W H I T E P A P E R

WHITE PAPER

Quantified Trustworthiness

This is a succinct version of the original white paper
published in 2017. Aim of this version is to provide a
sufficiently deep overview of technical approaches taken
to measure trustworthiness, certify and verify facts using
blockchain and leaving owners in control of their data.
The paper is not meant for providing any commercial or

business related information.
Full version of the paper accessible at

https://whitepaper.tiiqu.com

Author:
Samuel Hawksby – Robinson
Contributors:
Xenia Bogolomec

Abstract

TiiQu is a blockchain based platform that uses the
immutability and verifiable source of data qualities
inherent to blockchains to create a digital "passport",
which can be relied on as proof of an individual's
professional trustworthiness, identity, qualifications,
certifications, memberships, previous work experience,
performance metrics and education. TiiQu proposes that
the methods described in this paper will be refined and
widely adopted, such that the TiiQu Passport becomes a
globally ubiquitous avatar of an individual's achievements.
To facilitate collaboration between individuals TiiQu will
provide the functionality to easily generate blockchain
smart contracts to enforce any transactions that
individuals agree to, without any programming experience
needed. The fundamental purpose of TiiQu is to remove
the guesswork and assumption from an individual's claims
about themselves, conveniently and continuously
providing proof that an individual is trustworthy. By
securely collecting multiple and corroborating forms of
proof about the individual, TiiQu can be used as a reliable
confirmation of an individual's claims about themselves,
while simultaneously and significantly reducing the costs
traditionally associated with verification.
By reducing the economic barriers of confirming the
veracity of an individual's claims TiiQu anticipates the
revolutionising of international peer to peer collaboration,
via the democratisation of data and by significantly
increasing the resources required to successfully mislead
others.

Trust context

TiiQu confines the TiiQu score to
trust in a professional context only.
Private behaviour should not have
an impact on the trust quotient. We
will examine the potential trust
sources accordingly. Like this we
ensure privacy of TiiQu members on
this level too.

The concept of “trustlessness”

Although TiiQu perceives itself as a purveyor of trust, the
ultimate aim is to create a state of trustlessness across the
TiiQu platform.

The term trustlessness or trustless is often misinterpreted
as meaning a state in which trust is not possible or a
system that can not be trusted, because most recognised
dictionaries define it as such. However, the term in the
context of blockchain technology is defined as a state in
which trust is not needed, or a system that requires no
trust when used. In this context trust is understood as an
approximate quality of deviation from the certainty of an
expected result. Therefore trusting someone a lot is akin
to a small deviation from this certainty, where not trusting
someone is a large (possibly even an incredibly large)
deviation from the certainty.

If a system or state is
trustless there is zero

deviation from the
certainty, meaning the
involved parties do not
require trust because the

state or system
guarantees the certainty

of an outcome.



Legacy methods of establishing trust

The current method of verifying an individual's claims about
themselves is time consuming and costly, creating an
environment conducive to exaggerating or giving misleading
information when making claims about oneself. To illustrate
consider a hypothetical example:
An individual applies for a position within an organisation, and
makes a number of claims, the key ones being the following:

Claim Reality Match Status
Personal details True
Studied at University of Personal details True
Newcastle True
Achieved a degree in bio- Studied at University of False
medicine Newcastle True
Achieved a 1st class degree
Achieved a degree in bio- False
A member of the International medicine
Institute of Phlebotomy
Achieved a 2:2 degree
Part of the team that invented
the "needleless blood draw" A member of the
International Institute of
Phlebotomy

Knew someone who read
about the "needleless
blood draw"

In order to verify the above key Getting the verification from
claims the organisation would each institution will incur costs
need to contact at least four and take a considerable amount
separate institutions to prove of time. In many cases, although
the individual's identity, place of desirable, it simply would not be
education, study subject, study economically viable to verify all,
level attained, membership and
research credentials. if any, of the claims.

Because most individuals do not claim outrageously
untrue things about themselves [1] some

organisations may make cursory verification of an
individ.ual's claims and will rarely discover the false

statements. However there are individuals that
impersonate others, commit degree fraud [2] and
make any number of false claims about themselves.
In some contexts undiscovered false claims will have
no negative consequences, in other contexts they
can lead to significant financial loss, physical harm or

even the death of another individual [3] [4].

Compounding this problem is All the specialists may be telling the
another issue of economic barriers truth, however in the case where
preventing those that may most an individual is unfortunate enough
benefit from confirming the veracity to be duped by a charlatan the
of individuals' claims, namely the potential for personal damage is
average person in need of significant. Without easy access to a
collaboration with or assistance from means of verifying the claims of
a specialist. Consider the example of purported experts there is always a
an individual wishing to undergo risk, a risk that TiiQu makes
cosmetic surgery and attempting to unnecessary.
choose between specialists all
claiming glowing impressive
credentials.

Approach to suitability question

The Suitability aspect of the TiiQu algorithm addresses the
problem of matching experts with the right employers.
Matching is a bilateral process and is fundamentally different
and more subtle than filtering or searching. Hence, the answer
to the suitability question involves other considerations in
addition to simple measures of trustworthiness. Some of these
considerations include
Expert-Job fit - referring to the fit between experts' skills (and
preferences) and job supplies.
Expert-Organization fit - referring to how well experts will fit
within the organization they are expected to perform.
The TiiQu-Match aims to address these questions using state-
of-the-art Artificial Intelligence (AI) methods

TiiQu aims

The primary aims of TiiQu are as follows:

Quantify an individual's
trustworthiness based on

proofs

Create a decentralised collated
source of proof for individual's

professional claims

Facilitate smart contract
governed collaboration

Reduce economic barriers of
entry for verifying professional

claims

Give individuals direct control
over their data

Quantifying trust

In order to recommend an individual
based on their professional
trustworthiness TiiQu has
established a metric of
trustworthiness enabling direct
comparison between individuals and
even organisations.

Long term approach

To find fair trust ratings for
experts from various areas and
organisations we categorise
potential member types and
trust sources. With those
categories a unified scheme for
trust quotient computations is
built. The scheme will build the
base for all future member
types and trust sources, already
known or not. Therefore it has
to be abstract enough to catch
every future occurring case. All
imaginable scenarios will be
analysed by a trust quotient
test system.

Future scenarios challenging the existing scheme will have to
be integrated in a way that does not put existing trust
quotients into question. For a good comparison between
known and new scenarios' trust quotients, our TQ tests will
be continuously documented.
Mathematical methods are chosen according evaluated test
results with regard to fairness as well as a good digital
performance within all other processes.

Fairness

The TiiQu algorithm will evolve
over time and with the gathered
experience from integrating new
kinds of experts. Because of this,
the fairness in our system will
base on dynamically computed
trust quotients from present
values, ranges and weights.
Every time we adapt the
algorithm, each TiiQu member
will have the same conditions.

The TiiQu score

overview

The Trust Quotient (TiiQu score) is the
algorithmically derived value representing an
individual's objective trustworthiness
relative to their peers and based on proofs
provided by the individual. The TiiQu score
quantifies trust based on proofs relating to
an
individual's identity, reputation, veracity an
d performance. By establishing multiple
sources for each of the above criteria the
TiiQu is able to robustly quantify the base
components of trust.

Source weighting allows for a TiiQu Trustworthiness is handled

rating to favor sources over others separately from suitability questions.

and applies to all criteria with the Only verification of expertise can

exception of veracity. With respect have an impact on the TiiQu score.

to veracity, all proven claims are But it this context, only the fact of

equal and proving a claim impacts on the proven claim counts and not the

an individual’s TiiQu rating, but the quality of the claim itself.

nature of the claim doesn't impact Furthermore, an expert’s TiiQu will

on an individual’s TiiQu rating. neither depend on the number of

achieved certifications or

experienced work fields nor on the

range of his expertise.

Varying rating systems of trust sources

Each trust source determines its own rating system, which is
independent from TiiQu. Experts from similar work fields might
share trust sources, but experts from various work fields might
also be members of various trust sources with differing rating
systems. So the preconditions might be similar for experts from
a specific area but it could be difficult to compare trust
quotients of experts from various professional backgrounds.
TiiQu is aiming to get close to fairness in this regard too. But we
cannot guarantee to achieve a 100% satisfactory solution for
everyone.



Building TiiQu trees

A TQ tree is a tree of nodes which deliver values for the trust
quotient. The first level consists of 4 nodes representing the
following criteria
Identity
Verification (Veracity)
Reputation
Performance
These nodes have child nodes representing trust sources
which can be added dynamically. Weights will be assigned to
the trust sources according to their categories. Child nodes can
be dynamically added to a criteria node. More verified values
from trust sources will have a positive impact on the TQ rating.

One of the goals of the TiiQu platform is to
stimulate a good cooperation of employers

and workers. Companies will be rated as
well. The quality of a completed mission

depends on a clearly and realistically
defined proposal as well as on the mode of

operation and the skills of the expert. A
good cooperation of employer and

independent worker in coping unexpected
challenges is crucial to a satisfying result for

both sides.

A node

Identity Node Verification Reputation Performance
Node Node
Values of the Node This node Stands for the
stands for performance
identity child Verification opinions of quality of the
other people or TiiQu member
nodes will child nodes communities in completing a
about the TiiQu mission. This is
either be 0 for represent member. the node that is
Reputation child closest to the
not verified or 1 proven claims. A nodes can have suitability
values of a wide consideration of
for a verified verified claim range. Some an expert. But is
trust sources still represents a
identity. generates a even allow trust aspect. It
limitless is an answer to
Possible trust child node with reputation the question of
ratings. Possible self-validation
sources are points in the trust sources and honesty.
are The trust
credit agency verification reputable sources of this
online node and the
(high weight node. Possible communities way the
reputable performance
due to identity child nodes are private societies node operates
public reviews will be defined
verification by thereby all kinds from Google, by work in
yelp or similar progress.
showing of child nodes instances
publications
passport) which are ...
The weights of
university present in the the trust
sources will
(medium weight other three balance the
differences
according to nodes. between
delivered
varying No weights are reputation
values.
matriculation applied to

processes) verification

online child nodes. All

community (low proven claims

weight because are equal. This

of identity node also is

verification by where we

email/phone handle lies, a

number only) discovered

... untrue claim is

punished by a

very large

penalty.

Blockchain based claim verification

A cornerstone of the TiiQu platform relies on two important
qualities of the blockchain, immutability and verifiable source of
data. Immutability, you can't change* the data once published.
Verifiable source of data, we can know who published the data.
These two qualities make a verification system significantly more
robust than any precedents.

Because one can reliably confirm who is publishing data and
can be certain that the data has not been tampered with
once published, one can take it as true that a certain entity
made a certain claim (…)

This principle is the foundation
for TiiQu's approach to verifying

individual's claims about
themselves. TiiQu establishes a
relationship with an institution,
the institution publishes proofs

to the blockchain of issues
(certifications or memberships)
they've made and TiiQu matches

the proofs to individuals with
valid claims.

For a more comprehensive
breakdown of TiiQu's approach

to verifying claims see the
dedicated Verification Paper.

Smart contract enforced collaboration

TiiQu aims to be an enabler of global and trustless collaboration.
In order to guarantee the trustless quality of collaboration, TiiQu
provides functionality that allows non-technical users to author
and publish smart contracts to the Ethereum blockchain, with as
much ease as ordering a takeaway meal online. (…)

Smart Contracts

There is a significant amount of work
involved with producing a system that
allows users to easily create smart
contracts of an undefined scope, and so
we intend to release the functionality in
stages. The current plan for facilitating
accessible smart contract authoring is as
follows:
Simple conditional payments
Coarse dispute resolution
Complex conditional payments
Advanced conditional transactions
Dispute resolution
Legally enforceable contracts



Humanistic future of work

TiiQu has established its ethical guidelines
with a board of advisors from various
scientific and society related domains
such as humanistic management, social
science, law and data science for a
sensible integration of powerful
technologies like Blockchain and AI. It is
our goal to practically realize those
guidelines by implementing rules for
development, management, business
relations as well as a code of conduct for
the TiiQu members.

TiiQu Technologies

The Trust Quotient

Quantifying the vague and subjective quality of trust is difficult
and most attempts focus on a heavily reputation based
solution [1], [2], [3]. Reputation may be an element of trust but
not wholly trust itself. When approaching the notion of trust
the TiiQu makes a few assumptions:

•Trust's subjectivity limits measurement to how much the
platform trusts an entity, rather than attempting to quantify
how much all entities trust each other entity.

•Trust is made up of multiple facets, some undoubtedly not yet
considered in this paper. Considered are
1.trust in saying the truth
2.trust in reliability
3.trust in being able to fulfill a mission

•Each facet of trust has its own relative value compared to its
sibling facets.
•Some elements of trust will decay over time, giving more
weight to trust elements created most recently.
•By integration reputation as a trust component, we add views
of other people and communities on the trustworthiness of a
TiiQu member to the trust quotient.
The TiiQu Score is the degree to which a TiiQu member can be
trusted in a professional context

Trust Quotient Analysis and Propositions

TiiQu Score Elements

The TiiQu score is comprised of multiple elements, elements
that are derived from asking questions about an entity and
their claims.
We need to ask;
Identity - Are you who you say you are?
Verification - Is what you say about yourself true?
Reputation - What do other's think of you?
Performance Metrics - How well do you do what you say
you do?

Most elements, for example Identity, can have many
differing sources and many different aspects, but after
a certain point you start to experience normalized
returns. An example, if we have already confirmed your
ID by 7 different sources, your 8th source would likely
not impact at all on your overall TQ. This would mirror
real life, after someone is pretty sure you are who you
say you are, additional information doesn't convince
them much more. Identity recourses will only have
confirmed or not confirmed values. The weight of the
values the trust source delivers depends on the kind of
verification of the identity of a person.

However elements Each element goes (….) when it comes to
of trust, such as towards building up a trust from a human
reputation, decay picture of perspective we only
over time without trustworthiness with want to know an
constant attention. no one person able to answer to the
Meaning that your get a perfect trust question "How much
latest reputation quotient, and ever can this person be
ratings will hold a lot increasing work
more weight than required to raise your trusted?".
reputation ratings quotient.
from 10 years ago.
You can't sit on your
laurels.

TiiQu score structure

The TiiQu is calculated using a modular
hierarchical weighted averaging system.
As discussed an entity’s TiiQu is
comprised of many elements each
element that contributes to a TiiQu is
called a TiiQu Node or a Node. A network
of Nodes is called a TiiQu Tree or simply
a Tree.

TiiQu typical tree

TiiQu Calculation



Blockchain based Verification

Verification is a key element for establishing the proofs
of user's claims. Invariably with user claims about
certifications and memberships these claims can be
verified by a single source referred to as
the institution. In an analogue context institutions
issue certifications and/or memberships, referred to
as issues, to individuals in the form of paper
certificates. These certificates stand as proof,
somewhat, that the individual holds a certification
and/or membership with the institution. However the
incentive for degree fraud and faking membership
means that direct verification with the issuing
institution is required before an individual's claims are
believed.

Verification of claims can be a time consuming and
costly process for the institution and the entity seeking
verification, referred to as a verifier. In this section we
discuss a number of solutions for verifying issue claims
of individuals using the Ethereum blockchain. These
solutions aim to reduce the time and cost of
verification, required by both institutions and verifiers,
to negligible levels

Blockchain certificates

The issue will be represented on the
blockchain by a readable issue contract
that can be thought of as a "blockchain
certificate", a document that details an
attainment that many holders can
achieve. The distinction from a traditional
certificate is that the blockchain certificate
contains no identifying data about the
holders, and only details the specifics of
the attainment.

Why store the hash proofs?

The hash proofs are stored to allow third
parties to see that proof was provided by the
claimer and to allow the third party to perform
the hash algorithm on the proof to determine
that it matches what was originally published
by the institution. This allows the third part to
prove that the claimers/holders have the same
data that the institution had at the point of
the issuance event, data only available to the
holder and the institution.

Issuing for blockchain holders

Issuing for non- blockchain holders

(C) 2019 - TIIQU LIMITED 37



Why only store the data hashes?

Why don't we store the personal/issue details of the
holder and only store the data hashes derived from
the details? This element of the verification of issues
has been deliberately designed with data protection
and the right to be forgotten in mind. Since any data
published to the blockchain is forever public we
need a method of providing proof that the claimer is
the holder of a particular issue without revealing the
any of the details.
The hashes are stored on the blockchain but the
data that they represent are not. This allows for a
claimer to have their claim verified without having
to reveal their personal details in a way which would
be exposed directly to the blockchain. In the same
vein all association with the person is abstracted to
such a degree that the at some future time the
individual can choose to disconnect their personal
association with their issues if they want. Thus giving
them the option "to be forgotten".

Verifying future issues

Verifying past issues

(C) 2019 - TIIQU LIMITED 39

While we can complain about
weaknesses, loopholes or bad
implementations of data
protection, we have to appreciate
the effort of the EU to protect its
citizens. There is nothing similar to
GDPR being issued in the rest of
the world.

GDPR

Blockchain based applications are the perfect tools
for data retention. Physical deletion of data from
the chain is not possible without destroying the
integrity of blockchain itself.
The GDPR (General Data Protection Regulation) is a
regulation by which the European Parliament, the
Council of the European Union and the European
Commission intend to strengthen and unify data
protection for all individuals within the European
Union from May 25th 2018.

(C) 2019 - TIIQU LIMITED 41



REQUIREMENTS

The 6 basic technical requirements that have to
be considered for an implementation are

•Consent requires a clear understandable form
which has to be agreed upon before a user signs
up to an application.

•Right of Access means that a user is allowed to
have insight into the data relating to him/her.

•Right to Erasure is handled by physical or logical
deletion of data.

•Right of Revocation means that users must be
able to revoke their consent.

•Blocking of Data is marking of data such that its
processing can be restricted.

•Right to Portability requires the possibility of
data transfer to third parties.

High availability is another requirement which
will depend on the kind of the implementation
of the above properties served by the
application.



BLOCKCHAIN & GDPR

Blockchain based applications are the perfect tools for
data retention. Physical deletion of data from the chain
is not possible without destroying the integrity of
blockchain itself.
The GDPR (General Data Protection Regulation) is a
regulation by which the European Parliament, the
Council of the European Union and the European
Commission intend to strengthen and unify data
protection for all individuals within the European
Union from May 25th 2018.

(C) 2019 - TIIQU LIMITED 45

DEPENDING ON THE LEDGER

The ledger, respectively the Ethereum Blockchain plays a special
role in the context of data protection. Due to its design it comes
with designated properties which are different from traditional
data bases. Deleting data from it is not possible. Neither can be
100% controlled what happens to all copies of it on the machines
all over the world. Therefore, the only way to meet
Right to Erasure
Right of Revocation
Blocking of Data (Restriction of Processing)
in blockchain based applications, is to only upload anonymous
data to the Ethereum blockchain, which can be mapped to
natural persons by linking the data to their accounts. Like this,
logical deletion, which is accepted by the GDPR can be enabled
within the application. When logical deletion is possible, the base
for revocation and restriction of processing is set too. TiiQu
follows these principles consequently.

INDEPENDENT FROM THE LEDGER

Consent
Right of Access
Right to Portability

Those requirements can be implemented on top of the
Ethereum VM layer. Consent will be integrated in the
TiiQu sign up form. The Right of Access is solved by
default in Ethereum and will be respected by the
functionality TiiQu implements on top of Ethereum.

The Right to Portability will be under the control of the
TiiQu members too.

HASHED DATA 48

Hashed data is considered
pseudonymized rather that
anonymized by a Working Party
opinion of the EC. So purely hashed
data in a blockchain cannot be
considered GDPR compliant
according to this opinion. TiiQu
chose to use roots of Merkle Trees
as pointers on the Ethereum
Blockchain. Another option are
Zero Knowledge Proofs.

(C) 2019 - TIIQU LIMITED

PSEUDONYMIZATION VIA CRYPTOGRAPHIC HASH FUNCTIONS

The usage of those functions will serve the following
benefits:

▪ Collision resistance of those functions will prevent any
confusions of original inputs.

▪ The integrity of the source data is verified as well.
▪ A mapping to the source data is quickly computed by

the owners of the source data
▪ No mapping tables have to be kept. The mapping can

be done by only knowing the source data, a salt
(random string) and the used hash function.
▪ Finding the source data by hacking the hash outputs
from the TiiQu platform requires high cost
computations and is not realizable within reasonable
time.

TiiQu and the GDPR

We do not store any person identifying data on the
Ethereum network. We only store cryptographic references
to identifying data. Personal details like name, DOB, address
etc. are stored on our centralised servers with write and
delete permissions given solely to the user for their data.

Until decentralised databases can allow for data to be
permanently removed they will not be suitable for GDPR
compliance. Even with encrypted data on a decentralised
DB, the exposure of the decryption key exposes all the data
stored using that key

Member Certificate Verification

The mechanism ensures an anonymous certificate
verification which can only be related to a person if her or
his ID is known. The content of the certificate is only visible
to the TiiQu member and the university.