Vulnerabilities of Decentralized Additive Reputation Systems Regarding the Privacy of Individual Votes
In this paper, we focus on attacks and defense mechanisms in additive reputation systems. We start by surveying the most important protocols that aim to provide privacy between individual voters. Then, we categorize attacks against additive reputation systems considering both malicious querying nodes and malicious reporting nodes that collaborate in order to undermine the vote privacy of the remaining users. To the best of our knowledge this is the first work that provides a description of such malicious behavior under both semi-honest and malicious model. In light of this analysis we demonstrate the inefficiencies of existing protocols.
KeywordsDecentralized reputation systems Security Voter privacy
Unable to display preview. Download preview PDF.
- 1.Pavlov, E., Rosenschein, J. S., & Topol, Z. (2004). Supporting privacy in decentralized additive reputation. In Second international conference on trust management (iTrust 2004).Google Scholar
- 2.Resnick, P., & Zeckhauser, R. (2002). Trust among strangers in Internet transactions: Empirical analysis of eBay’s reputation system. In The economics of the internet and E-commerce.Google Scholar
- 3.Chor, B., Goldwasser, S., Micali, S., & Awerbuch, B. (1985). Verifiable secret sharing and achieving simultaneity in the presence of faults. In 26th IEEE symposium on foundations of computer science (pp. 383–395).Google Scholar
- 4.Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Advances in cryptology—EUROCRYPT’99 (pp. 223–238). Berlin, Heidelberg: Springer.Google Scholar
- 5.Hasan, O., Brunie, L., & Bertino, E. (2010). k-Shares: A privacy preserving reputation protocol for decentralized environments. In the 25th IFIP international information security conference (SEC 2010) (pp. 253–264).Google Scholar
- 6.Dolev, S., Gilboa, S., & Kopeetsky, M. (2010). Computing multi-party trust privately: In O(n) time units sending one (possibly large) message at a time. In Proceedings of the 2010 ACM symposium on applied computing (SAC ’10), pp. 1460–1465. New York, NY: ACM.Google Scholar
- 7.Benaloh, J. (1994). Dense probabilistic encryption. In Proceedings of the workshop on selected areas of cryptography, pp. 120–128.Google Scholar
- 8.Pederson T. (1991) Non-interactive and information secure veriable secret sharing. Advances in Cryptology—Crypto 91: 129–140Google Scholar
- 9.Dolev, S., Gilboa, N., & Kopeetsky, M. (2010). Computing trust anonymously in the presence of curious users. In Proceedings of the international symposium on stochastic models in reliability engineering, life science and operations management. Beer Sheva: Sami Shamoon College of Engineering.Google Scholar
- 11.Weis, S. A. (2006). New foundations for efficient authentication, commutative cryptography, and private disjointness testing. PhD thesis, Massachusetts Institute of Technology.Google Scholar
- 12.Zhang, Y., Wong, W. K., Yiu, S. M., Mamoulis, N., & Cheung, D. W. (2011–2012). Lightweight privacy-preserving peer-to-peer data integration. Technical Report TR-2011-12.Google Scholar