We construct a system, Sandi, to bring trust in online communication between parties that share little or no context. Sandi is based on a unique ``somewhat monotone'' privacy-preserving reputation system, with strong privacy and security properties. Registered senders request cryptographic tags from Sandi, which they attach to their messages. Message receivers do not need registered accounts, but they can use a sender's score to decide how much the sender should be trusted. If a receiver finds the message inappropriate, they can use the tag to report the sender to Sandi, thus decreasing the sender's score. The design of Sandi ensures compatibility with any communication system that allows for small binary data transmission. Sandi aims to benefit both senders and receivers. Senders benefit, as receivers are more likely to react to their messages with reputation scores attached. Receivers benefit, as they can make better choices in who to interact with based on indisputable evidence from prior receivers. Sandi does not require senders or receivers to maintain long-term secret keys. We provide a score integrity guarantee for the senders, a full communication privacy guarantee for the senders and receivers, a report privacy guarantee to protect reporting receivers, and an unlinkability guarantee to protect senders. Finally, we provide a game-theoretic analysis for the sender. We prove that, for any score function satisfying a list of properties, Sandi drives rational senders towards a strategy, which reduces the amount of inappropriate messages.

翻译：我们构建了一个名为Sandi的系统，旨在为缺乏共享背景的在线通信双方建立信任。Sandi基于一种独特的"类单调"隐私保护信誉系统，具备强隐私与安全属性。注册发送者向Sandi请求加密标签，并将其附加到消息中。消息接收者无需注册账户，但可通过发送者的评分决定对其的信任程度。若接收者认为消息不当，可凭标签向Sandi举报发送者，从而降低其评分。Sandi的设计确保与任何支持小规模二进制数据传输的通信系统兼容。该系统旨在惠及发送者与接收者双方：发送者的消息因附有信誉评分而更易获得接收者回应；接收者则可依据接收者群体提供的不可篡改证据，更明智地选择交互对象。Sandi无需发送者或接收者维护长期密钥。我们为发送者提供评分完整性保障，为发送者与接收者提供全程通信隐私保护，为举报接收者提供举报隐私保护，并为发送者提供不可链接性保障。最后，我们对发送者进行博弈论分析，证明对于任意满足给定属性组的评分函数，Sandi可驱使理性发送者采取策略，从而减少不当消息数量。