw7YJhVjIS2Gl7rNJHMcP6fugLFM5nujn77ORQPkQ/K/J7gP4MA0
HVUFODZuBLaQbi+Zf57gsnMKPIrDMHzYwKp22GZWJNiGDbc2v8KijJSFNE0qpCZN
SJoCg9RPiesyR789/8pHtz6kKmurC5sdpT7U5iiilPPXG0/x1s0+BCX/59zKoocl
oIrYtzUmh70jR7lHOayazy/pAr9kj5qXX15ZuRg4W89IzvY3l09SW9f508SUZ3Tq
WmsodckUW9+hqLiUyq1mZOaUEdFqgqRBARNNeveKC3c06z949efE9NhK
=Fuc9
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJRW6rHAAoJELnKczEUTCRO9yEH/32F9bmcSGFGdVJAoXu74/bE
TCH58/aDkm3rn4tHMZjovV0pWmsvvPihR/XP5Ix0noZRzsCGiBdgs8DYAktoudOm
Kpj7IglmKxX4dUPj1j4Wgwrz0+u+GYUr87JBNC/UrOhqEDZqQ0ib38dGmIv+CvmT
eLQRjphjhKT9jWLTtVf61FCckm0CNrkiaF8p8Rq/e9Zc/Bqrmi5VY0k3X670J4rB
A8VGMmCbWgISNUXqig4mXcP3T/cKGAV2YbSLgz+39pTGXVa5XrQDglEiKPHzoJj7
P1gg/YAJGR8WwL2xdbt5MJYfcHv820BnzEwFJO85rabM3uc5uzzTO1ZiqZ3OSqw=
=m6G3
-----END PGP SIGNATURE-----
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: aliceandacat on April 04, 2013, 08:56 am
Saved to my reader to read later. Looks interesting.
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: stecker on April 19, 2013, 01:25 am
Bump.  Whitelist addition requested.
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: anonypunk on April 19, 2013, 02:47 am
tldr
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: Patticake on April 19, 2013, 04:00 am
Holy Shit, nutbar factor 6 just for thinking all of that, no matter how sane it turns out to be in the end
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: Xennek on April 19, 2013, 04:23 am
Holy Shit, nutbar factor 6 just for thinking all of that, no matter how sane it turns out to be in the end
Word. This is just a dead drop right? It's good but not if you want to send or sell to someone who isn't local.
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: stecker on April 20, 2013, 03:48 am
"Word. This is just a dead drop right? It's good but not if you want to send or sell to someone who isn't local. "

Yes, a dead drop, but with the added factor of being able to compensate for the probability of a sting.
Title: Re: RFC: Anonymous probabilistic physical object delivery using geocaching
Post by: stecker on April 20, 2013, 01:17 pm
The real purpose of this technique is not to replace regular mailing of contraband or APOD. 

The use of this technique is for things where the relative illegality and thus value is such that you would never use the mail or multiple third parties (mixmaster/APOD) to make delivery. 

In other words, both buyer and seller have 1000+ BTC on the line and as such it is worth their while to make and take delivery themselves by driving a couple hundred miles to a drop.  They just need to do so in a way that reduces the probability of a sting to a relatively low level.

This technique is for things like a crate of RPGs or a kilo of cocaine, not an ounce of bud.