A rational delegating computation protocol based on reputation and smart contract

Abstract

The delegating computation has become an irreversible trend, together comes the pressing need for fairness and efficiency issues. To solve this problem, we leverage game theory to propose a smart contract-based solution. First, according to the behavioral preferences of the participants, we design an incentive contract to describe the motivation of the participants. Next, to satisfy the fairness of the rational delegating computation, we propose a rational delegating computation protocol based on reputation and smart contract. More specifically, rational participants are to gain the maximum utility and reach the Nash equilibrium in the protocol. Besides, we design a reputation mechanism with a reputation certificate, which measures the reputation from multiple dimensions. The reputation is used to assure the client’s trust in the computing party to improve the efficiency of the protocol. Then, we conduct a comprehensive experiment to evaluate the proposed protocol. The simulation and analysis results show that the proposed protocol solves the complex traditional verification problem. We also conduct a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network. Meanwhile, we prove the fairness and correctness of the protocol.

Introduction

With the rapid development of cloud computing [1–3], more and more attention is paid to data processing and storage capabilities. Some of these devices are computationally weak due to various resource constraints. As a consequence, there are tasks, which potentially could enlarge a device’s range of applications, that are beyond its reach. A solution is to delegate computations that are too expensive for one device, to other devices which are more powerful or numerous and connected to the same network [4]. The traditional delegating computation protocols generally assume that participants need to be honest or malicious. Honest participants always follow the rules of protocol during the execution process while malicious participants always violate the rules. A lot of participants are rational in the execution process, rational participants always choose the strategy to maximize their utilities. In addition, owing to the high cost of computation and communication complexity in the verification process of delegating computation, the efficiency of the protocol will be reduced.

Combining the game theory and traditional delegating computation, the rational delegating computation protocol is a part of rational cryptography. From the perspective of the participant’s self-interest, the protocol utilizes the utility functions to ensure the correctness and reliability of the calculation results, and the clients do not need to verify the calculation results to improve the efficiency of the protocol. In recent years, many scholars have conducted researches on rational delegating computation. Kupcu et al. [5] designed an incentive mechanism for rational delegating computation, which motivated the computing party to correctly executed the protocol and effectively prevented malicious computing parties from improper behavior. Zhang et al. [6, 7] combined game theory and safety entropy to design an entropy criterion model for rational secure two-party computation. This model selected the optimal utility function within the range of the safety entropy threshold through the relationship between safety entropy and utility function. Based on the fully homomorphic encryption scheme and a fully homomorphic signature scheme, Li et al. [8] proposed a new cloud data integrity verification scheme and a verifiable commissioned computing scheme, and proved the correctness and safety of these two schemes. Wang et al. [9] set a new incentive function by adding random values to the geometric reward function, which is used as a trade-off between fairness and incentive compatibility. Zhang et al. [10] introduced batch verifiable computation, which enables the simultaneous delegation of multiple functions. The authors constructed batch verifiable computation schemes that effectively reduce the requirement on cloud storage while preserving efficient client verification. But in the process of delegating computation, if the malicious participants do not follow rules in the protocol, then the benefits of honest participants will reduce. Therefore, how to ensure the fairness of the protocol and improve efficiency, which needs to be considered.

Recently, the fairness of delegating computation is one of the hot topics in current research, and the existing researches utilize a trusted third-party (e.g., bank [11], semi-trusted third-party [12, 13], trusted third-party [14, 15]) to overcome these issues. However, in the protocol process, with a third-party, the potential security problems will inevitably occur [16, 17], e.g., unreasonable Nash equilibrium, privacy leakage, and low efficiency. To eliminate the drawbacks, many researchers adopt smart contracts to realize the Peer-to-Peer (P2P) transaction between the clients and the computing parties [18]. Wang et al. [19] proposed an auditable fair payment protocol based on smart contract, which leverages the traceability and auditability of the blockchain to provide an efficient method for the assets in the entire transaction. Chen et al. [20] proposed a fair data exchange scheme based on blockchain, which guarantees transaction fairness and privacy protection when there is no trusted third-party, and realizes automatic exchange efficiently. Zhou et al. [21] combined the game theory with traditional delegating computation, established a game model with the reputation mechanism, and proposed a three-party game rational delegating computation protocol based on smart contracts. Dong et al. [22] combined game theory and smart contract to design a reasonable prisoner contract, collusion contract, and betrayal contract. In the contract, smart contracts replaced the trusted third-party to ensure the fairness of the payment process. Subsequently, to reduce the delegation computing overhead. Chen et al. [23] proposed a novel incentive-compatible rational delegation computing scheme. The lowest delegation overhead achieved by this scheme is only n/(2n−2) of that achieved by Dong’s scheme [22], where n means the number of servers. Besides, many scholars have studied the application of game theory in smart contracts [24–26], and discussed the security of data and models in detail [27]. However, in the process of delegation computation, different tasks or utilities have different impacts on the strategies of the computing parties, leading the client to get a different result. Consequently, it is an urgent task to select a reliable computing party by mining the difference in the preference of the computing party.

In the process of delegating computation, the reputation mechanism is designed to improve the reputation of honest participants and reduce the reputation of malicious participants. The reputation mechanism will reduce the probability of malicious participants being selected [28, 29]. Xiao et al. [30] designed a security system based on the behavior strategy of social norm and reputation system to motivate rational nodes, which motivated rational nodes to give up malicious behaviors for their interests. Zhao et al. [31] realized the confidentiality and reliability of data based on blockchain technology and reputation model. Wang et al. [32] proposed the impact of social cloud reputation and structure on rational computation, which ensures that a party with a good reputation means that they are likely to cooperate with others. The structure of the social cloud is not static. Instead, it evolutes when parties complete one round of computation. Jiang et al. [33] proposed a rational delegating computation based on reputation and contract theory, which ensures that the client selects a reliable computing party. Li et al. [34] proposed a blockchain-based trust mechanism for distributed IoT devices. In this mechanism, the trust level is quantified by regulating trust and risk degree. To solve the sparsity problem of social relationships and the additional risk of exposing the user’s privacy in the current social network, Kou et al. [35] proposed a new link prediction method based on the Simhash technology. Li et al. [36] proposed a fair payment protocol based on bitcoin time commitment, which ensures the fairness of participants’ payment by using bitcoin time commitment technology. However, in the process of selecting the computing party, the reputation of the computing party will be updated every round. Therefore, how to efficiently view the latest reputation of the computing party is a key issue that needs to be resolved.

To solve the aforementioned problems, we propose a rational delegating computation protocol based on reputation and smart contract, which realizes the optimal utility of all rational participants, and guarantees the correctness of the results and the fairness of the payment process. We analyze the strategies of participants and design a reasonable utility function. Then, we design incentive contracts to describe the motivations of participants, and construct a game tree to facilitate analysis of participants’ behavior and utility. Besides, we design a reputation mechanism that has a reputation certificate identification and allows reputation to be measured from multiple dimensions. More specifically, the reputation mechanism quantifies the reputation of the computing party from different dimensions, and uses reputation to ensure the trust of the client in the computing party. Meanwhile, the reputation mechanism has a reputation certificate identification, and the reputation certificate is used to improve the efficiency of the computing party to view historical reputation. We design a reputation mechanism to allow client to choose high-quality computing parties and reduce the possibility of choosing malicious participants. Our main contributions are as follows.

1. According to the behavioral preferences of the participants, we define a utility function and design an incentive contract to motivate the participants to choose the strategy honestly, which reaches a reasonable Nash equilibrium result and ensures that honest participants obtain the maximum utility in the protocol.

2. Based on the smart contract, we propose a rational delegating computation protocol, which realizes the fairness of rational delegating computation. And we design a reputation mechanism for the client to choose high-quality computing parties, which can measure the computing party’s reputation from different dimensions and improve the efficiency of the protocol.

3. We conduct a comprehensive experiment to evaluate the proposed protocol. The simulation results and analysis results show that the proposed protocol solves the complex traditional verification problem. In addition, we analyze our entire scheme and conclude that the overhead of the smart contract we design is extremely small. In a nutshell, our figures show that the total transaction cost for executing each contract is below $0.2.

The rest of this paper is organized as follows. In “Preliminaries” section, we introduce concepts such as delegation of computation, game theory, Nash equilibrium, and smart contract. “Incentive contract” section proposes an incentive contract based on a smart contract. “The proposed reputation scheme” section establishes a reputation mechanism that is convenient for the client to choose the computing party. “Protocol proof” section proves the fairness and correctness of the protocol. In “Simulations and results” section, we calculate the cost of the contract and analyze the performance of the protocol. Finally, we draw the conclusion of this work and discuss the future work in “Conclusion” section.

Preliminaries

In this section, we introduce the basic knowledge needed for our scheme. Firstly, we introduce the concept of the delegation of computation and standard game. Furthermore, we review the most important concept in game theory, i.e., the Nash equilibrium. Finally, we introduce some notations and a system model.

Delegation computation

Definition 1 (Delegation Computation). Delegation computation is also called verifiable computation, which refers to that the client C_d sends the delegation task X and function f(·) to the computing parties C, which receives it and uses its resources to calculate f(X), and returns the result Y=f(X) to C_d. At the same time, the calculation results obtained are verifiable. This verification process is much more efficient than the local calculation. Otherwise, it loses the sense of delegation of computation [37].

Game theory

Definition 2 (Standard Game). The standard form of a n-player game is composed of three elements: player set P, strategy space S and utility function u, denoted as G={P,S,u}, where P={P₁,⋯,P_n},S={S₁,⋯,S_n},u={u₁,⋯,u_n}. Any specific strategy s_i∈S_i indicates that strategy s_i is the key element of the strategy set S_i, and utility function u:S→R denotes the profits of the players i under different strategy profiles [38].

Definition 3 (Nash Equilibrium). A strategy profile \(s^{*}=\{s_{1}^{*},\cdots,s_{n}^{*}\}\) is a Nash equilibrium of game G={P,S,u}, if \(u_{i}(s_{i}^{*},s_{-i}^{*}) \ge u_{j}(s_{j}^{*},s_{-j}^{*})\) holds for each player P_i(i=1,⋯,n) and all s_j∈S_i. Obviously, if player i≠j complies with the strategy \(s_{i}^{*}\), then the player will not deviate from the strategy \(s_{j}^{*}\), as it will not benefit at all. In principle, there may be multiple Nash equilibrium in a game [38].

Smart contract

Definition 4 (Smart Contract). Cryptocurrencies are a type of digital currency used for decentralized network transactions. Cryptocurrencies are based on a new type of blockchain technology, which enables blockchain transactions to be conducted through the Internet without a trusted third party. With the development of the blockchain, the first decentralized cryptocurrency that emerged was Bitcoin, which began to be used for transactions on the blockchain. The rise of the blockchain has caused the value of Bitcoin to continue to rise. Later, the development of Ethereum appeared, using Ether for transactions, and also proposed smart contract to ensure the fairness of transactions [39].

Smart contracts are in the blockchain environment, allowing the definition and execution of contracts signed on the blockchain. It is the automated execution of the contract, and its essence is a piece of code written on the blockchain. The smart contract is the basis of the program-ability of blockchain, and each node does not rely on a third-party to automatically execute the contract. Broadly speaking, a smart contract is a set of rules encoded in a programming language. Once the execution requirements of the code are met, the script will be automatically executed to realize the operation, and this process does not require the participation of a trusted third-party [40].

Ethereum is an open-source public blockchain platform with smart contract functions. It provides a decentralized Ethereum virtual machine through its dedicated cryptocurrency Ether to process peer-to-peer contracts. In Ethereum, a transaction refers to sending a transaction from one account to another. Each transaction includes the sender’s signature, the receiver’s signature, and the amount of money sent. When users send a transaction, they need to pay a certain transaction fee (gas) for the execution of this transaction. The purpose is to prevent users from sending too many meaningless transactions on the blockchain. When the execution of a transaction requires complex and tedious calculation steps, the more gas the transaction consumes, after the transaction is executed, if the gas paid is not consumed, it will be returned to the account of the transaction initiator [41].

System model

In this part, we give a system model to describe our scheme. The system model considered in our construction comprises one client denoted by C_d and multiple computing parties denoted by {C₁,C₂,⋯,C_n}. However, not all computing parties participate in the calculation, and the client selects two computing parties with high reputation to participate in the task based on the reputation. Before describing the system model in detail, we describe the parameters and concepts required in this solution. Some notions are explained in Table 1.

Table 1 Notations

As illustrated in Fig. 1, the system model consists of eight steps. First, the client broadcasts the calculation task to the computing party, and includes the return time of the calculation task and the amount paid. The computing party views the calculation task, and the interested computing party will respond to the request. Next, the client will select two computing parties with a high reputation based on the reputation to perform the task, In short, the reputation (reputation evaluation scheme is given in The proposed reputation scheme) is the basis for the computing party to obtain the task, and the rational computing party must perform the task with an honest strategy to improve its reputation if it wants to obtain the task. Then, the client chooses the computing party and signs a contract with them. According to the content of the signed contract (incentive contract design is given in Incentive contract), the client and the computing party respectively deposit the deposit stipulated in the contract into the smart contract. In other words, each participant must pay a deposit to join the contract, otherwise, the contract will be terminated if the deposit is not paid. Additionally, participants receive deposit rewards for being honest. Conversely, the deposit will be confiscated if participants behave dishonestly. What’s more, depositing a deposit provides a guarantee for the following calculations, and then the computing party performs the task and sends the calculation result to the client. The client determines whether the computing party has performed the task correctly by cross-validation, and makes the corresponding response and payment. Finally, according to the interactive behavior of the computing party, the client updates and uploads the reputation of the computing party.

Fig. 1

The system model

Incentive contract

In this section, we first give the deposit variables in the incentive contract. Then, we design the detailed process of delegating computation based on smart contracts and propose an incentive contract. Finally, we conduct a detailed analysis of the content of the incentive contract.

Deposit variables

We define some deposit variables required in the incentive contract in Table 2, and these deposit variables are all non-negative.

Table 2 Deposit variables

The following relations are obvious.

(1) g−v>0. The computing party does not accept under-paid jobs. The calculation cost that the computing party needs to spend is c, and the computing party does not accept a job that is lower than the calculation cost.

(2) r−2c>0. The cost of calling the TTP by the client is higher than the cost paid to the two computing parties. Otherwise, the client will not choose the computing party to calculate the delegated task, and the client will choose to use TTP for calculation.

Contract content

Due to the characteristics of rational participants maximizing their utility, we analyze the strategies of rational participants and define the utility function. We introduce the specific content of the incentive contract, and we analyze each step in detail by studying the utility function of rational players. The content and steps of the contract are as follows.

Contract analysis

In the protocol, if the participants meet the terms of the contract, they continue to execute the contract. Otherwise, the contract terminates. We analyze the behavioral strategies of the participants in the contract. Our contract analysis process is as follows.

Game tree

From the previous analysis, the computing party has different strategy choices in the calculation process, and different strategy choices will result in different utility functions. For this reason, we construct the game tree for the computing party, and the game tree is shown in Fig. 2.

Fig. 2

The game tree

We analyze the payment game model in the delegating computation process from the perspective of game theory. C₁ and C₂ represent two computing parties, which have three behavior strategies, namely {honest,dishonest,randomvalue}. The honest behavior strategy means that the computing party honestly performs the calculation task and returns the result to the client within the specified time; dishonest behavior strategy indicates that the computing party maliciously performs the calculation task and returns to the client or fails to return the calculation result to the client within the specified time; randomvalue behavior strategy means that the computing party returns a random value to the client without calculation. More specifically, the computing party chooses different strategies to obtain different utilities. For instance, if both C₁ and C₂ choose the honest strategy, C₁’s utility is u(g−v), and C₂’s utility is u(g−v). However, if C₁ chooses the honest strategy and C₂ chooses the dishonest strategy, C₁’s utility is u(g+c−v), and C₂’s utility is u(−c−v). In short, there are nine such situations (see Fig. 2 for details). The red line in the game tree represents the Nash equilibrium path. When C₁ and C₂ are honest behavior strategies, it reaches node n₆, that is, the game reaches the Nash equilibrium. The gray node represents the utility function of C₁ and C₂ to reach the Nash equilibrium. uc₁ represents the C₁ utility function, and uc₂ represents the C₂ utility function.

The proposed reputation scheme

In this part, the reputation mechanism mainly includes five stages. First, we define the format of the reputation certificate. Next, the client selects the appropriate computing party to compute the task according to the reputation. Then, the client evaluates the current reputation based on the computing party’s honesty, and the client computes the global reputation. Finally, the computing party updates the reputation certificate.

Reputation certificate

In the delegating computation process, the client selects the appropriate computing party according to its task requirements. In a reputation mechanism with a reputation certificate, the computing party has a high-quality reputation as the basis for obtaining the task. Generally, the reputation of the computing party is higher, the probability of being selected is greater. The reputation certificate format is shown in Table 3.

Table 3 Reputation certificate

Search of historical reputation

At this stage, the client publishes a task to the computing party, and the interested computing party returns a response request. At the same time, the computing party generates the latest reputation certificate to obtain the task. Next, for the response requests returned by many computing parties, the client will select two computing parties with high reputations to perform the task based on the reputation. In other words, if the computing party wants to obtain a task, the computing party must perform the task honestly to improve its reputation. The format of the new reputation certificate is shown in formula 1.

$$ CRC_{C,n+1} = IDc || R_{n+1} || HRV_{n} || Sig_{n}(IDc || R_{n+1} || HRV_{n}) $$

(1)

Evaluation of current reputation

Usually, the computing party will choose different strategies according to different tasks and utilities, resulting in them having different reputations. Reputation is whether the computing party’s behavior is honest or not after each round of tasks. In general, the computing party has two reputation statuses: honest or malicious. Specifically, when the computing party’s reputation in round t+1 is higher than that in round t, i.e. \(L_{rep_{t+1}} \ge L_{rep_{t}}\), we consider the computing party to be honest. On the contrary, when the computing party’s reputation in round t+1 is lower than round t, i.e. \(L_{rep_{t+1}} \le L_{rep_{t}}\), we consider the computing party to be malicious. The evaluation of reputation is shown in formula 2 below.

$$ L_{rep_{t+1}} = \alpha_{i,t}\left[\frac{H}{S}*D(r)*A(r)*T(r)\right] $$

(2)

Let α_i,t be the client C_d interactive evaluation to the computing party C_i in round t, here, α_i,t∈{0,1,−1}. In order to reward the computing party who performed well in the execution of the task and punish the computing party who failed to complete the task as required, we propose formula 3 as follows.

$$ \left\{ \begin{array}{ll} \alpha_{i,t} =\hspace{0.7em} 1, & L_{rep_{i,t}} = \frac{H}{S}*D(r)*A(r)*T(r) \\ \alpha_{i,t} =\hspace{0.7em} 0, & L_{rep_{i,t}} = 0 \\ \alpha_{i,t} = -1, & L_{rep_{i,t}} = -\left[\frac{H}{S}*D(r)*A(r)*T(r)\right] \end{array} \right. $$

(3)

If and only if there is no any interaction between the client C_d and the computing party \(\phantom {\dot {i}\!}C_{i}, L_{rep_{i,t}}=0\). Obviously, for any C_i, when t=0,α_i,t=0, then \(L_{rep_{i,t}}=0\). If and only if the computing party C_i honestly performs the delegation task in round t, α_i,t=1, then \(L_{rep_{i,t}}=\frac {H}{S}*D(r)*A(r)*T(r)\). Conversely, if and only if the computing party C_i is behaves dishonestly in round t, α_i,t=−1, then \(L_{rep_{i,t}}=-\left [\frac {H}{S}*D(r)*A(r)*T(r)\right ]\).

Where, \(L_{rep_{i,t}}\) satisfies \(-1 \le L_{rep_{i,t}} \le 1, L_{rep_{i,t}}\) is the reputation of the current round, H represents the number of honest calculations by the computing party, S represents the total number of calculations by the computing party, D(r) represents the complexity coefficient of the delegating computation and satisfies 0≤D(r)≤1,A(r) represents the benefit coefficient of the delegating computation and satisfies 0≤A(r)≤1,T(r) represents the time to submit the result of the calculation.

(1) When \(L_{rep_{i,t}}=-1\), it means that C_i is completely malicious in the process of delegating computation of round t.

(2) When \(L_{rep_{i,t}}=0\), it means that there is no interaction between C_d and C_i in the process of delegating computation of round t.

(3) When \(L_{rep_{i,t}}=1\), it means that C_i is completely honest in the delegating computation of round t.

Computation of global reputation

In this stage, after the client evaluates the reputation of the current round, the client computes the global reputation according to the historical reputation and the reputation of the current round. The computation of global reputation is shown in formula 4.

$$ G_{rep_{n+1}} = G_{rep_{n}} + L_{rep_{n+1}} $$

(4)

\(G_{rep_{n+1}}\) represents the global reputation of the computing party, and \(G_{rep_{n}}\) represents the global reputation of the computing party in the last round.

Update of reputation certificate

Finally, the client signs the global reputation of the computing party and uploads it to the blockchain. Then, the computing party updates the content of its reputation certificate, which facilitates the generation of the latest reputation certificate for the next round of tasks. The format of the latest reputation certificate is shown in formula 5 below.

$$ CRC_{C,n+1} = CRC_{C-C_{d},n+1} || Sig_{n}(CRC_{C-C_{d},n+1}) $$

(5)

Protocol proof

In this section, we prove the protocol in detail from the two aspects of fairness and correctness of the protocol. More details are given in “Fairness proof” section and “Correctness proof” section.

Fairness proof

Theorem 1. The rational delegating computation protocol based on smart contract is fair.

Proof of Theorem 1. To ensure the fairness of the protocol, at the initial stage of the protocol, the client and the computing party respectively pay a deposit of (2g+r,c) to the smart contract. In the payment process of delegating computation, there are four cases as follows:

Case 1: When the computing party is honest, the smart contract transfers the deposit g to the computing party’s account.

Case 2: When the computing party is malicious, the smart contract confiscates the malicious computing party’s deposit c and transfers deposit c to the client’s account.

Case 3: When the client is malicious, the smart contract confiscates the deposit 2g and transfers deposit g to the two computing parties’ account respectively.

Case 4: When the client is honest, the client can get the correct calculation result.

In order to avoid the situation that the third-party is dishonest or bought off, based on the smart contract technology, we construct a rational delegating computation protocol to achieve fairness.

Correctness proof

Theorem 2. The rational delegating computation protocol based on smart contract is correct.

Proof of Theorem 2. There are three cases for the proof as following:

(1) When C₁ chooses the honest strategy, if C₂ chooses the honest strategy, the utility is u(g−v); else if C₂ chooses the randomvalue strategy, the utility is u(−c); else C₂ chooses the dishonest strategy, the utility is u(−c−v); which is u(g−v)>u(−c)>u(−c−v).

(2) When C₁ chooses the dishonest strategy, if C₂ chooses the honest strategy, the utility is u(g+c−v); else if C₂ chooses the randomvalue strategy, the utility is u(−c); else C₂ chooses the dishonest strategy, the utility is u(−c−v); which is u(g+c−v)>u(−c)>u(−c−v).

(3) When C₁ chooses the randomvalue strategy, if C₂ chooses the honest strategy, the utility is u(g+c−v); else if C₂ chooses the randomvalue strategy, the utility is u(−c); else C₂ chooses the dishonest strategy, the utility is u(−c−v); which is u(g+c−v)>u(−c)>u(−c−v).

Similarly, C₂ also has the above three cases. According to the protocol analysis, only when participants choose the honest strategy, maximizing their utility and reach Nash equilibrium.

Simulations and results

In this section, we utilize the MATLAB software to simulate the computing party’s reputation changes and the time cost of delegating computation. And, we simulate the smart contract on the Ethereum, then we analyze the overhead of the entire scheme and analyze the performance of the protocol.

Experiments

In the simulation process of computing party reputation, we assume that there are three computing parties (i.e., C₁,C₂, and C^′) and set their initial reputation to 60 points. As can be seen from Fig. 3, C^′ does not participate in the calculation, so the initial reputation is maintained. In rounds 1-4, when C₁ and C₂ choose the honest strategy to the same degree, their reputation increases at a similar rate. In the fifth round, with the increase of difficulty and interest, C₁ continues to be honest and C₂ chooses to cheat. In consequence, C₁’s reputation increases while C₂’s reputation decreases. In the later rounds, C₁ and C₁ are both honest, so their reputation keeps growing.

Fig. 3

Computing party’s reputation changes

The experimental result reveals that the reputation change in Fig. 3. If the computing party’s strategy choice is honest, the computing party’s reputation will always keep rising steadily. Conversely, if the computing party’s strategy choice is malicious, the computing party’s reputation will continue to decline, and this will affect the client’s distrust of the computing party in the process of rational delegating computation.

We compare the time overhead required for different numbers of logarithmic operations using traditional delegating computation and our protocol. In the traditional delegating computation protocol, the client needs to verify the returned result, so it will consume a lot of verification time. However, the client does not need to verify the results in our proposed protocol. As shown in Fig. 4, we find that the rational delegating computation consumes less time than traditional delegating computation. Meanwhile, with the increase of the number of delegates, the gap between them increases and the computation efficiency of the rational delegating computation is higher than before.

Fig. 4

Time cost of delegating computation

Overhead

We show the cost of setting up and executing the contracts on the offical Ethereum network. Cost is measured in terms of gas in the smart contract. The gas price is 1 Gas = 1 Gwei (1×10⁻⁹ ether) in all transactions, where the current exchange rate is 1 ether = 270.16 USD. We show the cost of executing the functions in Table 4.

Table 4 Cost of using the smart contracts

As we can see, the financial cost for using the smart contracts on the Ethereum network is low. The initialization ($0.111) is used to initialize the contract, we find other functions cost less. Our figures show that the total transaction cost for executing each contract is below $0.2.

Performance analysis

Table 5 shows the comparison of the rational delegating computation protocol in the proposed scheme and the existing delegating computation protocol. Comparing from the computational complexity, communication complexity, privacy, fairness of client, and fairness of computing party. Here, “\(\checkmark \)” satisfies the performance and “X” dissatisfies the performance.

Table 5 The comparison of protocol

Xu et al. [12] proposed to use an honest but curious third-party to help verify the task results, which ensures the fairness of the client. Its computational complexity is O(n) and communication complexity is O(n) (n is the length of the result). In fact, the scheme uses a third-party to verify the calculation results, which is easy to leak the privacy of participants, and it cannot guarantee that the computing party can get the service fee, so the fairness of the computing party cannot be guaranteed.

Huang et al. [13] constructed a fair payment protocol based on bitcoin and commitment sampling technology. Its computational complexity is O(1) and communication complexity is O(1). The scheme introduced a semi-trusted third-party to help the client get back the deposit, but it is easy to leak the privacy of participants.

Yin et al. [15] designed a rational delegating computation protocol based on Micali-Rabin’s random vector representation technique. Its computational complexity is O(1) and communication complexity is O(1). The protocol guarantees fairness in the form of deposits deposited by participants. However, there is a trusted third party in the protocol, which easily reveals the privacy of participants.

We propose a rational delegating computation protocol based on smart contract, the computational complexity is O(1) and the communication complexity is O(1). This protocol is based on smart contract to realize the fairness of delegating computation and protect the privacy of participants. We use the utility function to constrain the participants to execute the strategy honestly and ensure the correctness and reliability of the calculation results. In addition, we design a reputation mechanism that measures reputation from multiple dimensions. This reputation mechanism provides reputation certificate identification, which improves the communication efficiency of the protocol.

Conclusion

Combining game theory with smart contract, in this paper, we propose a rational delegating computation protocol based on reputation and smart contract. More specifically, we analyze the strategies of participants, then we utilize smart contracts to substitute the third-party to ensure the fairness of protocol. What’s more, we define a utility function and design an incentive contract to motivate the participants to choose the strategy honestly, which reaches a reasonable Nash equilibrium result. In other words, each participant must pay a deposit to join the contract, and participants will be rewarded for being honest. Conversely, the deposit will be confiscated if participants behave dishonestly. Also, the simulations show, it is feasible to use smart contracts to implement the incentive mechanisms, and the total cost of using smart contracts is extremely low. In addition, we design a reputation scheme, which can measure the reputation from different dimensions to ensure the client chooses a reliable computing party.

In this paper, we use a cross-validation method to verify the calculation results returned by the computing party, which causes the client to pay the calculation fee to the two computing parties, which is very expensive for the client. One future direction would be to combine the time prediction [42] with the measurement of the participant’s behavioral uncertainty [43], to verify the computing party with a high reputation with a low verification probability, and reduce the computation cost to a computing party. Another future direction would be to extend our scheme to the rational delegation of computation like [23]. Our work will focus on reducing the cost of the computing party. We will try to reduce the delegation cost to a smaller amount.