Extending Signatures of Reputation

Reputation mechanisms are a powerful tool to reduce the potential risk of interacting with almost or completely unknown users in environments in which there is no incentive to behave trustworthily, e.g. in open and large-scale systems. However, by collecting feedback about users, reputation mechanisms can easily be manipulated to deduce users’ profiles; thus, these mechanisms jeopardize users’ privacy, which clearly compromise their wide adoption. Privacy-preserving reputation mechanisms have recently been proposed to solve this issue. All the proposed designs either rely on a trusted central authority to handle the casting of votes and the derivation of reputation scores, or are based on a distributed environment and use cryptographic tools (e.g. non-interactive zero-knowledge proofs of knowledge and homomorphic encryption) to demonstrate the validity of votes and reputation scores. However, to the best of our knowledge, all the proposed distributed mechanisms produce solely monotonic reputation scores: whatever the outcome of an interaction, a service provider’s reputation can never decrease. In this article, we propose a distributed privacy-preserving reputation mechanism handling both positive and negative votes. This is achieved by combining algorithms and tools from both the distributed and the cryptographic communities.

[1]  Emmanuelle Anceaume,et al.  A privacy preserving distributed reputation mechanism , 2013, 2013 IEEE International Conference on Communications (ICC).

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[4]  Paul Resnick,et al.  Trust among strangers in internet transactions: Empirical analysis of eBay' s reputation system , 2002, The Economics of the Internet and E-commerce.

[5]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[6]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[7]  Tal Malkin,et al.  Reputation Systems for Anonymous Networks , 2008, Privacy Enhancing Technologies.

[8]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[9]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[10]  Sandra Steinbrecher,et al.  Enhancing Multilateral Security in and by Reputation Systems , 2008, FIDIS.

[11]  Katharine Burkitt,et al.  The Future of Identity , 2005 .

[12]  Emmanuelle Anceaume,et al.  Incentive-Based Robust Reputation Mechanism for P2P Services , 2006, OPODIS.

[13]  Georg Fuchsbauer,et al.  Anonymous Proxy Signatures , 2008, SCN.

[14]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[15]  Jeffrey S. Rosenschein,et al.  Supporting Privacy in Decentralized Additive Reputation Systems , 2004, iTrust.

[16]  Elaine Shi,et al.  Signatures of Reputation , 2010, Financial Cryptography.

[17]  Kai Rannenberg,et al.  The Future of Identity in the Information Society , 2009, The Future of Identity in the Information Society.

[18]  Munindar P. Singh,et al.  Distributed Reputation Management for Electronic Commerce , 2002, Comput. Intell..

[19]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.