Papers
Topics
Authors
Recent
Search
2000 character limit reached

Trust Functions: Foundations & Applications

Updated 4 July 2026
  • Trust functions are formal mappings that convert evidence and context into quantitative trust values guiding reliance decisions.
  • They integrate multidimensional inputs like capability, predictability, and integrity to generate local and aggregated trust scores.
  • Trust functions enable dynamic control, robust decision-making, and secure auditing in applications from autonomous teaming to IoT security.

Trust functions are formal or functional mappings that operationalize trust as a computational object: an expectation that a promise will be kept, a context-sensitive trust relation, a scalar or vector score derived from behavior, a reputation aggregated over many claims, or a decision rule that determines when advice, labels, actions, or agents should be accepted, filtered, or overridden. Recent work treats trust functions as core primitives in human–autonomous teaming, IoT trust management, safe control, decentralized auditing, and weak-to-strong learning, while also preserving older promise-theoretic and reputational formulations of trust as expectation and community-wide centrality (0912.4637, Kearns, 2023, Baber et al., 2024, Iyengar, 9 Mar 2026, Uzunoglu et al., 31 May 2026).

1. Formal definitions and semantic structure

A major line of work defines trust functions as mappings from structured relational inputs to a trust value. In promise theory, local trust is the expectation that an agent will keep a typed promise, so that for agent AA, the expectation function EA()E_A(\cdot) maps promises to [0,1][0,1], and the trust matrix for promise type bb is TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*). Global trustworthiness and trustingness are then defined as principal eigenvectors of TTT^T and TT, respectively, making trust a weighted eigenvector-centrality function of the promise graph (0912.4637).

A distinct but related formulation treats trust as a four-place relation Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C), where AA is the truster, BB the trustee, EA()E_A(\cdot)0 the action, and EA()E_A(\cdot)1 the context. On this account, trust holds only if EA()E_A(\cdot)2 adopts an unquestioning attitude regarding whether EA()E_A(\cdot)3 will do EA()E_A(\cdot)4 in context EA()E_A(\cdot)5, and EA()E_A(\cdot)6 incorporates EA()E_A(\cdot)7’s doing EA()E_A(\cdot)8 as a means to one of EA()E_A(\cdot)9’s ends. This makes trust simultaneously action-sensitive and context-sensitive, and rejects any reduction of trust to a context-free scalar attached only to a pair of agents (Kearns, 2023).

Another formalization arises in robust decision theory. In the model of an informed but potentially misaligned adviser, every optimal rule admits a trust region representation in belief space: advice is taken at face value when it induces a posterior within a compact trust region [0,1][0,1]0; otherwise the agent acts as if the posterior were projected to the boundary of [0,1][0,1]1. In the binary-state case, the trust region is an interval [0,1][0,1]2, and if [0,1][0,1]3 the interval collapses to the prior [0,1][0,1]4, so the agent ignores the adviser entirely (Dworczak et al., 10 Feb 2026).

These formulations differ in ontology but share a common feature: trust is not merely an attitude but a functionally specified relation from evidence, context, or beliefs to an operational consequence. This suggests that “trust function” is best understood as a family of formal devices for deciding what may safely be relied upon, under what conditions, and for which task.

2. Local trust scores, components, and update variables

Many contemporary systems instantiate trust functions as explicit scores. In human–autonomous agent collectives, trust is reconstructed as a tripartite, time-varying model [0,1][0,1]5, where capability concerns whether a teammate can perform a function, predictability concerns the probability of success, and integrity concerns whether the teammate acts within moral, legal, ethical, and system-level constraints. Trust is adjusted from variation in a performance “score” [0,1][0,1]6, derived from perception, reasoning, action, and goal achievement, and mapped onto a ladder of trust that moves up and down over time (Baber et al., 2024).

In IoT trust management, trust is decomposed into status-based trust, behavior-based trust, and risk-based trust. For device [0,1][0,1]7, the system computes [0,1][0,1]8 from integrity and vulnerabilities, [0,1][0,1]9 from compliance, normality, and malicious activity, and bb0 from singular and cascading risk; these are combined by a weighted sum into a local trust assessment bb1, which is then multiplied by a user-to-user trust term to produce a final trust score bb2. The resulting pipeline makes trust explicitly dependent on device status, device behavior, associated risk, and ownership-mediated social trust (Mathas et al., 2021).

A lighter-weight access-control variant for decentralized IoT defines local trust bb3 between service consumer bb4 and service provider bb5 by first applying exponential aging to positive and negative interactions and then passing the result through a Gompertz function,

bb6

with parameters chosen so that it is easier to lose trust than to gain it. Global reputation is computed separately as a decayed sum of positive and negative interactions, multiplied by bb7, and then used as an attribute in access-control policies (Putra et al., 2019).

These systems show two recurring patterns. First, trust functions are often multidimensional before any scalarization. Second, the relevant inputs are rarely restricted to observed success and failure; constraints, risk, ownership, and normative compliance are often treated as first-class arguments.

3. Aggregation, reputation, and system-level trust

Trust functions frequently extend beyond local scores to aggregation rules. In human–autonomous teaming, the combined measures of capability, predictability, and integrity are used as a composite measure of trust that “moves up and down as our concept of a ‘ladder of trust’ assumes,” and then combined to give a system-level perspective on how allocation of function might be adjusted during a mission (Baber et al., 2024).

In the conviction-based framework, the local trust kernel is conviction,

bb8

the probability that a source’s stance on claim bb9 is vindicated by posterior consensus once its contribution is incorporated. Realm-level trust is then reputation,

TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)0

where TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)1 is signed conviction and TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)2 is a certitude weight. This construction is claim-sensitive, regime-independent, and explicitly allows negative trust for systematically misleading sources (Iyengar, 9 Mar 2026).

Graph-based aggregation also appears in decentralized cooperation. A broad Web3-oriented survey presents PageRank, EigenTrust, PeerTrust, HonestPeer, BarterCast, and MeritRank as concrete trust functions that transform link structures, transaction histories, or feedback graphs into global reputation scores. In EigenTrust, for example, local trust TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)3 is derived from satisfactory minus unsatisfactory transactions and then normalized into TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)4, while repeated propagation yields a global trust vector equal to the principal left eigenvector of TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)5 (Madhwal et al., 2023).

A common misconception is that aggregation implies transitivity. Promise-theoretic work rejects that conclusion: local trust is not inherently transitive, and reputation is transmitted trust, not trust itself (0912.4637). The IoT trust management system makes the same point in a more operational setting by stating that user-to-user trust is directed, not necessarily symmetric, and not transitive (Mathas et al., 2021). A plausible implication is that aggregation functions are best seen as system-specific policies rather than universal laws of trust propagation.

4. Trust-conditioned decision rules and control laws

In many systems, trust functions are not diagnostic outputs but control variables. In dynamic Allocation of Function, the most suitable teammate for a function may still be bypassed if fellow teammates assign it a low trust rating. The resulting selection rule is trust-sensitive: capability, predictability, and integrity jointly determine whether a candidate remains admissible for a mission role, and AoF may function as a negotiated “contract” among affected agents (Baber et al., 2024).

In robust advisory settings, trust becomes a belief-filtering device. Advice is fully trusted inside a trust region and clipped to a boundary point outside it. In binary-state environments, if TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)6, the trust interval expands continuously with TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)7; if TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)8, the optimal rule is to ignore the adviser. In binary-action environments, the solution becomes all-or-nothing: either full trust TAB(b)EA(B{b})T_{AB}(b)\equiv E_A(B\{b\}*)9 or no trust TTT^T0 (Dworczak et al., 10 Feb 2026).

Control-theoretic work makes this coupling even tighter. In non-cooperative multi-agent systems, each agent TTT^T1 assigns each neighbor TTT^T2 a scalar trust score TTT^T3, constructed from CBF robustness and directionality. This score then drives the dynamics of the rate parameter TTT^T4 in a Rate-Tunable Control Barrier Function: higher trust increases TTT^T5, allowing less conservative motion near trusted agents, whereas lower trust decreases TTT^T6, tightening safety constraints (Parwana et al., 2022).

A related navigation framework estimates system-to-human trust TTT^T7 for each pedestrian from smartphone engagement, eye contact, and pose fluctuation. Trait scores are aggregated into TTT^T8, then smoothed by

TTT^T9

and finally mapped to a discrete-time CBF parameter

TT0

Low trust yields more conservative vehicle behavior around inattentive pedestrians; high trust relaxes the safety margin (Ejaz et al., 2023).

Across these examples, trust functions act as admissibility filters, rate parameters, or control gains. This suggests that a central role of trust functions is to convert epistemic judgments about others into constrained action selection.

5. AI, auditing, and learning when to trust

Work on AI systems has increasingly treated trust functions as learned or protocol-enforced verification mechanisms. A philosophical account of contextual trust argues that Explainable Artificial Intelligence does little to give trust diagnostic or even conceptual criteria, and proposes TT1 as a better fit for AI trustees because model transparency and explainability modify the context TT2 in which a user may or may not adopt an unquestioning attitude (Kearns, 2023).

A decentralized AI auditing framework operationalizes trust through layered consensus. Segment-level votes are aggregated by a stake-weighted threshold rule, trace-level outcomes are summarized by

TT3

and human auditor reputation is updated as

TT4

The framework reports 72.4% accuracy, 4–18% above baselines, remains resilient against 20% corruption, attains 70% root-cause attribution versus 54–63% for standard methods, yields 60% token savings in DAAN, and records human-study results of TT5 and TT6 (Huang et al., 29 Apr 2026). Here, trust functions combine consensus, reputation, slashing, and graph-based causal attribution.

A newer machine-learning usage defines trust functions as scalar predictors over weak labels. In weak-to-strong generalization, a feature extractor TT7 reads the weak teacher’s hidden state, and a learned trust function TT8 estimates whether weak label TT9 should be trusted. These scores are used to filter weak supervision, producing near-lossless weak-to-strong generalization across world knowledge, quantitative reasoning, and strategy games, and supporting an iterative weak-to-strong chain in which a trained student becomes the next teacher (Uzunoglu et al., 31 May 2026).

The conviction-based framework provides a third AI-relevant perspective. It identifies AI agents as “capable but error-prone sources” for whom verifiable conviction and continuously accrued reputation constitute the only robust foundation for trust. Trust is local at the claim level through conviction and global at the field level through weighted signed reputation, with continuous verification treated as both a theoretical necessity and a practical mechanism through which reputation accrues (Iyengar, 9 Mar 2026).

Taken together, these works show a shift from trust as an informal human attitude to trust as a learned, auditable, and continuously updated decision layer over model outputs, reasoning traces, and source claims.

6. Security architectures, infrastructure trust, and terminological boundaries

Security-oriented systems often implement trust functions as hard predicates rather than soft scores. In BLINDTRUST, trust is a Boolean decision: a virtual function is trusted if and only if it can successfully use its attestation key under an orchestrator-authorized TPM policy session and sign a fresh nonce. The trust function is therefore implemented by cryptographic predicates over policy-authorized key usage, not by a continuous score (Debes et al., 2021).

Service-function-chain embedding in NFV/SDN adopts a mixed form. Substrate node trust Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)0, virtual-node trust requirement Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)1, substrate path trust Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)2, and virtual-link trust requirement Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)3 are all fractional values in Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)4. These values enter a MILP through hard feasibility constraints such as Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)5 and Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)6, while more trusted substrate nodes also carry higher cost in the objective. The result is a trust-aware optimization that trades off embedding cost against node and path trustworthiness (Torkzaban et al., 2020).

At the ecosystem level, decentralized trust is often described as a composition of reputation functions and ledger mechanisms. The Web3 literature presents the “Universal Trust Machine” as an ecosystem in which indirect reciprocity, graph-based reputation, consensus protocols, and identity systems collectively replace centralized institutional trust, even though a fully realized universal mechanism is still absent (Madhwal et al., 2023).

A terminological boundary is necessary because “trust function” also has a separate meaning in optimization. In Riemannian trust-region methods, the trust function is the local quadratic model

Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)7

of the pullback Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)8, defined on the tangent space and minimized within a trust region Trust(A,B,X,C)\mathrm{Trust}(A,B,X,C)9 (Goyens et al., 2024). This usage concerns where a local model of a nonconvex objective is “trusted,” not whether an agent, adviser, device, or label is trusted. The terminological overlap is exact, but the semantics are distinct.

The modern literature therefore uses “trust functions” in at least two mathematically rigorous senses: first, as functions that map evidence, context, behavior, or reputation into reliance decisions about agents or information sources; second, as trust-region model functions in numerical optimization. The former concerns social, informational, and control-theoretic reliance; the latter concerns local model fidelity in iterative algorithms.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Trust Functions.