scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Trustless Privacy-Preserving Reputation System

TL;DR: In this paper, a blockchain based decentralized privacy-preserving reputation system for e-commerce applications is presented. But the system is not suitable for real world usage in, for example, ecommerce applications.
Abstract: Reputation systems are crucial for distributed applications in which users have to be made accountable for their actions, such as e-commerce websites. However, existing systems often disclose the identity of the raters, which might deter honest users from submitting reviews out of fear of retaliation from the ratees. While many privacy-preserving reputation systems have been proposed, we observe that none of them is simultaneously truly decentralized, trustless, and suitable for real world usage in, for example, e-commerce applications. In this paper, we present a blockchain based decentralized privacy-preserving reputation system. We demonstrate that our system provides correctness and security while eliminating the need for users to trust any third parties or even fellow users.

Summary (4 min read)

1 Introduction

  • These days, reputation systems are implemented in various websites, where they are crucial for the customer experience.
  • While some of the existing privacy preserving reputation systems might be suitable for e-commerce applications, the authors observe that each one of them comes with its drawbacks.
  • The blockchain can be more generally, as explained in [11], seen as a public distributed database, with all the participants agreeing about its state in a secure manner.
  • It will enable us to build a truly decentralized system, that does not require the participants to trust other users, as the integrity of the rating-history can be verified by every user.
  • Finally, the authors will explain in Section 6, why this system meets the expected goals.

3.1 Participants

  • As stated in Section 1, the authors will consider two types of users : service providers (SP) who will sell goods or services, and customers who might buy them.
  • Only customers might be raters, and only SP will be ratees.
  • A block is simply a set of operations that are aggregated for maintenance reasons (it is more efficient to store them this way).
  • Every service provider will own one address.
  • They will be used, in particular, to hold and spend the coins generated by the blockchain, but also to identify the service providers.

3.2 Operations

  • The authors will next describe the functions that are needed in their system.
  • These are implicit inputs of the protocols.
  • Given two tokens tx and tx′ , the service provider s will not be able to tell which token belongs to which transaction.
  • This operation will be performed by the service provider.
  • Every address who correctly creates a block and broadcasts it will receive a certain amount of coins.

3.3 Adversarial model

  • The authors consider a malicious adversarial model with collusions.
  • This model implies that any participant in the protocol may behave arbitrarily and deviate from the protocol at any time as deemed necessary.
  • Service providers may want to learn the identity of the customers that rated them, they might try to raise their own reputation, and collaborate with other service providers.
  • Customers may try to submit reviews without having previously interacted with service providers, might try to use the received token in order to rate other service providers, or might try to otherwise disrupt the service.
  • The authors will also suppose that there might be attempts to disrupt the blockchain, such as forking in order to confuse new participants.

3.4 Objectives

  • The objectives for their system are the following : – Trustlessness.
  • In an e-commerce system, the authors cannot expect customers to have pre-existing trust towards other customers of the same SP.
  • As the identity of a customer will be most certainly revealed during a transaction, the system should enforce the unlinkability of transactions and ratings, i.e. for a given rating, it should not be possible to determine which transaction it is related to (it should however be possible to identify the related SP).
  • The authors will even exclude Certification Authorities, because they have proven unreliable in the past, either because they became subject to attacks [15,16] or because they issued themselves fraudulent certificates [17], and because they would induce some centralization aspects in the system.
  • The later kind of unlinkability is also crucial to preserve the anonymity of the users, as highlighted in [18] and [19].

4.1 Blockchain

  • Every action that modifies this database is broadcasted among all the users in the network, and they are recorded as “blocks”.
  • The creation of those “blocks” is controlled by mechanisms that vary between the different blockchain algorithms, and the state of the database is the sum of all the actions in all the blocks at a given moment in time.
  • This concept has become popular due to the BitCoin currency [10], which seems to be the first application making use of this idea.
  • The second one uses a different mechanism, in which the amounts of coins held by the participant define this probability.
  • More information about the different blockchain systems can be found in the extended version of this paper [20].

4.2 Blind signatures

  • A blind signature scheme is a protocol in which the signer of a message does not learn anything about the content of the message that was signed.
  • The authors expect from such a system the following properties : Unforgeablility.
  • The signature cannot be falsified (only the user knowing some secret information, such as a private key, can issue valid signatures).
  • Once the message and signature have been revealed, the signer cannot determine when the message was signed.
  • The blind signature scheme proposed by Okamoto [21], based on bilinear pairings, could be used to instantiate this primitive, or the simpler version based on the RSA algorithm, first proposed by Chaum [22].

5.1 An Overview

  • The proposed protocol could be summarized as follows : 1. Before contacting the service provider in order to perform a transaction, the customer may compute the service provider’s reputation using the get reputation protocol.
  • If the customer decides to engage in a transaction, before a transaction takes place, the customer creates a new public key, derived from a private/public key pair, for the process.
  • Requiring some coins to be spent in order to receive a review helps to prevent ballot-stuffing attacks, as the SPs may, theoretically, issue an unlimited amount of tokens to themselves and could therefore submit an unlimited number of positive reviews for themselves.
  • Once the customer is ready to review the SP, he will broadcast a message containing the address of the SP, the token, along with the rating of the transaction and a written review, a signature on this information, as well as a pointer to the last review concerning the same service provider.
  • This is done via the publish review protocol.

5.2 Public key creation

  • Before the transaction takes place, the customer creates a new public key that will be used for one transaction only (similar to what is recommended for BitCoin addresses for example).
  • This will be the public part of an ECDSA key [23].

5.3 Blinded token exchange

  • Before the transaction takes place, the customer will receive a token from the SP that will guarantee that its review will be accepted.
  • For this purpose, the customer hashes the previously generated public key and requests a blind signature on this, for example using Okamoto’s provable blind signature scheme (in the complete, not partial blinding setup), or the much simpler Chaum’s blind signature algorithm.
  • This will make the token unlinkable to the transaction, and therefore guarantee the anonymity.
  • The authors suppose that the customer knows the public key of the SP.

5.4 Broadcasting the review

  • Once the transaction is finished, the customer might want to wait for some time (so that he is not the SP’s only customer for this period).
  • After this period of waiting, he might choose a rating for this transaction (say, an integer in [|0; 5|]) and write a review about it.
  • The review can give helpful information to prospective customers, explain a bad rating, and helps distinguishing between trustworthy and fake ratings.
  • This information will be broadcast in the network, along with the identifier of the SP, the token and the signature on the token.
  • This message will also contain the signature of the customer, and a pointer to the last review concerning the service provider.

5.5 Computing the reputation

  • In order to compute the reputation, a new customer only needs the last block containing a review about the SP whose reputation it seeks.
  • Once this block has been found, it is sufficient to follow the pointers in order to retrieve all the reviews about this SP.
  • For each review, the prospective customer might also verify the correctness of the blinded tokens.
  • Then, the customer can choose any aggregation function he wishes (mean, median, or beta-reputation [24]), and could also read the textual reviews in order to filter out outlier ratings (especially high or, more probably, especially low ratings).

6.1 Security Analysis

  • The authors list the theorems whose proof demonstrates that they achieve the security objectives of their protocol.
  • Ballot-stuffing attacks, however, cannot be completely mitigated, as a service provider can freely issue tokens.
  • Given a rating published in the blockchain concerning a given service provider, the identity from the customer that originated this rating is indistinguishable, from the service provider’s point of view, among all the customers that were previously involved in a transaction with that service provider.
  • The authors can devise a simple model that will give an idea of the indistinguishability of the customer reviews.

6.2 Robustness against generic attacks

  • The authors will explain how their proposed system copes with generic attacks against reputation systems : bad-mouthing, ballot stuffing, Sybil attacks, and whitewashing.
  • Ballot-stuffing Ballot stuffing is the opposite of bad-mouthing.
  • This attack consists in increasing one’s own reputation.
  • As the service providers generate the tokens that allow feedback-submission on their own, this attack could only partially be mitigated with the use of coins, as explained in the remark concerning token unforgeability.
  • As the initial reputation of a new service provider is 0, the service provider would not gain much from leaving and re-entering the system with a new identity.

7 Conclusion

  • Building a reputation system that is privacy-preserving without any trust assumptions is not a trivial task.
  • Such a system would be highly valuable, because there is much less risk that the privacy of the users could be breached.
  • The authors described such a reputation system for e-commerce applications, and analyzed the security guarantees.
  • Also, the authors must find a definite way to address the problem of information leakage concerning the time at which the reviews are submitted.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

HAL Id: hal-01369572
https://hal.inria.fr/hal-01369572
Submitted on 21 Sep 2016
HAL is a multi-disciplinary open access
archive for the deposit and dissemination of sci-
entic research documents, whether they are pub-
lished or not. The documents may come from
teaching and research institutions in France or
abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est
destinée au dépôt et à la diusion de documents
scientiques de niveau recherche, publiés ou non,
émanant des établissements d’enseignement et de
recherche français ou étrangers, des laboratoires
publics ou privés.
Distributed under a Creative Commons Attribution| 4.0 International License
A Trustless Privacy-Preserving Reputation System
Alexander Schaub, Rémi Bazin, Omar Hasan, Lionel Brunie
To cite this version:
Alexander Schaub, Rémi Bazin, Omar Hasan, Lionel Brunie. A Trustless Privacy-Preserving Reputa-
tion System. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016,
Ghent, Belgium. pp.398-411, �10.1007/978-3-319-33630-5_27�. �hal-01369572�

A trustless privacy-preserving reputation system
Alexander Schaub
1
, R´emi Bazin
1
, Omar Hasan
2
, and Lionel Brunie
2
1
Ecole polytechnique, 91128 Palaiseau, France
2
University of Lyon, CNRS, INSA-Lyon, LIRIS, UMR5205,
F-69621, France
Abstract. Reputation systems are crucial for distributed applications
in which users have to be made accountable for their actions, such as e-
commerce websites. However, existing systems often disclose the identity
of the raters, which might deter honest users from submitting reviews
out of fear of retaliation from the ratees. While many privacy-preserving
reputation systems have been proposed, we observe that none of them is
simultaneously truly decentralized, trustless, and suitable for real world
usage in, for example, e-commerce applications. In this paper, we present
a blockchain based decentralized privacy-preserving reputation system.
We demonstrate that our system provides correctness and security while
eliminating the need for users to trust any third parties or even fellow
users.
1 Introduction
These days, reputation systems are implemented in various websites, where they
are crucial for the customer experience. For instance, buyers are inclined to
pay more for goods if the seller has a good reputation [1]. One of the first
and best-studied systems in the e-commerce domain is the reputation system at
ebay.com [2]. Its main objective is to help prospective customers to determine
the trustworthiness of the sellers, and thus minimize the risk of fraud.
A study [2] showed that users may retaliate in case of negative feedback,
and thus raters are less likely to provide honest feedback. In order to avoid this
problem, several privacy preserving solutions have been proposed. Some of them
try to hide the identity of the ratee [3,4,5], while others try to hide the rating
[6,7,8] while making the aggregated reputation public.
While some of the existing privacy preserving reputation systems might be
suitable for e-commerce applications, we observe that each one of them comes
with its drawbacks. For example, Kerschbaum’s system [9] has been specifically
designed with e-commerce in mind. However, it is a centralized system, and thus
can potentially be abused by the central authority. Other schemes [8] achieve
anonymity even in this context, but are not trustless.
Given these considerations, we would like to achieve a trustless reputation
system, i.e. one that does not require the participants to trust other users or
entities to not disrupt the protocol or to breach their privacy. This privacy-
preserving reputation model should be suitable for e-commerce applications, and

we will therefore suppose that the identity of the customer is revealed during
the transactions that they can rate.
In order to achieve true trustlessness we also require our system to be de-
centralized. One way to obtain decentralization is to use a distributed database
in order to store the ratings submitted by the customers. We will achieve this
using blockchains.
The blockchain technology, which became popular thanks to the BitCoin
protocol [10], has been used in various applications. Among these applications,
we can count a domain name system (DNS) named Namecoin. The blockchain
can be more generally, as explained in [11], seen as a public distributed database,
with all the participants agreeing about its state in a secure manner. In BitCoin,
for example, this database serves to store a ledger of the coins that each user
owns, as well as the transactions between the users.
Anonymous reputation systems are a natural application for the blockchain
technology. There have already been some attempts at building such systems
[12], however, there seems to be no usable solution yet.
We will leverage this technology in order to achieve the objectives of our
reputation system. It will enable us to build a truly decentralized system, that
does not require the participants to trust other users, as the integrity of the
rating-history can be verified by every user.
We propose a truly trustless, decentralized, anonymity preserving reputation
system that is suitable for e-commerce applications. It is based on the blockchain
technology, and will induce low overhead for the processing of transactions, while
at the same time be robust and allow customers to submit ratings as well as tex-
tual reviews.
The rest of the paper is organized as follows. In Section 2, we will analyze
existing privacy-preserving systems and explain in further detail why they are
not suitable for e-commerce applications. In Section 3, we will explain the model
used for our system, and list the properties that we want to achieve. Then, in
Section 4, we will describe the necessary building blocks, and in Section 5, we
will present our system in detail. Finally, we will explain in Section 6, why this
system meets the expected goals. We conclude the paper in Section 7.
2 Related Work
Privacy preserving reputation systems have been studied in the literature for
a long time. One of the first proposed systems was designed by Pavlov et al.
[6] and uses primitives such as the secure sum and verifiable secret sharing. It
protects the confidentiality of the feedback by hiding the values of the submitted
ratings. Hasan et al. [8] later introduced a system based on additive homomor-
phic cryptography and Zero-Knowledge proofs where the privacy of a given user
can be preserved even in the presence of a large majority of malicious users. A

little later, Dimitriou et al. [7] proposed two protocols with a similar architec-
ture to the systems presented by Hasan et al., with slightly higher asymptotic
complexity, however, less demanding in terms of resources for the querier (he
has to relay less messages, verify less proofs, etc.).
Some protocols [6,8,7,13,14] are truly decentralized and the feedback is re-
trieved from the participants every time a querier wishes to learn the reputation
of another participant. Therefore, all the nodes have to stay online in order
to contribute to the reputation system, which is not suitable for e-commerce
applications, but might be useful in other contexts, such as P2P applications.
Hence, we will focus on privacy-preserving methods that completely hide the
identity of the raters. Protocols of such type do already exist, however each one of
them has its own weaknesses. The works of Androulaki et al. [13] and Petrlic et al.
[14], for example, are instances of pseudonym based schemes. Nonetheless, these
two require a Trusted Third Party (TTP), and are thus not truly decentralized.
As the TTP has to be completely trusted for certain operations, its misbehavior
could breach the privacy of the users or the correctness of the system.
Anceaume et al. [3,4] proposed slightly different solutions. Instead of all the
information about the reputation of the users being held by a single TTP, they
distribute the trust using a DHT-structure: every peer holds some part of the
information, which allows to compute the reputation of a service provider. More-
over, in their system, peers rate transactions between customers and service
providers, rather than directly rating service providers. This seems more suit-
able for e-commerce applications, as one would typically rate every transaction
made with a service provider, rather than periodically update their opinion on a
given service provider. It also allows to introduce proofs of transactions, which
guarantee (more or less) that only transactions that really took place can be
rated. However, as the service provider creates those proofs, it is complicated
to ensure that he doesn’t generate proofs for transactions that did not happen,
in order to submit positive reviews by himself and wrongfully increase his own
reputation. Anceaume’s and Lajoie-Mazenc’s systems only offer little protection
against these attacks. The system proposed in [4] also makes use of complicated
zero-knowledge proofs and is thus quite costly to perform (several seconds for
each participant, up to a minute in certain cases).
None of those protocols are trustless, and therefore need either the customers
or the service providers (or both) to trust some entities not to tamper with the
system or to break privacy, without being able to verify that there is no bad
behavior. We eliminate this weakness in the system that we present in this
paper.
3 Our model
3.1 Participants
For our system, we choose a model that is as close as possible to actual e-
commerce systems. As stated in Section 1, we will consider two types of users :

service providers (SP) who will sell goods or services, and customers who might
buy them. The most important part in e-commerce rating systems is the rating
of the service providers (as opposed to ratings from the seller about the buyer).
Therefore, we will only consider ratings from the customers about the SPs. Only
customers might be raters, and only SP will be ratees.
We will also suppose that the transaction will disclose the identity of the
customer : the SP will need the customer’s credentials, such as his credit card
number or address, in order to process the order. Even if the transaction is done
via an anonymous electronic currency such as Dashcoin or Zerocash, the service
provider will most certainly need the customer’s address in order to deliver the
good. We suppose that after every transaction between a customer and a SP,
the customer might rate the SP.
More formally, we will introduce the following notations :
S : The set of all the service providers (i.e. ratees)
C : The set of all the customers (i.e. raters)
P : The set of all the participants, P := S C. It is simply the set of all the
nodes participating in the network.
B : The blockchain.
As the blockchain defines an ordered set of blocks. A block is simply a set
of operations that are aggregated for maintenance reasons (it is more efficient
to store them this way). The blockchain can also be seen as a database whose
state will be the initial state (that is hard-coded) on which all the operations
contained in the subsequent blocks are applied.
Every time a new block is constituted, an award will be paid to the user that
constituted it. This works in a similar fashion as in the so-called “alt-coins”.
In our system, owning coins is mandatory in order to be allowed to receive
reputation. It also helps preventing spam and other kinds of attacks (as described
in section 6.2).
A : The set of all the addresses of the participants.
These addresses will be used for maintenance. Every service provider will
own one address. They will be used, in particular, to hold and spend the coins
generated by the blockchain, but also to identify the service providers.
Service providers will have a unique address, as issuing reputation tokens will
cost coins and owning an address is necessary in order to own and transfer them.
As a service provider will not gain anything from having more than one address
(see section 6.2 for more details), there is no need to try and enforce this policy.
Furthermore, it would be complex to enforce it in a decentralized fashion.
3.2 Operations
We will next describe the functions that are needed in our system. The protocols
that implement these functions will be described in the later sections. Most, if

Citations
More filters
Journal ArticleDOI
TL;DR: This work has presented a complete solution for blockchain-based Agriculture and Food (Agri-Food) supply chain that leverages the key features of blockchain and smart contracts, deployed over ethereum blockchain network.
Abstract: Supply chains are evolving into automated and highly complex networks and are becoming an important source of potential benefits in the modern world. At the same time, consumers are now more interested in food product quality. However, it is challenging to track the provenance of data and maintain its traceability throughout the supply chain network. The traditional supply chains are centralized and they depend on a third party for trading. These centralized systems lack transparency, accountability and auditability. In our proposed solution, we have presented a complete solution for blockchain-based Agriculture and Food (Agri-Food) supply chain. It leverages the key features of blockchain and smart contracts, deployed over ethereum blockchain network. Although blockchain provides immutability of data and records in the network, it still fails to solve some major problems in supply chain management like credibility of the involved entities, accountability of the trading process and traceability of the products. Therefore, there is a need of a reliable system that ensures traceability, trust and delivery mechanism in Agri-Food supply chain. In the proposed system, all transactions are written to blockchain which ultimately uploads the data to Interplanetary File Storage System (IPFS). The storage system returns a hash of the data which is stored on blockchain and ensures efficient, secure and reliable solution. Our system provides smart contracts along with their algorithms to show interaction of entities in the system. Furthermore, simulations and evaluation of smart contracts along with the security and vulnerability analyses are also presented in this work.

211 citations

Journal ArticleDOI
TL;DR: The survey covers privacy techniques in public and permissionless blockchains, e.g. Bitcoin and Ethereum, as well as privacy-preserving research proposals and solutions in permissioned and private blockchains.
Abstract: Blockchains offer a decentralized, immutable and verifiable ledger that can record transactions of digital assets, provoking a radical change in several innovative scenarios, such as smart cities, eHealth or eGovernment. However, blockchains are subject to different scalability, security and potential privacy issues, such as transaction linkability, crypto-keys management (e.g. recovery), on-chain data privacy, or compliance with privacy regulations (e.g. GDPR). To deal with these challenges, novel privacy-preserving solutions for blockchain based on crypto-privacy techniques are emerging to empower users with mechanisms to become anonymous and take control of their personal data during their digital transactions of any kind in the ledger, following a Self-Sovereign Identity (SSI) model. In this sense, this paper performs a systematic review of the current state of the art on privacy-preserving research solutions and mechanisms in blockchain, as well as the main associated privacy challenges in this promising and disrupting technology. The survey covers privacy techniques in public and permissionless blockchains, e.g. Bitcoin and Ethereum, as well as privacy-preserving research proposals and solutions in permissioned and private blockchains. Diverse blockchain scenarios are analyzed, encompassing, eGovernment, eHealth, cryptocurrencies, Smart cities, and Cooperative ITS.

203 citations

Journal ArticleDOI
TL;DR: Blockchain technology provides new opportunities for redesigning the reputation system and is effective in preventing bad mouthing and whitewashing attack, but they are limited in detecting ballot-stuffing under sybil attack, constant attacks and camouflage attack.
Abstract: The reputation system has been designed as an effective mechanism to reduce risks associated with online shopping for customers. However, it is vulnerable to rating fraud. Some raters may inject unfairly high or low ratings to the system so as to promote their own products or demote their competitors. This study explores the rating fraud by differentiating the subjective fraud from objective fraud. Then it discusses the effectiveness of blockchain technology in objective fraud and its limitation in subjective fraud, especially the rating fraud. Lastly, it systematically analyzes the robustness of blockchain-based reputation systems in each type of rating fraud. The detection of fraudulent raters is not easy since they can behave strategically to camouflage themselves. We explore the potential strengths and limitations of blockchain-based reputation systems under two attack goals: ballot-stuffing and bad-mouthing, and various attack models including constant attack, camouflage attack, whitewashing attack and sybil attack. Blockchain-based reputation systems are more robust against bad-mouthing than ballot-stuffing fraud. Blockchain technology provides new opportunities for redesigning the reputation system. Blockchain systems are very effective in preventing objective information fraud, such as loan application fraud, where fraudulent information is fact-based. However, their effectiveness is limited in subjective information fraud, such as rating fraud, where the ground-truth is not easily validated. Blockchain systems are effective in preventing bad mouthing and whitewashing attack, but they are limited in detecting ballot-stuffing under sybil attack, constant attacks and camouflage attack.

163 citations

Journal ArticleDOI
TL;DR: This paper proposes an anonymous reputation system that preserves consumer identities and individual review confidentialities in the consumer–retailer channel and is more efficient to offer high levels of privacy guarantees compared with existing ones.
Abstract: Industrial Internet of Things (IIoT) is revolutionizing the retail industry for manufacturers, suppliers, and retailers to improve operational efficiency and consumer experience. In IIoT-enabled retail marketing, reputation systems play a critical role to boost mutual trust among industrial entities and build consumer confidence. In this paper, we focus on reputation management in the consumer–retailer channel, where retailers can accumulate reputations from consumer feedbacks. To encourage consumers to post feedbacks without worrying about being tracked or retaliated, we propose an anonymous reputation system that preserves consumer identities and individual review confidentialities. To increase system transparency and reliability, we further exploit the tamper-proof nature and the distributed consensus mechanism of the blockchain technology. With system designs based on various cryptographic primitives and a Proof-of-Stake consensus protocol, our blockchain-based reputation system is more efficient to offer high levels of privacy guarantees compared with existing ones. Finally, we explore the implementation challenges of the blockchain-based architecture and present a proof-of-concept prototype system by Parity Ethereum. We measure the on/off -chain performance with the scalability discussion to demonstrate the feasibility of the proposed system.

156 citations

Journal ArticleDOI
TL;DR: This paper provides a systematic literature review on concrete blockchain use cases proposed by the research community and discusses and organize use cases from 159 selected papers into nine sectors recognized as crucial for sustainable and smart urban future.
Abstract: Blockchain is considered one of the most disruptive technologies of our time. Numerous cities around the world are launching blockchain initiatives as part of the overall efforts toward shaping the urban future. However, the infancy stage of the blockchain industry leads to a severe gap between the knowledge we have and the actions urban policy makers are taking. This paper is an effort to narrow this rift. We provide a systematic literature review on concrete blockchain use cases proposed by the research community. At the macro-level, we discuss and organize use cases from 159 selected papers into nine sectors recognized as crucial for sustainable and smart urban future. At the micro-level, we identify a component-based framework and analyze the design and prototypes of blockchain systems studied in a subset of 71 papers. The high-level use case review allows us to illustrate the relationship between them and the four pillars of urban sustainability: social, economic, environmental, and governmental. The system level analysis helps us highlight interesting inconsistencies between well-known blockchain applicability decision rules and the approaches taken by the literature. We also offer two classification methodologies for blockchain use cases and elaborate on how they can be applied to stimulate cross-sector insights in the blockchain knowledge domain.

141 citations

References
More filters
Proceedings ArticleDOI
27 Aug 2001
TL;DR: Results from theoretical analysis, simulations, and experiments show that Chord is scalable, with communication cost and the state maintained by each node scaling logarithmically with the number of Chord nodes.
Abstract: A fundamental problem that confronts peer-to-peer applications is to efficiently locate the node that stores a particular data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto a node. Data location can be easily implemented on top of Chord by associating a key with each data item, and storing the key/data item pair at the node to which the key maps. Chord adapts efficiently as nodes join and leave the system, and can answer queries even if the system is continuously changing. Results from theoretical analysis, simulations, and experiments show that Chord is scalable, with communication cost and the state maintained by each node scaling logarithmically with the number of Chord nodes.

10,286 citations

Book ChapterDOI
John R. Douceur1
07 Mar 2002
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.

4,816 citations

Proceedings ArticleDOI
20 May 2003
TL;DR: An algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads is described.
Abstract: Peer-to-peer file-sharing networks are currently receiving much attention as a means of sharing and distributing information. However, as recent experience shows, the anonymous, open nature of these networks offers an almost ideal environment for the spread of self-replicating inauthentic files.We describe an algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads. We present a distributed and secure method to compute global trust values, based on Power iteration. By having peers use these global trust values to choose the peers from whom they download, the network effectively identifies malicious peers and isolates them from the network.In simulations, this reputation system, called EigenTrust, has been shown to significantly decrease the number of inauthentic files on the network, even under a variety of conditions where malicious peers cooperate in an attempt to deliberately subvert the system.

3,715 citations

Proceedings ArticleDOI
18 May 2008
TL;DR: This work applies the de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service, and demonstrates that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset.
Abstract: We present a new class of statistical de- anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary's background knowledge We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information

2,241 citations

Journal ArticleDOI
TL;DR: The ANSI X9.62 ECDSA is described and related security, implementation, and interoperability issues are discussed, and the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves.
Abstract: The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard and in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponential-time algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues.

2,092 citations

Frequently Asked Questions (2)
Q1. What are the contributions mentioned in the paper "A trustless privacy-preserving reputation system" ?

In this paper, the authors present a blockchain based decentralized privacy-preserving reputation system. The authors demonstrate that their system provides correctness and security while eliminating the need for users to trust any third parties or even fellow users. 

Some points would still need attention in future work, such as the exact way of generating coins that would ensure that service providers have enough of them in order to be able to supply enough tokens for their customers, but at the same time still limit ballot-stuffing attacks.