robosats icon indicating copy to clipboard operation
robosats copied to clipboard
verified publisher icon RoboSats

Nostr-based reputation system

Open aftermath2 opened this issue 4 months ago • 2 comments

Description

This issue explores the idea of implementing a reputation system that improves Robosats' trading experience.

Ephemeral identities are a key feature that have done a great job at protecting users' identity while trading bitcoin peer-to-peer. However, they come with the trade-off of making it easier for scammers and thieves to commit fraud during these trades and therefore negatively affect the counterparty, which in some cases could be left without their BTC nor fiat, or even with their accounts frozen.

Implementing a reputation system based on nostr could help prevent these issues and improve the users' experience, making them more likely to trade again or more frequently in the future.

[!Note] Some of the concepts and ideas were taken from the initial discussion in https://github.com/RoboSats/robosats/issues/2113.

Implementation details

A new pair of nostr keys is generated along with every new robot, users will now have the possibility of changing that pair of keys with a custom one in their garage. This way, they can keep all their trades associated to the same keys and therefore build their reputation around them.

[!Note] It is important to note that the default behavior keeps being a new set of keys for every robot/trade.

The main challenge lies in preventing users from posting fake trades. I can think of two alternatives here:

  1. The coordinator posts structured notes (a new kind?) containing the robots' npubs and order details after every trade. The note should be posted even if the trade wasn't successful, if there was a dispute, mentioning who won. The reputation could then be built by traversing and aggregating all coordinators notes.

Trade participants could refer to the note and leave their review of the counterparty/coordinator there.

Sample note details 
{
  "id": "3224dcb7-c286-5f48-8639-b72739c73dcf",
  "status": 14, # Successful trade
  "payment_method": "USDT",
  "premium": 1.7,
  "maker": {
    "id": "npub...",
    "type": 0, # Buyer
    "rating": {
      "trade": 4,
      "platform": 5
    },
    "dispute": {
      "asked_cancel": false,
      "won": false
    }
  },
  "taker": {
    "id": "npub...",
    "type": 1, # Seller
    "asked_cancel": false,
    "rating": {
      "trade": 3,
      "platform": 5
    }
}
  1. At the end of the trade, the coordinator signs the order details and provides the signature for the users to post in their profiles, which could be automatically done by the Robosats client. This is less dependent on the coordinator but could let users post only successful and highly-rated trades to simulate a better reputation.

Benefits

  • Reduces fraud risk
  • Improves the trading experience, which could lead to more trades and liquidity overall

I believe this system would be specially beneficial for recurrent traders who use privacy-friendly payment rails or simply swap between LN and on chain. They would be able to preserve their identity while having the possibility of building a reputation around their nostr keys.

Drawbacks

  • Degrades the privacy of the users and coordinators that opted-in

By having the entire trading history in a public and open network, a single trade could link the user's identity to it.

If a user is enabling telegram notifications on all their trades, this is already happening. In my opinion, telegram should be no longer offered as an option, but that is a different topic.

Moreover, given that the result of the orders will be public, one could get the amount trades conducted, their size and fees collected by the coordinator. Each coordinator could choose whether to post the orders or not.

aftermath2 avatar Aug 02 '25 11:08 aftermath2

Maybe we can just replicate the Coordinator rating we have implemented but for robots, on this scenario the rating relays on trusting coordinators, but it's better than nothing

KoalaSat avatar Sep 19 '25 10:09 KoalaSat

@KoalaSat That's a good option, those notes would have to be signed by the coordinator where the order took place (and reference the order, like the coordinator rating does) to make sure it's not possible to fake reviews.

I'm thinking of something like this:

    const eventTemplate: Event = {
      kind: 31986,
      created_at: Math.floor(Date.now() / 1000),
      tags: [
        ['d', `${order.shortAlias}:${order.id}`],
        ['p', peerPubKey],
        ['c', coordinatorPubKey],
        ['rating', String(peerRating / 5)],
      ],
      content: '',
      pubkey: slot.nostrPubKey,
      id: '',
      sig: '<coordinator_token>', # `pubkey+order_id` signature
    };

Then, during the robot's rating computation the client would validate that the signatures from both the order and the review are valid.

aftermath2 avatar Sep 26 '25 13:09 aftermath2