Decentralized Polling with Respectable Participants

We consider the polling problem in a social network where participants care about their reputation: they do not want their vote to be disclosed nor their misbehaving, if any, to be publicly exposed. Assuming this reputation concern, we show that a simple secret sharing scheme, combined with verification procedures, can efficiently enable polling without the need for any central authority or heavyweight cryptography. More specifically, we present DPol, a simple and scalable distributed polling protocol where misbehaving nodes are exposed with a non-zero probability and the probability of dishonest participants violating privacy is balanced with their impact on the accuracy of the polling result. The trade-off is captured by a generic parameter of the protocol, an integer k we call the privacy parameter , so that in a system of N nodes with $B dishonest participants, the probability of disclosing a participant's vote is bounded by (B /N ) k + 1, whereas the impact on the polling result is bounded by (6k + 2) B . We report on the deployment of DPolover 400 PlanetLab nodes. The polling result suffers a relative error of less than 10% in the face of message losses, crashes and asynchrony inherent in PlanetLab. In the presence of dishonest nodes, our experiments show that the impact on the polling result is (4k + 1) B on average, consistently lower that the theoretical bound of (6k + 2) B .

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Dahlia Malkhi,et al.  Anonymity without 'Cryptography' , 2002, Financial Cryptography.

[3]  Mostafa H. Ammar,et al.  A reputation system for peer-to-peer networks , 2003, NOSSDAV '03.

[4]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[5]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[6]  David Eisenstat,et al.  The computational power of population protocols , 2006, Distributed Computing.

[7]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM 2001.

[8]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[9]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[10]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2008, TNET.

[11]  Dahlia Malkhi,et al.  E-Voting Without 'Cryptography' , 2002, Financial Cryptography.

[12]  Rachid Guerraoui,et al.  Secretive Birds: Privacy in Population Protocols , 2007, OPODIS.

[13]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[14]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[15]  Robbert van Renesse,et al.  Fireflies: scalable support for intrusion-tolerant network overlays , 2006, EuroSys.

[16]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[17]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[18]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[19]  Ramesh Govindan,et al.  The Design of A Distributed Rating Scheme for Peer-to-peer Systems , 2007 .

[20]  Jose L. Muñoz,et al.  Analysis of peer-to-peer distributed reputation schemes , 2005, 2005 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[21]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.