Trust Functions: Foundations & Applications
- Trust functions are formal mappings that convert evidence and context into quantitative trust values guiding reliance decisions.
- They integrate multidimensional inputs like capability, predictability, and integrity to generate local and aggregated trust scores.
- Trust functions enable dynamic control, robust decision-making, and secure auditing in applications from autonomous teaming to IoT security.
Trust functions are formal or functional mappings that operationalize trust as a computational object: an expectation that a promise will be kept, a context-sensitive trust relation, a scalar or vector score derived from behavior, a reputation aggregated over many claims, or a decision rule that determines when advice, labels, actions, or agents should be accepted, filtered, or overridden. Recent work treats trust functions as core primitives in human–autonomous teaming, IoT trust management, safe control, decentralized auditing, and weak-to-strong learning, while also preserving older promise-theoretic and reputational formulations of trust as expectation and community-wide centrality (0912.4637, Kearns, 2023, Baber et al., 2024, Iyengar, 9 Mar 2026, Uzunoglu et al., 31 May 2026).
1. Formal definitions and semantic structure
A major line of work defines trust functions as mappings from structured relational inputs to a trust value. In promise theory, local trust is the expectation that an agent will keep a typed promise, so that for agent , the expectation function maps promises to , and the trust matrix for promise type is . Global trustworthiness and trustingness are then defined as principal eigenvectors of and , respectively, making trust a weighted eigenvector-centrality function of the promise graph (0912.4637).
A distinct but related formulation treats trust as a four-place relation , where is the truster, the trustee, 0 the action, and 1 the context. On this account, trust holds only if 2 adopts an unquestioning attitude regarding whether 3 will do 4 in context 5, and 6 incorporates 7’s doing 8 as a means to one of 9’s ends. This makes trust simultaneously action-sensitive and context-sensitive, and rejects any reduction of trust to a context-free scalar attached only to a pair of agents (Kearns, 2023).
Another formalization arises in robust decision theory. In the model of an informed but potentially misaligned adviser, every optimal rule admits a trust region representation in belief space: advice is taken at face value when it induces a posterior within a compact trust region 0; otherwise the agent acts as if the posterior were projected to the boundary of 1. In the binary-state case, the trust region is an interval 2, and if 3 the interval collapses to the prior 4, so the agent ignores the adviser entirely (Dworczak et al., 10 Feb 2026).
These formulations differ in ontology but share a common feature: trust is not merely an attitude but a functionally specified relation from evidence, context, or beliefs to an operational consequence. This suggests that “trust function” is best understood as a family of formal devices for deciding what may safely be relied upon, under what conditions, and for which task.
2. Local trust scores, components, and update variables
Many contemporary systems instantiate trust functions as explicit scores. In human–autonomous agent collectives, trust is reconstructed as a tripartite, time-varying model 5, where capability concerns whether a teammate can perform a function, predictability concerns the probability of success, and integrity concerns whether the teammate acts within moral, legal, ethical, and system-level constraints. Trust is adjusted from variation in a performance “score” 6, derived from perception, reasoning, action, and goal achievement, and mapped onto a ladder of trust that moves up and down over time (Baber et al., 2024).
In IoT trust management, trust is decomposed into status-based trust, behavior-based trust, and risk-based trust. For device 7, the system computes 8 from integrity and vulnerabilities, 9 from compliance, normality, and malicious activity, and 0 from singular and cascading risk; these are combined by a weighted sum into a local trust assessment 1, which is then multiplied by a user-to-user trust term to produce a final trust score 2. The resulting pipeline makes trust explicitly dependent on device status, device behavior, associated risk, and ownership-mediated social trust (Mathas et al., 2021).
A lighter-weight access-control variant for decentralized IoT defines local trust 3 between service consumer 4 and service provider 5 by first applying exponential aging to positive and negative interactions and then passing the result through a Gompertz function,
6
with parameters chosen so that it is easier to lose trust than to gain it. Global reputation is computed separately as a decayed sum of positive and negative interactions, multiplied by 7, and then used as an attribute in access-control policies (Putra et al., 2019).
These systems show two recurring patterns. First, trust functions are often multidimensional before any scalarization. Second, the relevant inputs are rarely restricted to observed success and failure; constraints, risk, ownership, and normative compliance are often treated as first-class arguments.
3. Aggregation, reputation, and system-level trust
Trust functions frequently extend beyond local scores to aggregation rules. In human–autonomous teaming, the combined measures of capability, predictability, and integrity are used as a composite measure of trust that “moves up and down as our concept of a ‘ladder of trust’ assumes,” and then combined to give a system-level perspective on how allocation of function might be adjusted during a mission (Baber et al., 2024).
In the conviction-based framework, the local trust kernel is conviction,
8
the probability that a source’s stance on claim 9 is vindicated by posterior consensus once its contribution is incorporated. Realm-level trust is then reputation,
0
where 1 is signed conviction and 2 is a certitude weight. This construction is claim-sensitive, regime-independent, and explicitly allows negative trust for systematically misleading sources (Iyengar, 9 Mar 2026).
Graph-based aggregation also appears in decentralized cooperation. A broad Web3-oriented survey presents PageRank, EigenTrust, PeerTrust, HonestPeer, BarterCast, and MeritRank as concrete trust functions that transform link structures, transaction histories, or feedback graphs into global reputation scores. In EigenTrust, for example, local trust 3 is derived from satisfactory minus unsatisfactory transactions and then normalized into 4, while repeated propagation yields a global trust vector equal to the principal left eigenvector of 5 (Madhwal et al., 2023).
A common misconception is that aggregation implies transitivity. Promise-theoretic work rejects that conclusion: local trust is not inherently transitive, and reputation is transmitted trust, not trust itself (0912.4637). The IoT trust management system makes the same point in a more operational setting by stating that user-to-user trust is directed, not necessarily symmetric, and not transitive (Mathas et al., 2021). A plausible implication is that aggregation functions are best seen as system-specific policies rather than universal laws of trust propagation.
4. Trust-conditioned decision rules and control laws
In many systems, trust functions are not diagnostic outputs but control variables. In dynamic Allocation of Function, the most suitable teammate for a function may still be bypassed if fellow teammates assign it a low trust rating. The resulting selection rule is trust-sensitive: capability, predictability, and integrity jointly determine whether a candidate remains admissible for a mission role, and AoF may function as a negotiated “contract” among affected agents (Baber et al., 2024).
In robust advisory settings, trust becomes a belief-filtering device. Advice is fully trusted inside a trust region and clipped to a boundary point outside it. In binary-state environments, if 6, the trust interval expands continuously with 7; if 8, the optimal rule is to ignore the adviser. In binary-action environments, the solution becomes all-or-nothing: either full trust 9 or no trust 0 (Dworczak et al., 10 Feb 2026).
Control-theoretic work makes this coupling even tighter. In non-cooperative multi-agent systems, each agent 1 assigns each neighbor 2 a scalar trust score 3, constructed from CBF robustness and directionality. This score then drives the dynamics of the rate parameter 4 in a Rate-Tunable Control Barrier Function: higher trust increases 5, allowing less conservative motion near trusted agents, whereas lower trust decreases 6, tightening safety constraints (Parwana et al., 2022).
A related navigation framework estimates system-to-human trust 7 for each pedestrian from smartphone engagement, eye contact, and pose fluctuation. Trait scores are aggregated into 8, then smoothed by
9
and finally mapped to a discrete-time CBF parameter
0
Low trust yields more conservative vehicle behavior around inattentive pedestrians; high trust relaxes the safety margin (Ejaz et al., 2023).
Across these examples, trust functions act as admissibility filters, rate parameters, or control gains. This suggests that a central role of trust functions is to convert epistemic judgments about others into constrained action selection.
5. AI, auditing, and learning when to trust
Work on AI systems has increasingly treated trust functions as learned or protocol-enforced verification mechanisms. A philosophical account of contextual trust argues that Explainable Artificial Intelligence does little to give trust diagnostic or even conceptual criteria, and proposes 1 as a better fit for AI trustees because model transparency and explainability modify the context 2 in which a user may or may not adopt an unquestioning attitude (Kearns, 2023).
A decentralized AI auditing framework operationalizes trust through layered consensus. Segment-level votes are aggregated by a stake-weighted threshold rule, trace-level outcomes are summarized by
3
and human auditor reputation is updated as
4
The framework reports 72.4% accuracy, 4–18% above baselines, remains resilient against 20% corruption, attains 70% root-cause attribution versus 54–63% for standard methods, yields 60% token savings in DAAN, and records human-study results of 5 and 6 (Huang et al., 29 Apr 2026). Here, trust functions combine consensus, reputation, slashing, and graph-based causal attribution.
A newer machine-learning usage defines trust functions as scalar predictors over weak labels. In weak-to-strong generalization, a feature extractor 7 reads the weak teacher’s hidden state, and a learned trust function 8 estimates whether weak label 9 should be trusted. These scores are used to filter weak supervision, producing near-lossless weak-to-strong generalization across world knowledge, quantitative reasoning, and strategy games, and supporting an iterative weak-to-strong chain in which a trained student becomes the next teacher (Uzunoglu et al., 31 May 2026).
The conviction-based framework provides a third AI-relevant perspective. It identifies AI agents as “capable but error-prone sources” for whom verifiable conviction and continuously accrued reputation constitute the only robust foundation for trust. Trust is local at the claim level through conviction and global at the field level through weighted signed reputation, with continuous verification treated as both a theoretical necessity and a practical mechanism through which reputation accrues (Iyengar, 9 Mar 2026).
Taken together, these works show a shift from trust as an informal human attitude to trust as a learned, auditable, and continuously updated decision layer over model outputs, reasoning traces, and source claims.
6. Security architectures, infrastructure trust, and terminological boundaries
Security-oriented systems often implement trust functions as hard predicates rather than soft scores. In BLINDTRUST, trust is a Boolean decision: a virtual function is trusted if and only if it can successfully use its attestation key under an orchestrator-authorized TPM policy session and sign a fresh nonce. The trust function is therefore implemented by cryptographic predicates over policy-authorized key usage, not by a continuous score (Debes et al., 2021).
Service-function-chain embedding in NFV/SDN adopts a mixed form. Substrate node trust 0, virtual-node trust requirement 1, substrate path trust 2, and virtual-link trust requirement 3 are all fractional values in 4. These values enter a MILP through hard feasibility constraints such as 5 and 6, while more trusted substrate nodes also carry higher cost in the objective. The result is a trust-aware optimization that trades off embedding cost against node and path trustworthiness (Torkzaban et al., 2020).
At the ecosystem level, decentralized trust is often described as a composition of reputation functions and ledger mechanisms. The Web3 literature presents the “Universal Trust Machine” as an ecosystem in which indirect reciprocity, graph-based reputation, consensus protocols, and identity systems collectively replace centralized institutional trust, even though a fully realized universal mechanism is still absent (Madhwal et al., 2023).
A terminological boundary is necessary because “trust function” also has a separate meaning in optimization. In Riemannian trust-region methods, the trust function is the local quadratic model
7
of the pullback 8, defined on the tangent space and minimized within a trust region 9 (Goyens et al., 2024). This usage concerns where a local model of a nonconvex objective is “trusted,” not whether an agent, adviser, device, or label is trusted. The terminological overlap is exact, but the semantics are distinct.
The modern literature therefore uses “trust functions” in at least two mathematically rigorous senses: first, as functions that map evidence, context, behavior, or reputation into reliance decisions about agents or information sources; second, as trust-region model functions in numerical optimization. The former concerns social, informational, and control-theoretic reliance; the latter concerns local model fidelity in iterative algorithms.