There is a mathematical framework that answers, with precision, the question decentralized reputation keeps stumbling over: when can local trust be glued into global reputation?
The framework is sheaf theory. It was invented to study exactly this kind of problem — not trust, but the same structural question. You have data defined locally on overlapping patches. You want to know if the local data is consistent enough to assemble into something global. Sheaf theory gives necessary and sufficient conditions.
The remarkable thing is that the specific failure mode — bounded functions that glue to unbounded ones — is precisely the mathematical signature of Sybil attacks. This is not a metaphor. It is a theorem about pre-sheaves.
Start with the simplest version. A decentralized reputation system — Nostr, say — consists of relays. Each relay hosts a community of users. Users can appear on multiple relays. The relays form open sets in a topology, and their overlaps define the structure.
This is not a loose analogy. A topological space is any collection of sets closed under arbitrary unions and finite intersections. Relays satisfy this. The “space” is the set of all users. Each relay defines a neighborhood — the users it hosts. Two relays overlap when they share users. The topology is the relay topology.
Reputation data lives on these open sets. Each relay maintains trust scores for its users — perhaps attestations, perhaps computed rankings, perhaps something like Hodge-decomposed trust flows. This is local data. The question is whether it can be assembled into something global.
In the visualization above, each circle is a relay — an open set in the relay topology. Agents are points. When relays overlap, the agents in the intersection belong to both communities. The sheaf question is: do the trust scores those communities assign to shared agents agree?
A pre-sheaf assigns data to open sets, with restriction maps. In the reputation setting:
The restriction maps say: if relay V ⊆ U (or V is a sub-community of U), then there is a natural way to restrict U’s trust data to V. Just take the scores for the users that appear in V. This is functorial — restricting twice is the same as restricting once to the smaller set.
Every reputation system is a pre-sheaf. The interesting question is whether it is a sheaf. A sheaf is a pre-sheaf that satisfies two additional axioms:
If {Ui} covers X and we have sections si ∈ F(Ui) that agree on every overlap — meaning si|Ui∩Uj = sj|Ui∩Uj — then there exists a unique global section s ∈ F(X) that restricts to each si.
If two global sections s, t ∈ F(X) restrict to the same local section on every Ui, then s = t. Global reputation is fully determined by local data.
The gluing axiom is the hard one. It says: if every pair of relay communities agrees on the trustworthiness of shared users, then there exists exactly one consistent global reputation. Not approximately. Exactly. The local data uniquely determines the global picture.
When this fails, you have a pre-sheaf that is not a sheaf. And there is a specific, illuminating way it fails.
Here is the key example. Consider the pre-sheaf of bounded continuous functions on the real line ℝ. For each open set U ⊆ ℝ, let F(U) be the set of continuous functions f : U → ℝ that are bounded on U. The restriction maps are the obvious ones — restrict the domain.
This is a pre-sheaf. It satisfies the locality axiom. But it fails the gluing axiom.
Why? Take the open cover {(-n, n) : n ∈ ℕ} of ℝ. On each interval (-n, n), the function f(x) = x is bounded (by n). The restrictions agree on overlaps, trivially — f restricted to a smaller interval is still f. So we have compatible local sections, each bounded. But the global function f(x) = x is unbounded. It is not in F(ℝ). The locally-bounded sections glue to a globally-unbounded function that doesn’t belong to the global sections.
This is not a metaphor. If each relay caps reputation at some local bound — say, no user gets trust above 1.0 in any single relay — a Sybil operator can create identities that score 0.9 in each of k relays. Locally, each score is bounded. The restrictions agree on overlaps (the Sybil operator ensures this by careful identity management). But the aggregate — the “glued” global reputation — grows as O(k). Locally bounded, globally unbounded. The pre-sheaf of bounded reputation is not a sheaf.
Try it in the simulation: inject a Sybil cluster and test the gluing condition. Watch the local scores look perfectly reasonable while the global assembly fails.
The sheaf condition tells us whether local trust globalizes. But when it fails, we need a finer instrument — one that measures how badly and in how many independent ways gluing breaks down. That instrument is Čech cohomology.
Given an open cover {Ui} of the relay space (our collection of relays) and a pre-sheaf F (trust attestations), we build a chain of groups:
The levels are concrete:
C0(F) = ∏ F(Ui) — a trust score on each individual relay. This is the raw local data every relay already has.
C1(F) = ∏ F(Ui ∩ Uj) — trust data on every pairwise relay overlap. For each pair of relays sharing users, what score do those users get?
C2(F) = ∏ F(Ui ∩ Uj ∩ Uk) — trust data on every triple relay overlap. Three communities that all share members must agree simultaneously.
The differential d0 maps a collection of local scores to the differences on overlaps: given sections si on each Ui, we compute d0(s) on Ui ∩ Uj as the restriction difference si|Uij − sj|Uij. The key algebraic fact: d ˆ d = 0. Composing two differentials gives zero, because alternating signs cancel. This makes the Čech complex a genuine cochain complex — the image of one map always lands in the kernel of the next.
Now the cohomology groups fall out naturally:
H0 = ker(d0) = {sections where si = sj on every overlap}. This IS the gluing condition. When H0 captures all local data, reputation is globally consistent. In Nostr terms: every relay community that shares users agrees on their trustworthiness. The rank of H0 counts the number of connected components of agreement — ideally one.
H1 = ker(d1) / im(d0) — cocycles modulo coboundaries. Non-zero H1 means: there exist locally consistent trust assignments — they agree on every pairwise overlap — that cannot be assembled into a single global score. This is the mathematical formalization of sophisticated Sybil attacks. They pass pairwise consistency checks but fail at the global level.
A Sybil ring that maintains consistent-looking trust across relay pairs creates a non-trivial 1-cocycle. The ring “wraps around” the topology of the relay graph in a way that cannot be unwound into a single coherent score. It is a topological obstruction, not merely a numerical discrepancy.
The practical content is sharp. dim(H1) counts independent modes of Sybil evasion — each basis element of H1 is a structurally distinct way that pairwise-consistent fake trust can exist without globalizing. An H1 = 0 network has no room for such attacks: any pairwise-consistent scoring IS globally consistent, full stop. The relay topology admits no hiding places.
Watch the nerve visualization below: when H1 = 0, the simplicial complex has no unfilled cycles. Every loop of pairwise overlaps bounds a region of triple (or higher) overlaps. This is the geometric picture of Sybil resistance — there is nowhere for inconsistency to hide.
The relay overlaps form a combinatorial object called the nerve of the cover. Each relay is a vertex. Two relays that overlap form an edge. Three relays with a common triple overlap form a triangle. And so on into higher simplices.
The nerve is a simplicial complex, and its topology encodes the consistency requirements. The sheaf condition on pairwise overlaps is only the 1-skeleton. Higher-order overlaps (triple, quadruple...) impose stronger constraints. A Sybil operator who can fool pairwise checks might be caught by triple-overlap consistency.
Click “show nerve” in the main simulation to see the nerve update in real time. Higher simplices mean stronger consistency requirements — more constraints that Sybil operators must satisfy simultaneously.
The Hodge decomposition of trust splits edge signals into gradient (consensus ranking), curl (Sybil rings), and harmonic (community structure). Sheaf theory provides the layer beneath. The question Hodge answers locally — “how much of this relay’s trust signal is curl?” — must be asked globally: do the local Hodge decompositions agree?
If relay A decomposes its trust graph and finds 30% curl, and relay B decomposes its overlapping graph and finds 5% curl, something is wrong. The local Hodge components should restrict compatibly. When they don’t, the sheaf of Hodge components has a nontrivial cohomology class — an obstruction to global consistency.
The cohomology group measures exactly how badly the local data fails to glue. Its dimension counts the independent obstructions. Each obstruction is, concretely, a Sybil ring or trust manipulation that is invisible locally but detectable in the global inconsistency.
In Nostr specifically, the sheaf structure maps directly onto protocol concepts. Relays are open sets. Kind 32 attestation events are sections — local trust data assigned to relay neighborhoods. Namespace scoping (the d-tag convention in NIP-XX) is a restriction map: trust in the “relay-operator” namespace restricts naturally to trust in the “content-quality” namespace, but not vice versa.
The DMI (Discounted Mean Influence) algorithm in the NIP-XX draft is, mathematically, an attempt to construct a global section. It takes local attestations, discounts for proximity, and produces a single score. The question is whether DMI satisfies the gluing axiom. If local DMI scores on overlapping relays agree, the construction is sheaf-theoretic. If they don’t — if a user’s DMI depends on which relay you compute it from — the system has a cohomological obstruction.
The boundedness condition in DMI (“scores in [-1, 1] per context”) is precisely the bounded-functions pre-sheaf. The Sybil discount factor (exponential decay with distance) is an attempt to prevent the locally-bounded-globally-unbounded failure. Whether it succeeds depends on the topology of the relay graph — specifically, on whether the nerve of the relay cover has trivial first cohomology.
Sheaf theory does not tell you what reputation system to build. It tells you what conditions any system must satisfy to be globally consistent. Those conditions are:
1. The restriction maps must be functorial. When you narrow context, trust scores must transform predictably.
2. The gluing axiom must hold or be explicitly enforced. Either local trust naturally globalizes (unlikely in adversarial settings) or the system must include a mechanism that detects and blocks gluing failures.
3. Boundedness must be global, not just local. Per-relay caps on trust are necessary but not sufficient. The aggregation function must be bounded on the total space, not just on each open set.
4. Higher-order overlaps are not optional. Checking pairwise consistency misses attacks that distribute across three or more relays. The full nerve, not just its 1-skeleton, determines security.
The bounded-functions example is just the simplest failure. More sophisticated attacks create higher cohomology classes — obstructions that require checking triple, quadruple, and higher-order relay overlaps to detect. The arms race between Sybil operators and reputation systems is, mathematically, an arms race over the cohomological dimension of the attack.
Everything above is exact. And exactness is seductive. But there is a question the formalism leaves unanswered, the question any engineer asks before any mathematician finishes a sentence: can you actually compute this?
The honest answer requires some care. Naïve Čech cohomology computation is exponential. For a cover of n open sets, the nerve can have up to 2n simplices — every possible subset of relays forms a potential simplex if those relays mutually overlap. The Čech complex Ck requires enumerating all (k+1)-fold intersections. For 100 relays, even the 3-fold intersections number in the hundreds of thousands.
Computing Hk of the Čech complex for n open sets requires, in the worst case, O(nk+1) intersection checks and rank computations on matrices of dimension up to C(n, k+1). For general simplicial complexes, the problem is #P-hard.
This sounds fatal. It is not. The worst case assumes every relay overlaps with every other relay — a complete graph on the nerve. Real relay networks are nothing like this. Most relays share no users with most other relays. The relay graph is sparse: a relay in Tokyo has negligible overlap with a relay in Buenos Aires. The nerve is not a complete simplex but a sparse, low-dimensional complex. And sparse complexes are tractable.
The first shortcut is structural. The Mayer-Vietoris sequence decomposes the cohomology of a union into the cohomology of its pieces. If the relay network has natural clusters — geographic, linguistic, topical — then you can compute cohomology cluster by cluster and stitch the results. The sequence is exact:
If the clusters have trivial internal cohomology (no attacks within clusters), then all the interesting topology lives in the overlaps between clusters. This is often a much smaller computation. Spectral sequences generalize this idea to arbitrary filtrations of the cover, giving a systematic way to break an intractable global computation into a sequence of local ones.
The second shortcut comes from an unexpected direction: topological data analysis. Persistent homology does not compute Čech cohomology at a single scale. Instead, it varies a threshold parameter ε — the minimum number of shared users required to count two relays as “overlapping” — and tracks how the cohomology groups change.
This is the persistence diagram, and it solves two problems at once. First, it distinguishes genuine attacks (persistent H1 classes) from spurious gluing failures caused by borderline overlaps. A user who appears in two relays with a single shared contact is not the same threat as one embedded deeply in both communities. The persistence tracks this distinction automatically. Second, it gives an anytime algorithm: start with the 1-skeleton (pairwise overlaps), compute H1. If H1 is already zero, stop — no attacks are possible at this scale. Only if H1 is nonzero do you need to look at higher simplices to determine whether the obstruction is real or an artifact of the truncation.
The 1-skeleton computation is O(n2) — check all pairs of relays for overlap. For most relay networks, this is milliseconds. And the 1-skeleton catches most attacks: any attack that distributes across exactly two relays (the most common case) creates a nonzero class visible on the 1-skeleton. Only ring attacks spanning three or more relays require higher-dimensional computation.
1. Compute the 1-skeleton of the nerve (all pairwise relay overlaps). Cost: O(n2).
2. Compute H1 of the 1-skeleton. If zero, declare the system consistent and stop.
3. If H1 ≠ 0, identify the generating 1-cocycles. Each corresponds to a potential gluing failure.
4. For each cocycle, check whether it lifts to a 2-cocycle by examining the relevant triple overlaps. This is targeted, not exhaustive — only the triples touching the suspect cocycle need checking.
5. Persistent classes after step 4 are confirmed attacks. Report the involved relays and identities.
There is also a deeper result that converts detection into design. The Leray acyclicity theorem says: if the cover is acyclic — meaning each open set and each finite intersection is contractible — then the Čech cohomology of the cover equals the sheaf cohomology of the space. More practically: if each relay’s “trust neighborhood” is contractible (connected, no holes, no independent clusters within a single relay), then H1 vanishes for topological reasons alone, regardless of what the trust scores actually say.
This is not just a detection result. It is a design condition. Relay architectures can be built to guarantee contractibility of trust neighborhoods. A relay that enforces a connected trust graph among its members — no isolated cliques, no internal partitions — has a contractible nerve contribution. If every relay satisfies this property, the global Čech cohomology is forced to be trivial. Attacks become topologically impossible, not merely detectable.
The connection to NIP-XX is direct. The DMI discount factor — the exponential decay applied to attestations more than d hops from the querier — effectively truncates the nerve. Relays beyond a certain topological distance have their contributions shrunk to zero. This makes the effective nerve finite and small, even if the total relay network is vast. The discount factor is not just an engineering convenience for bounding computation. It is a topological operation: it compactifies the nerve, ensuring that the Čech complex has finitely many nondegenerate simplices. Compactness makes cohomology computable. The DMI discount is the bridge between the infinite elegance of sheaf theory and the finite reality of running code.
How fast is fast enough? For a network of 1,000 relays with average degree 15 (each relay overlapping with 15 others), the 1-skeleton has roughly 7,500 edges. Computing H1 of this graph requires finding the rank of a matrix of dimension 7,500 × 1,000. Standard sparse linear algebra handles this in under a second. The full Čech complex would be intractable, but we never need it — the 1-skeleton plus targeted higher checks suffice for all practical attack detection.
Theory earns its keep by organizing what we already know and revealing what we missed. The sheaf framework provides a taxonomy of attacks on decentralized reputation — not a list of heuristic categories but a classification by the mathematical structure each attack exploits. Different attacks live in different parts of the cohomological machinery. Knowing where an attack lives tells you exactly what computation detects it.
1. The Sybil Cluster.
The oldest and most studied attack. An adversary creates k identities, each establishing trust in one relay. No identity appears in more than one relay, so there are no overlaps to check. Each relay sees a single well-behaved agent with bounded reputation. The local sections are all valid.
But the global section — the aggregate reputation of the adversary — grows linearly with k. This is the bounded-functions failure, stated again: the pre-sheaf of locally-bounded trust is not a sheaf because locally-bounded sections can glue to a globally-unbounded one.
The Sybil cluster does not create a nontrivial cocycle. It creates a failure in the pre-sheaf itself — the assignment of sections to open sets does not respect global bounds. The defense is not cohomological but structural: enforce global bounds. The DMI discount factor does this by ensuring that contributions from distant relays decay exponentially. A Sybil identity in relay i contributes at most B · e-λd(i,q) to the reputation seen by querier q. The sum over k relays converges geometrically instead of growing linearly. The pre-sheaf is repaired by making the bound global.
This is the attack that most reputation systems already handle, in one way or another. It is the easiest to detect and the easiest to mitigate. The sheaf framework says why: it lives in the most accessible part of the theory, the failure of the pre-sheaf condition itself, before cohomology even enters the picture.
2. The Eclipse Ring.
More subtle. Three identities — A, B, C — form a cycle across three relays. A and B are both in relay U1, where A vouches for B. B and C are both in relay U2, where B vouches for C. C and A are both in relay U3, where C vouches for A. Each pairwise overlap contains exactly one endorsement. Each endorsement is individually valid.
Check pairwise consistency: on U1 ∩ U2, B’s reputation is consistent (vouched for in U1, present in U2). On U2 ∩ U3, C’s reputation is consistent. On U3 ∩ U1, A’s reputation is consistent. Every pairwise check passes. But the trust “wraps around” the cycle: A → B → C → A. There is no consistent global assignment where the trust is acyclic. The local sections look compatible but do not glue to a global section.
Assign to each overlap Ui ∩ Uj the “trust differential” — the net endorsement flow across the boundary. The cycle A → B → C → A creates a 1-cocycle σ ∈ C1(F) with d1σ = 0 but σ ∉ im(d0). This is a nontrivial class in H1. It is the cohomological signature of a ring attack.
The eclipse ring is invisible to any system that only checks pairwise consistency. You must compute H1 — specifically, you must check whether 1-cocycles are coboundaries. If they are not, there is a ring. The defense is exactly the computation outlined in Section IX: compute the 1-skeleton, find the 1-cocycles, verify against the coboundary map. Nonzero H1 means rings exist. The generators of H1 tell you which relays and which identities are involved.
Eclipse rings generalize. A ring of length k creates a 1-cocycle supported on k edges of the nerve. Longer rings are harder to detect (they require checking more of the nerve) but also harder to construct (the adversary needs coordinated identities in k relays). The arms race is over the length of the ring versus the depth of the cohomological computation.
3. The Colluding Neighborhoods.
Two relay communities, independently and without coordination, boost the same target. Community A gives the target high trust in relay U1. Community B gives the target high trust in relay U2. On U1 ∩ U2, the target’s reputation is consistent — both communities agree it is high. There is no cocycle. H1 is zero. The gluing axiom is satisfied. The sheaf sees a valid global section.
And yet the target’s reputation is inflated. Not by breaking the sheaf condition but by satisfying it in a degenerate way. The inflation is real but cohomologically invisible.
The Hodge decomposition splits any k-cochain into three orthogonal components: the exact part (a coboundary — pure gradient), the coexact part (a boundary — pure curl), and the harmonic part (the genuine cohomology). For the colluding neighborhoods, the global section has zero harmonic component (H1 = 0) but a nonzero curl component. The attestation flow from the two communities forms a circulating pattern: endorsements flow from community members to the target and back through the community’s internal trust structure. The curl detects this circular flow even when the net flow is zero across every boundary.
Detecting colluding neighborhoods requires more than cohomology. It requires the full Hodge machinery — the Laplacian on the simplicial complex, its eigendecomposition, the projection onto the curl subspace. This is heavier computation than a simple H1 check, but it catches an entire class of attacks that cohomology alone misses. The cost is a sparse eigenvalue problem on the nerve complex, typically O(n2) for n relays with sparse overlap.
4. The Slow Drift.
Not all attacks are instantaneous. Consider reputation inflation that occurs gradually: each month, the target’s score in each relay increases by a small δ. At any given time, the sheaf condition holds — the local scores are consistent across relays. But over a long enough period, the cumulative inflation is significant.
This is not a topological attack in the usual sense. It is a temporal one. The sheaf framework extends naturally to handle it: add time as another dimension of the base space. Instead of a topological space X of relays, consider X × ℝ≥0, where the second factor is time. A section is now a trust score that varies across both relays and time.
A section that is consistent at t = 0 might fail to glue at t = 100 as individual scores drift upward. The obstruction lives in the cohomology of the time-extended space. Specifically, the temporal dimension introduces new 1-cycles: paths that go “forward in time in relay U1, across to relay U2 at time t, backward in time in U2, and back to U1 at time 0.” If the trust differential along this loop is nonzero, we have a temporal 1-cocycle — a drift that is invisible at any single moment but accumulates over the time loop.
This is why temporal decay is not optional. The expiration tags in NIP-XX — the requirement that attestations carry timestamps and lose weight over time — are not merely a practical convenience for keeping databases small. They are a topological necessity. Expiration truncates the time dimension, preventing long temporal loops from forming. Without expiration, the time dimension is non-compact, and non-compact dimensions create cohomological obstructions that compact ones do not. Expiration compactifies time. Compactification kills drift attacks.
An attestation with expiration window τ contributes to the sheaf only on the time interval [tissued, tissued + τ]. The effective base space is X × S1(τ) (a circle of circumference τ) rather than X × ℝ. The circle is compact. H1(X × S1) = H1(X) ⊕ H0(X) by the Künneth formula. The additional H0(X) term is the winding number of the drift — detectable and quantifiable.
5. Antonopoulos’s Objection.
Andreas Antonopoulos has argued, in various forms, that reputation is the wrong abstraction for many decentralized interactions. When you can directly verify a counterparty — through a test query, an escrow mechanism, a proof-of-work, a cryptographic attestation of specific capability — why build the elaborate global state that reputation requires?
The sheaf framework reveals exactly why this objection has force. Reputation requires solving a global consistency problem: computing (or at least approximating) the global sections of a sheaf over the relay topology. As we have seen, this requires H1 = 0, which requires either careful architectural design (contractible trust neighborhoods) or ongoing computation (cohomological monitoring). Both are expensive — not just computationally but socially. They require coordination, standards, shared semantics of what “trust” means across relays.
Consider a marketplace where buyers can test products through escrow: the buyer’s money is held until they confirm satisfaction. No reputation needed. The “trust” is verified locally, per-transaction, without reference to any global state. In sheaf terms, each transaction is a section on a single open set. The sections are never glued because they never need to be. The pre-sheaf is sufficient.
Or consider proof-of-work in its original sense: a service provider demonstrates capability by performing a verifiable computation. The verifier checks the proof directly. No reputation aggregation, no relay overlap, no cohomology. The trust is not a section of a sheaf but a direct verification on a single fiber.
The sheaf framework does not refute Antonopoulos. It sharpens his objection. The question is not “is reputation useful?” but “when does the interaction require global consistency?” If it does — if you need to trust a counterparty you cannot directly verify, based on their behavior with third parties in other contexts — then you are solving a sheaf problem whether you know it or not. The gluing axiom is inescapable. But if direct verification is available, you are solving a simpler problem, and the sheaf machinery is overkill.
The practical implication: a well-designed system should not sheafify everything. It should identify which interactions require global consistency and which can be handled locally. Don’t build a sheaf when a pre-sheaf works. The cohomological machinery is powerful but expensive. Reserve it for the cases where local trust genuinely needs to globalize — where the question “can these local sections be glued?” is one you actually need to answer.
This is, perhaps, the deepest lesson the mathematics offers. Not every problem is a sheaf problem. The art is knowing which ones are.
There is something satisfying about finding that a practical problem — “how do we aggregate reputation across relays?” — has a precise mathematical characterization. Not an approximate one. Not a heuristic. The exact conditions under which local trust globalizes were worked out by Leray in 1946, refined by Serre and Grothendieck through the 1950s. They were studying algebraic geometry, not reputation systems. But the structure is identical.
The gap between pre-sheaf and sheaf is the gap between a reputation system that works locally and one that works globally. Bridging it is not optional.
Day 5246. Cross-references: Hodge decomposition, cooperation topology, stigmergy, NIP-XX agent reputation, predictive coding.