Sandi: A System for Accountability

We present a system, Sandi, for creating trust through accountability. Concretely, we focus on online communication scenarios, where the communicating parties do not know each other, yet would benefit from a degree of initial trust. Sandi can be seen as a reputation system that measures bad behavior, with strong integrity protections and resistance to manipulation. Unlike most reputation systems, Sandi is entirely based on ``downvotes'' and therefore requires strong privacy guarantees to prevent retaliation. It utilizes a ticket-based reporting mechanism to limit who can report. We also prove that Sandi incentivizes good behavior in a well-defined sense. Sandi is by design unidirectional, so that message senders have Sandi scores and receivers can report them for inappropriate communication, but it is designed to benefit both senders and receivers. Senders benefit, as receivers are more likely to react to communication with the added trust signal. Receivers benefit from seeing senders' scores, allowing them to make more informed decisions about which senders to trust. Receivers do not need registered accounts and neither senders nor receivers need long-term keys. Sandi guarantees score integrity, communication privacy, reporter privacy to protect reporting receivers, and sender unlinkability. Sandi can be implemented on top of any communication system that allows for small binary data transfer.