We construct a system, Sandi, to bring trust in online communication through accountability. Sandi is based on a unique "somewhat monotone" accountability score, with strong privacy and security properties. A registered sender can request from Sandi a cryptographic tag encoding its score. The score measures the sender's trustworthiness based on its previous communications. The tag is sent to a receiver with whom the sender wants to initiate a conversation and signals the sender's "endorsement" for the communication channel. Receivers can use the sender's score to decide how to proceed with the sender. If a receiver finds the sender's communication inappropriate, it can use the tag to report the sender to Sandi, thus decreasing the sender's score. Sandi aims to benefit both senders and receivers. Senders benefit, as receivers are more likely to react to communication on an endorsed channel. Receivers benefit, as they can make better choices regarding who they interact with based on indisputable evidence from prior receivers. Receivers do not need registered accounts. Neither senders nor receivers are required to maintain long-term secret keys. Sandi provides a score integrity guarantee for the senders, a full communication privacy guarantee for the senders and receivers, a reporter privacy guarantee to protect reporting receivers, and an unlinkability guarantee to protect senders. The design of Sandi ensures compatibility with any communication system that allows for small binary data transfer. Finally, we provide a game-theoretic analysis for the sender. We prove that Sandi drives rational senders towards a strategy that reduces the amount of inappropriate communication.

翻译：我们构建了一个名为Sandi的系统，旨在通过问责机制为在线通信建立信任。Sandi基于一种独特的“准单调”问责分数，具备强大的隐私和安全属性。注册发送方可向Sandi请求一个编码其分数的密码学标签。该分数根据发送方以往的通信记录衡量其可信度。标签被发送给发送方希望发起对话的接收方，并作为发送方对通信通道的“背书”信号。接收方可利用发送方的分数决定如何与其互动。若接收方认为发送方的通信内容不当，可使用标签向Sandi举报发送方，从而降低其分数。Sandi旨在惠及发送方与接收方双方：发送方受益，因为接收方更可能对经过背书的通道上的通信做出响应；接收方受益，因为他们可根据来自先前接收方无可争议的证据，更明智地选择互动对象。接收方无需注册账户，且发送方与接收方均无需维护长期密钥。Sandi为发送方提供分数完整性保障，为发送方和接收方提供完整的通信隐私保障，为举报接收方提供举报者隐私保障，并为发送方提供不可关联性保障。Sandi的设计确保其能与任何支持小型二进制数据传输的通信系统兼容。最后，我们为发送方进行了博弈论分析，证明Sandi会促使理性发送方采取减少不当通信量的策略。