Skip to content

Trust Model

HAVEN's trust model is built on the principle of in-person trust chains rather than centralized verification. This document explains how our trust system works and why it's designed this way.

Core Concepts

Trust Chains

A trust chain is a cryptographically secure way to verify that content comes from a trusted community member. It consists of:

  1. A unique set of memorable phrases generated by the system
  2. Digital signatures from trusted keys
  3. A one-time use mechanism to prevent replay attacks

Phrase Structure

Each trust chain contains three phrases, each structured as:

[emotion] [community] [nature] [place]

For example: 

radiant spirits soar autumn stars
gentle healers bloom crystal pools
peaceful guardians flow moonlit paths

These phrases are designed to be: - Memorable and easy to verify in person - Poetic and meaningful to our community - Resistant to automated generation - Unique across the network

Trust Flow

  1. Initial Connection

    • A trusted member generates a new chain
    • They share the phrases in person with a new contributor
    • The phrases are verified visually and verbally

  2. Content Submission

    • The contributor signs their content with the chain
    • The system verifies the chain hasn't been used before
    • The content is added to the static site

  3. Chain Burning

    • Each chain can only be used once
    • Used chains are permanently recorded
    • This prevents replay attacks and chain reuse

Emergency Revocation

If a trust chain or key is compromised:

  1. Trusted members can initiate an emergency revocation
  2. A quorum of signatures (>50%) is required
  3. The revocation is distributed through multiple channels
  4. All content signed with the compromised chain/key is marked for review

Security Properties

Our trust model provides:

  • Forward Secrecy: Compromised keys can't affect past content
  • Revocation: Quick response to compromised chains/keys
  • Quorum Decisions: No single point of failure
  • Audit Trail: All actions are signed and verifiable
  • Privacy: No central authority or user database

Implementation Details

The system uses:

  • Ed25519 for digital signatures (quantum-resistant)
  • BLAKE3 for hashing (modern, secure, fast)
  • Static site generation (no server-side processing)
  • Multiple distribution channels (CDN + Tor mirrors)

Best Practices

  1. Never share phrases electronically

    • Only share trust chain phrases in person
    • Verify the person matches their community references
    • Use the verbal verification protocol

  2. Protect your keys

    • Store signing keys securely
    • Use hardware security if possible
    • Have an emergency revocation plan

  3. Verify content

    • Check that content matches community guidelines
    • Verify sources when possible
    • Report concerning content immediately

  4. Stay updated

    • Keep your local tools updated
    • Check for security advisories
    • Participate in community reviews