[MUD-Dev] MMORPG/MMOG P2P design

Crosbie Fitch crosbie at cyberspaceengineers.org
Sun Feb 23 13:56:25 New Zealand Daylight Time 2003

From: Felix A. Croes

> How would you actually handle trust?  I've checked out your web
> page, but you do no more than posit that such a trust system, once
> it exists, can solve all your problems.

Well, only all the 'trust' problems...

This is a problem that faces more than p2p systems. If it isn't
soluble then we're all shafted.

However, humans have solved it for their own trust relationships,
which helps lead me to believe that it is soluble. And I don't
reckon it's an 'AI-hard' problem.

> Particularly, how do you handle the following problems:

>   1) a newbie player, previously unknown to everyone, connects to
>   the P2P game and starts playing.

Entrust them only with the ability to arbitrate over least
interesting state. This probably means nothing.

The minimum a player needs is the ability to possess an avatar. This
just means the avatar is allocated to the player. It doesn't mean
their PC is entrusted to arbitrate over its state. Initially the
player is only permitted to send messages to the avatar object (via
whichever PC does happen to own it).

>   2) a hacker, who may or may not have first built up trust
>   running automated tasks that follow the rules (perhaps on other
>   nodes), does everything to cheat on your node, perhaps moving
>   his ill- gotten gains to an unknown other identity, and starts
>   over with a new identity as soon as he is evicted.  Et cetera.

Yes, this kind of thing is possible. Just as it's possible for
people with previously good records to get to positions of power in
the real world and then do the dirty, so it would be possible in a
computer system that relied on trust. I think it's acceptable.

However, whilst it may be possible for a crook to bury 'gold' they'd
created via a hack (only to look in the same place under a clean
identity), once the crook had been detected, we could validate most
of their recent 'state transactions' given that most of them are
replicated. In other words state change can only legitimately occur
via a legitimate method. If a particular state change cannot easily
be obtained by any method (there is no known method by which a pile
of coal can turn into a pile of gold), then we could revert the

This means that we need background 'policing' processes that
validate state changes, reduce trust in the event of anomalies, and
perhaps if trust goes negative, undo state change.

>   3) a hacker does everything he can to get <your> node evicted
>   from the P2P game.

I will have to put on my hacker hat for a while and think about
this. But, the most obvious attack I can think of at the mo is
impersonation, but that can be handled with public key encryption,
i.e. only the genuine article knows how to decrypt from a public key
encoded message.

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list