The Wayback Machine - https://web.archive.org/web/20160519143637/http://bxroberts.org/p2pox/DESIGN.html

DESIGN OVERVIEW

P2POX is a decentralized market where users operate in a decentralized, censorship-resistant, and low-trust environment. Buyers, sellers, and escrows utilize two technologies to achieve this: Namecoin and Bitcoin.

The Namecoin blockchain is used to share public-facing information between users. This means market data like identities, listings, reviews, and statistics. With NMC, our data is stored in a resilient and widely-accessible manner.

This provides advantages over other decentralized marketplaces by removing the need for sellers to run a server or a node at all times. Sellers could log in through a secure connection for a very small period of time, enough to update their listings or finalize sales , but not long enough for traffic-analysis or IP-based attacks to be trivial. Unlike other P2P-based systems, this also allows for 100% system uptime.

On the buyer side, utilizing the blockchain, buyers will not need to be "logged in" or "registered" in order to browse listings. (Although sellers could lock down their listings to only users with keys.) Contact with the network can be kept to an absolute minimum, mostly only needed for making and finalizing transactions.

In addition to built-in reviews P2POX will leverage existing review systems, such as the ones found on sites like Reddit. Sellers without a link to a profile on a third-party site will be flagged to buyers. This serves to protect buyers and to pressure sellers to also leverage existing review systems.

The Bitcoin blockchain is used to facilitate multi-signature Bitcoin transactions. Multi-sig transactions allow for users to hedge their trust between multiple parties. It also provides a method for users to verify vendor and escrow transaction histories, allowing trustworthy operators to build a reputation and for scammers to be exposed.

P2POX is an extensible and flexible system that allows users to choose who to transact with and how to operate. It also allows them to decide on their preferred security/convenience tradeoffs. By default, P2POX supports 2-of-3 multi-sig, buyer-seller-escrow, and plain buyer-seller transactions. Future versions will support Nash Equilibrium with the optional support of a third-party escrow.

A major design goal for P2POX is ease-of-use. First-time users will be able to anonymously and securely browse the system out-of-the box, no installation or configuration required. Users who decide to buy, sell, or provide escrow services can get started as simply as quickly as they can purchase Namecoin/Bitcoin, which is cheaply, widely, and quickly available.

Technology

The current P2POX base is coded purely in JavaScript. This is done for portability and ease-of-use reasons.

Any discussion about security and JavaScript needs to address the apprehensiveness of some about its use. Remote-based JavaScript, the current common method of running JavaScript code, can be insecure and privacy defeating. This is because you don't know what scripts can slip into your browsing session and whether or not those scripts are trying to perform a de-anonymization attack against you.

This is not the model that P2POX uses. When thinking about the JavaScript used in P2POX, its security model more closely resembles that of a native client or mobile phone app, as we are only pulling JSON data needed from pre-determined, configurable sources (i.e. hidden service or Bitcoind). P2POX, unlike current systems, do not require typical internet browsing activities.

P2POX JavaScript can run purely in-browser or natively using Node.js. There is also the possibility for a browser extension, as they are JS-based, which could be loaded into the Tor Browser Bundle.

Unlike traditional JS-based webapps, where the user points his/her browser at a JS-enabled webpage, P2POX will be run more like a native executable. Users will be able to download the source, or a signed executable, and run the software. The browser, currently, is the main interface but, to reiterate, users will not have to browse the internet or leave the local network.

Connection to the P2POX network (Namecoin/Bitcoin blockchains) can be done in the following ways:

Sellers

Sellers carry the highest level of visibility in most markets. In P2POX we have taken steps to allow sellers to quickly, securely, and privately create profiles, update listings, and make transactions.

This is accomplished by storing public market data, such as listings, public keys, sales history, and reviews from buyers, as data in the Namecoin blockchain. In order for an attacker to censor or destroy listings, an attacker must successfully perform a 51% attack.

Reputation is a difficult thing to establish. Malicious sellers can artificially beef up statistics by transacting with his/herself. This is true of mainstream markets right now. Instead of trying to rely purely on our own reviews system, P2POX will also give legitimate vendors the ability to link to a signed reviews page. This will give users another source to consider when shopping, and also will make scammers have to work even harder, especially if users are only relying on reviews from established users on sites like Reddit.

In order to put pressure on sellers to link to external resources/reviews (such as forum usernames, reddit profiles/posts, etc), sellers who do not link to resources will be flagged to buyers as potentially new/inexperienced. Buyers, in their review process, will also be able to link to external resources, in the case they were scammed or have praise to give.

Buyers

Buying needs to be simple. For every one purchase, there are likely to be hundreds if not thousands of browses. For this reason, users shouldn't be forced to jump through hoops like creating email addresses, which can easily de-anonymize users, and registration steps, which provide a false sense of security, just to search listings. Regulatory enforcers can register for websites just as easily as regular users can.

Utilizing a JavaScript-based client, with network connections solely running through Tor can give users a convenient and relatively secure browsing experience. Users who want more security can run local Bitcoind and Namecoind clients. If users run Bitcoin/Namecoin through Tor, which may possibly have its own security implications, they can trust their local daemon processes instead.

In order to give buyers protection in a decentralized arena, buyers are given choices on how to transact. Sellers also, with the listing, note what style of transaction they would like to use. By default, all clients transact using a 2-of-3 buyer-seller-escrow system. Both the buyer and seller need to agree on the escrow before the transaction is initiated. This is done by an offer-acceptance phase. Buyers can make offers to Sellers, who then can accept or reject the terms.

Escrow

We've all learned that having huge, centralized escrows is a recipe for chaos and disaster. Although escrow is optional in P2POX, there is support for users to act as escrow "transaction makers". Escrows create profiles and note their escrow style. For example, a particular escrow may only award escrow to buyers if there is documented proof that a package wasn't sent or a service wasn't rendered. Others may be more lenient and tend to side with buyers (such as how Amazon works). Escrows are also under the same pressure as sellers to provide signed links to profiles, in addition to the built in reviews and statistics system. Escrows also should note what their escrow fees are and those will be checked against previous, related escrow events for validity.

It's perceivable for escrows to be fully automated. One could write an escrow bot to enforce Nash Equilibrium or to split funds equally between Buyer and Seller once a certain period of time has passed.

Unlike mainstream markets, P2POX escrows do not hold the money. In a 2-of-3 escrow setup, two of the three parties must agree to a funds transfer. This severely minimizes the risk of exit scams and other rip-offs.

Private Sellers

In addition to normal public listings, sellers can also opt to have some private listings. This is accomplished by encrypting all listings with a key. It is then up to the seller to distribute the key to approved buyers.

Project Status

The underlying infrastructure is nearing completion. The JavaScript-based libraries for Bitcoin and Namecoin are now operational and the key-value store used by P2POX, named Diss, is almost complete. Although there is a UI, it is an experimental, console-based interface, used purely for testing. In the near future, a full-featured browser-based interface will work to drive the local P2POX code/processes/daemons, depending on user setup.

CONTACT

For more information about the project: