Advertisement

Anonymity and Rewards in Peer Rating Systems

Conference paper
  • 246 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)

Abstract

When peers rate each other, they may rate inaccurately to boost their own reputation or unfairly lower another’s. This could be mitigated by having a reputation server incentivise accurate ratings with a reward. However, assigning rewards becomes challenging when ratings are anonymous, since the reputation server cannot tell which peers to reward for rating accurately. To address this, we propose an anonymous peer rating system in which users can be rewarded for accurate ratings, and we formally define its model and security requirements. In our system ratings are rewarded in batches, so that users claiming their rewards only reveal they authored one in this batch of ratings. To ensure the anonymity set of rewarded users is not reduced, we also split the reputation server into two entities, the Rewarder, who knows which ratings are rewarded, and the Reputation Holder, who knows which users were rewarded. We give a provably secure construction satisfying all the security properties required. For our construction we use a modification of a Direct Anonymous Attestation scheme to ensure that peers can prove their own reputation when rating others, and that multiple feedback on the same subject can be detected. We then use Linkable Ring Signatures to enable peers to be rewarded for their accurate ratings, while still ensuring that ratings are anonymous. Our work results in a system which allows accurate ratings to be rewarded, whilst still providing anonymity of ratings with respect to the central entities managing the system.

References

  1. 1.
    Gnutella. https://en.wikipedia.org/wiki/Gnutella. Accessed 30 Aug 2019
  2. 2.
    Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (Aug (2005)CrossRefGoogle Scholar
  3. 3.
    Androulaki, E., Choi, S.G., Bellovin, S.M., Malkin, T.: Reputation systems for anonymous networks. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 202–218. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-70630-4_13CrossRefGoogle Scholar
  4. 4.
    Backes, M., Döttling, N., Hanzlik, L., Kluczniak, K., Schneider, J.: Ring signatures: logarithmic-size, no setup—from standard assumptions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 281–311. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-17659-4_10CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_33CrossRefzbMATHGoogle Scholar
  6. 6.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30574-3_11CrossRefGoogle Scholar
  7. 7.
    Bernhard, D., Fuchsbauer, G., Ghadafi, E.M., Smart, N.P., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Secur. 12(3), 219–249 (2013)CrossRefGoogle Scholar
  8. 8.
    Bethencourt, J., Shi, E., Song, D.: Signatures of reputation. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 400–407. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14577-3_35CrossRefGoogle Scholar
  9. 9.
    Blömer, J., Bobolz, J., Diemert, D., Eidens, F.: Updatable anonymous credentials and applications to incentive systems. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 1671–1685. ACM Press, November 2019Google Scholar
  10. 10.
    Blömer, J., Eidens, F., Juhnke, J.: Practical, anonymous, and publicly linkable universally-composable reputation systems. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 470–490. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76953-0_25CrossRefGoogle Scholar
  11. 11.
    Blömer, J., Juhnke, J., Kolb, C.: Anonymous and publicly linkable reputation systems. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 478–488. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47854-7_29CrossRefGoogle Scholar
  12. 12.
    Bobolz, J., Eidens, F., Krenn, S., Slamanig, D., Striecks, C.: Privacy-preserving incentive systems with highly efficient point-collection. In: To Apppear at Proceedings of the 2020 ACM Asia Conference on Computer and Communications Security (2020)Google Scholar
  13. 13.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004, pp. 132–145. ACM Press, October 2004Google Scholar
  14. 14.
    Brinckman, A., et al.: Collaborative circuit designs using the CRAFT repository. Future Gener. Comput. Syst. 94, 841–853 (2019)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Kohlweiss, M., Rial, A., Sheedy, C.: Blind and anonymous identity-based encryption and authorised private searches on public key encrypted data. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 196–214. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00468-1_12CrossRefzbMATHGoogle Scholar
  16. 16.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-46416-6_22CrossRefGoogle Scholar
  17. 17.
    Chen, L., Li, Q., Martin, K.M., Ng, S.L.: A privacy-aware reputation-based announcement scheme for VANETs. In: 2013 IEEE 5th International Symposium on Wireless Vehicular Communications (WiVeC), pp. 1–5. IEEE (2013)Google Scholar
  18. 18.
    Chen, L., Li, Q., Martin, K.M., Ng, S.L.: Private reputation retrieval in public - a privacy-aware announcement scheme for vanets. IET Inf. Secur. 11(4), 204–210 (2017)CrossRefGoogle Scholar
  19. 19.
    Chuang, J.: Designing incentive mechanisms for peer-to-peer systems. In: 1st IEEE International Workshop on Grid Economics and Business Models, 2004, GECON 2004, pp. 67–81. IEEE (2004)Google Scholar
  20. 20.
    Cordero, C.G., et al.: Sphinx: a colluder-resistant trust mechanism for collaborative intrusion detection. IEEE Access 6, 72427–72438 (2018)CrossRefGoogle Scholar
  21. 21.
    Dellarocas, C.: Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: Proceedings of the 2nd ACM Conference on Electronic Commerce, March 2001Google Scholar
  22. 22.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45748-8_24CrossRefGoogle Scholar
  23. 23.
    El Kaafarani, A., Katsumata, S., Solomon, R.: Anonymous reputation systems achieving full dynamicity from lattices. In: Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC) (2018)Google Scholar
  24. 24.
    Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_10CrossRefGoogle Scholar
  25. 25.
    Garms, L., Martin, K.M., Ng, S.L.: Reputation schemes for pervasive social networks with anonymity. In: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust (PST 2017), pp. 1–6. IEEE, August 2017Google Scholar
  26. 26.
    Garms, L., Quaglia, E., Ng, S.L., Traverso, G.: Anonymity and rewards in peer rating systems. Cryptology ePrint Archive, Report 2020/790 (2020). https://eprint.iacr.org/2020/790
  27. 27.
    Garms, L., Quaglia, E.A.: A new approach to modelling centralised reputation systems. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 429–447. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-23696-0_22CrossRefGoogle Scholar
  28. 28.
    Giannoulis, M., Kondylakis, H., Marakakis, E.: Designing and implementing a collaborative health knowledge system. Expert Syst. Appl. 126, 277–294 (2019)CrossRefGoogle Scholar
  29. 29.
    Hartung, G., Hoffmann, M., Nagel, M., Rupp, A.: BBA+: improving the security and applicability of privacy-preserving point collection. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1925–1942. ACM Press (October/November 2017)Google Scholar
  30. 30.
    Hawley, M., Howard, P., Koelle, R., Saxton, P.: Collaborative security management: developing ideas in security management for air traffic control. In: 2013 International Conference on Availability, Reliability and Security, pp. 802–806 (September 2013)Google Scholar
  31. 31.
    Hoffman, K., Zage, D., Nita-Rotaru, C.: A survey of attack and defense techniques for reputation systems. ACM Comput. Surv. 42(1), 1–31 (2009)CrossRefGoogle Scholar
  32. 32.
    Hopwood, D., Bowe, S., Hornby, T., Wilcox, N.: Zcash protocol specification. Tech. rep. Zerocoin Electric Coin Company (2016)Google Scholar
  33. 33.
    Jager, T., Rupp, A.: Black-box accumulation: collecting incentives in a privacy-preserving way. PoPETs 2016(3), 62–82 (2016)Google Scholar
  34. 34.
    Jøsang, A., Golbeck, J.: Challenges for robust trust and reputation systems. In: 5th International Workshop on Security and Trust Management (STM 2009) (2009)Google Scholar
  35. 35.
    Libert, B., Paterson, K.G., Quaglia, E.A.: Anonymous broadcast encryption: adaptive security and efficient constructions in the standard model. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 206–224. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_13CrossRefGoogle Scholar
  36. 36.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-27800-9_28CrossRefGoogle Scholar
  37. 37.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-46513-8_14CrossRefGoogle Scholar
  38. 38.
    Mármol, F.G., Pérez, G.M.: Security threats scenarios in trust and reputation models for distributed systems. Comput. Secur. 28(7), 545–556 (2009)CrossRefGoogle Scholar
  39. 39.
    Milutinovic, M., Dacosta, I., Put, A., Decker, B.D.: uCentive: an efficient, anonymous and unlinkable incentives scheme. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 588–595 (2015)Google Scholar
  40. 40.
    Nabuco, O., Bonacin, R., Fugini, M., Martoglia, R.: Web2touch 2016: evolution and security of collaborative web knowledge. In: 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 214–216, June 2016Google Scholar
  41. 41.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_16CrossRefGoogle Scholar
  42. 42.
    Papaioannou, T.G., Stamoulis, G.D.: An incentives’ mechanism promoting truthful feedback in peer-to-peer systems. In: CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005, vol. 1, pp. 275–283, May 2005Google Scholar
  43. 43.
    Pavlov, E., Rosenschein, J.S., Topol, Z.: Supporting privacy in decentralized additive reputation systems. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 108–119. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24747-0_9CrossRefGoogle Scholar
  44. 44.
    Petrlic, R., Lutters, S., Sorge, C.: Privacy-preserving reputation management. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014, pp. 1712–1718. ACM, New York (2014)Google Scholar
  45. 45.
    Pingel, F., Steinbrecher, S.: Multilateral secure cross-community reputation systems for internet communities. In: Furnell, S., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 69–78. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85735-8_8CrossRefGoogle Scholar
  46. 46.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_32CrossRefGoogle Scholar
  47. 47.
    Schiffner, S., Clauß, S., Steinbrecher, S.: Privacy and liveliness for reputation systems. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 209–224. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-16441-5_14CrossRefGoogle Scholar
  48. 48.
    Sillaber, C., Sauerwein, C., Mussmann, A., Breu, R.: Data quality challenges and future research directions in threat intelligence sharing practice. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, WISCS 2016, pp. 65–70. ACM, New York (2016)Google Scholar
  49. 49.
    Sun, Y.L., Han, Z., Yu, W., Ray Liu, K.J.: Attacks on trust evaluation in distributed networks. In: 2006 40th Annual Conference on Information Sciences and Systems, pp. 1461–1466 (2006)Google Scholar
  50. 50.
    Traverso, G., Butin, D., Buchmann, J.A., Palesandro, A.: Coalition-resistant peer rating for long-term confidentiality. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–10, August 2018Google Scholar
  51. 51.
    Zhai, E., Wolinsky, D.I., Chen, R., Syta, E., Teng, C., Ford, B.: AnonRep: towards tracking-resistant anonymous reputation. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pp. 583–596. USENIX Association (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Royal Holloway, University of LondonEghamUK
  2. 2.CysecLausanneSwitzerland

Personalised recommendations