Decentralized Grassroots Social Graph Protocol

• Grassroots Social Graph Protocol is a decentralized system that manages and infers multi-source social data using peer-contributed nodes and cryptographic techniques.
• It delivers efficient multi-hop social inferences with reduced communication overhead, enabling real-time applications like call-censoring and personalized recommendations.
• The protocol features fine-grained access control policies that empower users to securely define data sharing rules while maintaining privacy and authenticity.

A Grassroots Social Graph Protocol defines and implements the management, storage, access, and inference mechanisms for social data in a decentralized, user-controlled environment. Such protocols eschew centralized authorities and proprietary data silos, distributing responsibility over peer-to-peer, user-contributed nodes, and enforcing privacy and authenticity via cryptographic techniques. A stringent access control regime allows each user to define fine-grained policies over their social data while enabling non-trivial, multi-source social inferences required by advanced social applications. Prometheus is a prototypical implementation of such a protocol, supporting multi-source social data aggregation, secure storage, decentralized management, and socially-aware API functions. Extensive evaluation demonstrates that real-time, multi-hop social inferences can be achieved with low communication overhead and improved resilience to malicious behavior.

1. Decentralized Management and Social Mapping

Prometheus orchestrates decentralized collection, storage, and update of social graph data across user-contributed nodes. The system treats the global social graph as a directed, labeled, weighted, multi-edged graph, aggregating edges from heterogeneous sources (e-mail, OSN APIs, proximity data, etc.). Each registered user is assigned a globally unique identifier (UID) in a 128-bit ring, mapping their data to a list of peer IP addresses contributed by the user. All mappings and routing logic leverage a DHT overlay based on Past (itself inspired by Pastry and Scribe).

To secure privacy and authenticity, each social data record is signed by the user’s private key and encrypted under the public key of a user-chosen trusted peer group:

$${ \{ \{ sd, \text{nonce}, \text{groupid}, \text{timestamp} \}_p \}_G }$$

where $sd$ encodes social edge data, $p$ the user’s signature, $G$ the group encryption key, with replay-prevention mechanisms (nonce/timestamp). Only members of the trusted group can decrypt and verify updates.

Social data are not always mapped randomly over the DHT. “Social mapping” preferentially collocates socially related users’ data onto common peers. This promotes efficient multi-hop inference, reduces churn impact, and constrains the scope of possible attacks by hostile nodes. All graph changes (additions, removals, or weight updates) are append-only files in the DHT, guaranteeing eventual consistency by peer reconciliation.

Two key normalization formulas are used to quantify social relationship weights:

• For directly connected users $i$ and $j$:

$$nw(i,j) = \frac{ \sum_{\lambda \in \Lambda_{i,j}} w(i,j,\lambda) }{ \max_{j \in \Theta_i} \sum_{\lambda \in \Lambda_{i,j}} w(i,j,\lambda) }$$

• For indirectly connected users $i$ and $m$ over shared neighbors $j$:

$$S(i,m) = 1 - \prod_{j \in (\Theta_i \cap \Theta_m)} \left[ 1 - \frac{ \min \{ nw(i,j), nw(j,m) \} }{2} \right]$$

2. Social Inference API and Policy Enforcement

The protocol exposes an API of “social inferences” rather than mere connectivity queries. Supported functions include:

• Relation_Test(ego, alter, α, χ): Tests for a labeled, weighted edge between two users meeting or exceeding threshold weight $\chi$.
• Top_Relations(ego, α): Returns the top-n relations by type.
• Neighborhood(ego, α, χ, radius, T): Performs multi-hop search bounded by radius.
• Social_Strength(ego, alter, T): Computes normalized indirect tie strength via equation (2).

Inference execution occurs on trusted peers. Each request triggers not just the computation but also an authorization check against the user-defined access control policies (see Section 4).

By combining direct and indirect inference, physical proximity, recency, and multi-label relations, the protocol turns the distributed graph into an actionable engine for context- and trust-aware applications. Examples demonstrated include call-censoring (contextual phone filters), partner-matching, and advanced recommendation services.

3. Trusted Peers and User-Contributed Nodes

Decentralization is achieved by distributing user data and computation across user-contributed, trusted peer nodes. Users select a group of trusted peers, each holding the user’s encrypted and signed social data. Peer group management leverages Scribe’s group management semantics, with a three-step handshake to establish trust and exchange encryption keys.

“Social mapping” is reinforced by encouraging socially-connected users to co-locate their data at shared or nearby peers, reducing inference latency and message overhead. Peer redundancy is exploited for churn resistance: if a node is offline, only a bounded partition of the data is unavailable until the node returns.

Security-wise, distributing trust and computation among non-centralized, socially-grouped constituencies (as opposed to random DHT mapping) reduces the “influence sphere” of any adversarial peer and makes global attacks difficult.

4. Fine-Grained Access Control Policies (ACPs)

User autonomy is maintained by allowing each user to define arbitrary, fine-grained ACPs on their social data. Each ACP is a signed, encrypted object stored with the user’s trusted peers, describable as:

$$\langle \text{Social Data Objects} \rangle :: \langle \text{Policy Specification} \rangle$$

Social data objects are selectable by edge label, weight, or attribute (e.g., location). Policies can restrict access to specific requestors by social-hops (“1st-degree only”), attested labels (“LinkedIn contacts”), or logical combinations thereof (using AND, OR, NOT).

Upon an incoming inference request, the trusted peer:

• Decrypts and verifies the policy.
• Evaluates the requestor’s credentials against the policy (possibly by invoking secondary inferences).
• Grants or denies the operation accordingly.

Replication of ACPs (always signed) across the DHT ensures resilience and remains intact even if a peer is temporarily compromised or offline.

5. Performance Characteristics and Resilience

Evaluation metrics focus on end-to-end response time and message overhead per inference. Architectural decisions, such as social mapping and secondary result caching, sharply reduce messaging cost by 40–65% and decrease median response time by 20–25% over random DHT assignment—crucial for responsiveness in interactive applications.

PlanetLab deployments (100 global nodes) show that most inference requests (1–3 hops) complete within a few seconds. CallCensor, a real-world use case running on mobile hardware, satisfies real-time latency requirements.

Resilience to attack is quantified using “peer influence”: the fraction of inference requests a peer can impact. Social mapping (collocating related users) reduces peer influence and exposure compared to random distribution. Both independent and collusive adversary strategies are considered, with empirical analysis on real-world traces (Gnutella, Slashdot) confirming that mapping design confers significant robustness.

6. Validation via Simulation and Deployment

Synthetic and real-world simulation studies demonstrate scalability and efficacy on graphs of $1 \mathrm{K}$ to $1 \mathrm{M}$ users. Realistic topologies (proper degree distribution, clustering) are preserved. Caching mitigates secondary message growth, keeping communication overhead nearly flat as scale increases.

PlanetLab deployments validate that the protocol’s timeouts and locality-aware routing successfully deliver inference results within strict time bounds. In live experiments, applications such as mobile call filtering consistently operate within required real-time windows.

Attack studies confirm that socially aware mapping and peer group design reduce adversary effectiveness, especially in multi-hop inference regimes.

7. Practical Implications and Limitations

The Prometheus grassroots social graph protocol enables secure, privacy-preserving, decentralized management of rich, multi-source social data. It supports expressive inferences with access control, enabling new classes of socially aware applications. The combination of decentralized architecture, cryptographically enforced data protection, and finely tunable policies aligns with the requirements of privacy, resilience, and scalability in community-managed social networks.

Current limitations include:

• Requirement for effective peer trust bootstrapping.
• Policy management and group key distribution complexity at scale.
• Eventual, but not immediate, consistency under high churn.
• Potential exposure to collusion attacks if the trusted peer group is not carefully managed.

Overall, Prometheus demonstrates that real-world, decentralized social graph protocols can deliver low-latency, privacy-preserving, and robust social inferences on par with their centralized counterparts, while conferring enhanced user autonomy and resilience (Kourtellis et al., 2012).