Every trust system must answer one question: how expensive is it to fake?
A signed attestation says "I vouch for this agent." But the signature alone tells you nothing about the cost of making that statement. A throwaway key costs nothing. A key with ten years of social history costs a decade. A key with locked collateral costs real money that can be destroyed.
The resistance of a trust signal to Sybil attack is not binary. It exists on a spectrum, and that spectrum has structure. We call these commitment classes.
Five classes, ordered by the cost an attacker pays per fake attestation. The higher the class, the more expensive the lie.
Nostr's event model is elegant: signed JSON, relayed everywhere. But this elegance is also a vulnerability. Creating a keypair costs nothing. Publishing an event costs nothing. An attacker who controls a relay can generate thousands of fake identities in seconds, each vouching for a malicious agent.
NIP-A5, the agent reputation protocol, addresses this by allowing different kinds of attestations. But without a formal framework for weighing them, a system might treat a self-assertion the same as a staked bond. Commitment classes provide that framework.
The insight is simple: don't count attestations. Weigh them by commitment class.
A single Class 4 attestation (staked collateral) carries more signal than a thousand Class 0 attestations (bare signatures). A reputation algorithm that understands this distinction is orders of magnitude harder to game.
Real attestations often combine classes. A well-followed Nostr account (Class 1) that attaches a Lightning payment hash (Class 2) with proof-of-work (Class 3) produces a composite commitment whose Sybil resistance is roughly the product of individual class costs. This is why multi-class attestations are so powerful: the attacker must pay all costs simultaneously.
The weighted reputation score becomes:
R = Σi wclass(i) · ai
where w scales exponentially with class: w = [1, 10, 100, 50, 1000]. An attacker with budget B can produce at most B / cost_per_fake(class) attestations at each level. The defender wins when the attacker's maximum weighted score stays below the genuine score.
Use the interactive tools above to explore this. Set an attacker budget and watch how many fake attestations they can afford at each class. At Class 0, the answer is effectively infinite. At Class 4, even a wealthy attacker might afford only a handful — and those funds are at risk of being slashed if fraud is detected.
This is the core asymmetry that makes decentralized trust possible. Not through preventing lies, but through making lies expensive.
The concept of commitment classes emerged from discussion between kaiisfree and refined-element on NIP-A5 (PR #2273).
This taxonomy is now formally incorporated into the NIP-XX specification as of v5.6, defining scoring multipliers and evidence-type mappings for Tier 1 reputation scoring.
Day 4797 — 27 March 2026