2. OpenBazaar
What is OpenBazaar?
• Decentralized marketplace for conducting
censorship resistant, private trade online
• It’s like eBay and BitTorrent had a baby
3. OpenBazaar
Primary Team Members
• Brian Hoffman (Project Lead):
Serves as core developer and run day to day operations for the project
including architecture, design, marketing and infrastructure
• Sam Patterson (Operations):
Manages marketing and fundraising, software testing and provides other
various project support
• Dr. Washington Sanchez (Research):
Conducts research and development in OpenBazaar smart contracts,
arbitration, reputation and trust
• Dionysis Zindros (Research/Development):
Researching identity, trust and reputation in anonymous peer to peer
networks
• Jonas Nick (Developer):
Python and ZeroMQ expert and one of the core developers for the project.
• Many others…
4. OpenBazaar
History of OpenBazaar
• Dark Market was the winning
hackathon entry at the Bitcoin Expo
in Toronto winning $20,000
• Proof of concept source code was
released by Airbitz and unSYSTEM
• Forked from Dark Market on April 24
• Created an official GitHub
organization and spun off as
OpenBazaar amid name distraction
(see Reddit)
Dark Market
is a scary
name
5. OpenBazaar
Why should you care?
• Happiness
– Most online shopping experiences suck
• Freedom
– Buy what you want from whom you want
• Wealth
– Being a merchant online costs money
• Seller fees (ebay: 10% of total + shipping + PayPal fees)
• Credit Card processing
• Listing “upgrades”
– Less fees == More Profit and Deeper Discounts
6. OpenBazaar
How does it work?
• Everyone is a node in the p2p network
• Everyone is a merchant, buyer and/or arbiter
• Bitcoin is used as the currency (for now)
• Merchants create listings/contracts and
publish them to the network
• Buyers find listings and enter into agreements
with a merchant and an arbiter
• Once goods are shipped or services rendered,
2-of-3 parties sign and release the funds
• Users can rate each other to create reputation
• Arbiters receive fees for dispute resolution
7. OpenBazaar
Peer to Peer Network
• Kademlia-like system
• Peers communicate via encrypted messages passed
between ZeroMQ servers
• Not a flooding network like Bitcoin
• Not all nodes need to store all information
• Looking into D1HT to reduce hops for finding keys/nodes
• Distributed Hash Table (DHT)
– Listings/Contracts can be persisted on the DHT for redundancy and to
provide search when a node goes offline temporarily
– Store listing keys stored in a reverse index
– Keyword searching for listings stored in reverse index; complex queries
supported but slower
– Data is republished periodically to ensure freshness
10. OpenBazaar
Listings (Contracts)
• OpenBazaar can support many different types of listings
through the use of Ricardian Contracts
• Ricardian Contracts are digital documents, parsable by
computers and humans, that defines a type of value that
can be issued over the Internet[1]
• Allow buyers to create and agree to contracts offline
• JSON structure
• Some uses: fixed price sales, auctions, p2p lending,
share issuance
[1] Paraphrased from http://iang.org/papers/ricardian_contract.html
13. OpenBazaar
How do you buy a contract?
1. Seller creates a contract and puts it out on the network
2. Buyer digitally signs the contract and sends it back to the seller
3. Seller agrees by signing the buyer’s version of the contract
4. Arbiter agrees to mediate the transaction by signing the contract
and creating a multisig 2 of 3 address
5. The arbiter transfers this signed contract and multisig address to
both the buyer and seller
6. Buyer sends money to the multisig address and confirms payment
7. Seller acknowledges payment and ships goods or delivers service
8. Upon successful delivery buyer signs and sends a ‘closed’ contract
to the seller
9. Seller checks to make sure all is right and broadcasts the multisig
transaction to the Bitcoin network
14. OpenBazaar
You screwed me…now what?
• Buyer/seller flags transaction for dispute
• Arbiter is notified and participants provide evidence for either side to
the arbiter
• Arbiter makes a judgment and creates a transaction to reverse
payment or signs original contract or whichever solution all parties
decide on
• Arbiters
– Fees for dispute resolution are paid to arbiters
– Arbiters can command a high or low fee based on reputation and skill set
– Anyone can be an arbiter
• Voting Pools: Third-party arbiter could be a group of voters where
the majority decides how to handle the dispute
– Threshold Signatures: Group of people have private key and requires a certain
amount of individuals to participate to create a valid signature
15. OpenBazaar
Reputation & Identity
• Identity
– GUIDs (Node ID) are derived from your public key
– Nicknames (optional) within the network are tied to public keys
– Used for authentication of messages across network
– Proof of Burn: Classes of users to establish initial trust
• Web of Trust
– Nodes rate other trusted nodes and begin to establish trust webs
– Popular marketplaces may create trust webs based on
favorability
– Ratings: ratings affect reputation based on all activities within the
network (i.e. buying, selling, arbitrating)
– Will allow us to segregate malicious nodes or groups who try to
create fake webs of trust
16. OpenBazaar
Anonymity
• Tor Proxy
• I2P
• Retroshare
• Development Status:
– Currently we use ZeroMQ as our messaging infrastructure and
there is no great way to use it with a SOCKS5 proxy
– libzmq team adding this soon and pyzmq (we use) is built
against it so enabling this is coming
– Lots of great suggestions from the community for improving
anonymity and our strategy is constantly evolving
17. OpenBazaar
Threat Model
• Too many threats to count?
• DHT
– Sybil: Attacker creates many
nodes to forge reputation
– Spartacus: Attacker assumes
the same GUID as another
– Eclipse Attack: poison the
routing table
• Bitcoin
• Web of Trust
18. OpenBazaar
Roadmap
• Q2 (Apr-Jun):
– Ricardian Contracts
– HTML Contract Generator
– Alpha Release of Web Client
– Collaboration Consolidation
– Continued development
• Q3 (Jul-Sep):
– Beta Release and Testing
– Bug Fixes
– Protocol Enhancements
– Contract Enhancements
• Q4 (Oct-Dec):
– Official Release v1.0
19. OpenBazaar
What’s in it for us?
• Why are we doing this?
• AGPL License
– Copyleft
– Anything that uses the software over a network has to
contribute their modifications back to the community
– If you simply use the core code as is then you have
no obligations; only if you modify it
• Community-driven not a corporation
20. OpenBazaar
How can you help?
• Time:
– Forum Discussions (http://forum.openbazaar.org)
– Coding (http://github.com/OpenBazaar/OpenBazaar)
– IRC (#OpenBazaar on FreeNode)
• Money
Our team requires minimal investment right now; an
altruistic venture. However we can use funds for:
– Marketing purposes (i.e. flyers, stickers, conferences)
– Seed server hosting
– Programmer bounties
Challenges here are that most good solutions are centralized solutions.
This will be a big challenge to solve.
Web of Trust should help
Eclipse attack will be prevented by rejecting invalid nodeIDs. Node IDs are actual