Greetings humans!
Founder of Upala here. We invented the price of forgery concept and now building the system that utilizes it. Super glad to have the discussion started!
Wanna give a quick intro to the concept to those unfamiliar with it.
The main idea is that the user score is valued in dollars and the user can grab these dollars at any time, after that the user’s ID is deleted forever. The procedure is called “explosion” in Upala terms.
Here’s how a case may look like if we want to estimate the price of forgery for an SMS-based verification method.
- We put the $1000 in a pool (as an example - just continuing Adam’s thought)
- We set the score of $1 to every person who passes SMS-verification.
- People got verified and we notice no explosions. Everyone decides it is better to keep a working identity than to get $1.
- We raise the score up to $5 to stress-test the verification method.
- Now we see that many accounts started to pass SMS verification just to “explode” and take the money from the pool. It means that the efforts required to forge SMS verification cost less than $5. And malicious actors can profit this way.
- Decreasing and increasing the score we iteratively come to a score with an acceptable rate of explosions. (it’s ok to have a “natural” level of explosions - people make mistakes, misunderstand or get emotional). Above this level is where malicious actors have enough incentives to forge the verification method for profit.
- We now can rely on this discovered score as a very accurate quality measurement of the selected verification method. We repeat the same procedure for other verification methods (or even combinations of methods).
For a deeper dive check out this article on EthResearch on price of forgery.
With price of forgery approach, we don’t have to think(!) and rely on any assumptions about any verification method. The market will drive the scoring of each method to its price of forgery. We also get an assurance for future exploits. If a method got hacked we would see it immediately through an increased explosion rate. That would mean the method should be fixed, or its score should be decreased.
Love the methodology proposed by @Adamscochran - exhaustive and thought out! I think it can be used “as is” for the preliminary assessment of new verification methods. It can help decide on initial parameters for the price of forgery discovery process:
- acceptable explosions rate
- an amount of budget to put in the pool
- initial score or score conversion rate (for non-binary verification systems)
- etc.
Some food for thought in this GitHub issue on Gitcoin and Upala integration.
@owocki would be happy to help with utilizing the price of forgery concept. Probably we could simplify the Upala protocol specifically for Gitcoin. Curious about where you at. Always happy to discuss.