Decentralized reputation

Reputation systems constitute one of the few workable mechanisms for distributed applications in which users can be made accountable for their actions. By collecting user experiences in reputation profiles, participants are encouraged to interact more with well-behaving peers hence better online behavior is motivated. In this work, we develop a privacy-preserving reputation scheme for collaborative systems such as P2P networks in which peers can represent themselves with different pseudonyms when interacting with others. All these pseudonyms, however, are bound to the same reputation token, allowing honest peers to maintain their good record, even when switching to a new pseudonym, while at the same time preventing malicious peers from making a fresh start. Our system is truly decentralized. Using an append-only distributed ledger such as Bitcoin’s blockchain, we show how participants can make anonymous yet verifiable assertions about their own reputation. In particular, reputation can be demonstrated and updated effectively using efficient zkSNARK proofs. The system maintains soundness, peer-pseudonym unlinkability as well as unlinkability among pseudonyms of the same peer. We formally prove these properties and we evaluate the efficiency of the various operations envisioned in our scheme.

[1]  Tassos Dimitriou,et al.  Multi-Party Trust Computation in Decentralized Environments , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[2]  Dragos Velicanu,et al.  CertCoin : A NameCoin Based Decentralized Authentication System 6 . 857 Class Project , 2014 .

[3]  Haifeng Yu,et al.  Sybil defenses via social networks: a tutorial and survey , 2011, SIGA.

[4]  Srinivas Devadas,et al.  Beaver: A Decentralized Anonymous Marketplace with Secure Reputation , 2016, IACR Cryptol. ePrint Arch..

[5]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[6]  Fan Zhang,et al.  DECO: Liberating Web Data Using Decentralized Oracles for TLS , 2020, CCS.

[7]  Stefan Schiffner,et al.  On the limits of privacy in reputation systems , 2011, WPES.

[8]  Fan Zhang,et al.  CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[9]  Elisa Bertino,et al.  Preserving privacy of feedback providers in decentralized reputation systems , 2012, Comput. Secur..

[10]  Feng Hao,et al.  PrivBox: Verifiable decentralized reputation system for online marketplaces , 2018, Future Gener. Comput. Syst..

[11]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[12]  Kenneth G. Paterson,et al.  Trusted computing: providing security for peer-to-peer networks , 2005, Fifth IEEE International Conference on Peer-to-Peer Computing (P2P'05).

[13]  Kai Bemmann,et al.  Fully-Featured Anonymous Credentials with Reputation System , 2018, ARES.

[14]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[15]  Jeffrey S. Rosenschein,et al.  Supporting Privacy in Decentralized Additive Reputation Systems , 2004, iTrust.

[16]  Man Ho Au,et al.  Decentralized Blacklistable Anonymous Credentials with Reputation , 2018, IACR Cryptol. ePrint Arch..

[17]  Elaine Shi,et al.  Signatures of Reputation , 2010, Financial Cryptography.

[18]  Matthew Green,et al.  Decentralized Anonymous Credentials , 2014, NDSS.

[19]  Elaine Shi,et al.  xJsnark: A Framework for Efficient Verifiable Computation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[20]  Johan A. Pouwelse,et al.  BarterCast: A practical approach to prevent lazy freeriding in P2P networks , 2009, 2009 IEEE International Symposium on Parallel & Distributed Processing.

[21]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[22]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[23]  Tal Malkin,et al.  Reputation Systems for Anonymous Networks , 2008, Privacy Enhancing Technologies.

[24]  David Wolinsky,et al.  AnonRep: Towards Tracking-Resistant Anonymous Reputation , 2016, NSDI.

[25]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[26]  Martin Florian,et al.  Sybil-Resistant Pseudonymization and Pseudonym Change without Trusted Third Parties , 2015, WPES@CCS.

[27]  Keith W. Ross,et al.  I Know What You're Buying: Privacy Breaches on eBay , 2014, Privacy Enhancing Technologies.

[28]  Florian Kerschbaum,et al.  k-anonymous reputation , 2013, ASIA CCS '13.

[29]  Carmela Troncoso,et al.  Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments , 2017, Proc. Priv. Enhancing Technol..

[30]  Johannes Blömer,et al.  Anonymous and Publicly Linkable Reputation Systems , 2015, Financial Cryptography.

[31]  Ehud Gudes,et al.  Methods for Computing Trust and Reputation While Preserving Privacy , 2009, DBSec.

[32]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[33]  Dionysis Zindros,et al.  Trust Is Risk: A Decentralized Financial Trust Platform , 2017, Financial Cryptography.

[34]  Yenumula B. Reddy,et al.  A Game Theory Approach to Detect Malicious Nodes in Wireless Sensor Networks , 2009, 2009 Third International Conference on Sensor Technologies and Applications.

[35]  Paul Resnick,et al.  Trust among strangers in internet transactions: Empirical analysis of eBay' s reputation system , 2002, The Economics of the Internet and E-commerce.

[36]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.