2 Model

Technical Whitepaper

2 Model

Our ledger protocol is among a set of parties = {P₁,…,P_n}. A subset ˆ
P of the parties, called reputation parties, have a distinguished role in the protocol, and are tasked with proposing and confirming blocks to be added in the blockchain. To avoid overcomplicating our description, we describe our protocol here for a static set of parties; in the appendix we discuss how this set can be dynamically updatable, similar to the dynamic participation of [65, 16]. As is common in the blockchain literature, our statements are in the random oracle model, where a hash function is assumed to behave as a random function. As a setup, we assume that all parties have the genesis block which includes sufficient initial randomness and the reference reputation-system. In terms of cryptographic assumptions we will assume existentially unforgeable digital signatures [51] along with pseudorandom function. Efficient (and even post-quantum) variants of these primitives are known to exist under standard complexity assumptions, namely, existence of one-way functions or hardness of lattice problems.

2.1 Communication and Synchrony.

We assume synchronous communication, where messages sent by honest parties in some round are delivered by the beginning of the following round, and a rushing adversary [32]. The protocol timeline which is divided into slots, where each slot consists of a fixed number of rounds. An epoch consist of a predefined number of slots. We assume a cryptographic adversary who gets to actively corrupt parties—i.e., takes full control over them.

Parties have two means of communicating. (1) A diffusion (multicast) network available to everyone in , build by means of a standard flooding/gossiping protocol over a (potentially incomplete but) connected communication graph of unicast channels [18]—this is similar to [74, 18], Ethereum [30], Cardano/Ouroboros [65, 16], Algorand [49], Thunderella [79], etc. For simplicity, we abstract this network by means of a zero-delay multi-cast primitive (cf [18]): When an honest party multicasts a message, this message is delivered to all (honest) parties in the network by the beginning of the following round.² We note that one can use techniques from the blockchain literature [16, 49, 49] to relax this perfect synchrony assumption—at the cost of a stricter feasibility condition on the reputation system. A discussion of such a relaxation is included in the appendix. (2) The second type of communication is among reputation parties. These parties have known physical identities (e.g., IP addresses) and can communicate through direct channels, without flooding (e.g., via TCP/IP). We remark that existence of such channels is not necessary for our security analysis—if they are there, they can be used otherwise, communication via the diffusion network is sufficient for security. However, if they do exist and are used then can considerably reduce the traffic and yield a more scalable/efficient solution, as discussed in the introduction.

2.2 Reputation Systems.

A reputation system Rep for m = O(k) reputation parties from a set ˆ
P = { ˆ
P ₁,…, ˆ
P _m} is a family of probability distributions (parameterized by m) over binary reputation vectors of length m, i.e., vectors of the type (h₁,…,h_m) ∈{0,1}^m.³ Each h_i is an indicator bit which takes the value 1 if _i is honest and 0, otherwise. For example, Pr[(h₁,…,h_m) = (0,…,0,1)] = 0.6 means that with probability 0.6 every reputation party except _m is dishonest. We consider two types of reputation systems: A static reputation system is a probability distribution as discussed above. This is similar to the reputation system considered in [13]. A dynamic reputation system instead is a sequence (ensemble) Rep = {Rep_ρ}_ρ∈ℕ of distributions, where each Rep_ρ is a static reputation system for a set _ρ of m_ρ ∈ ℕ reputation parties. Such dynamic reputation systems are useful in an evolving and reactive primitive such as a ledger protocol, where the reputation of parties might change depending on their behavior in the system and/or other exogenous factors.

We focus on the setting where each h_i corresponds to the output of an independent indicator random variable H_i, i.e., whether or not a reputation party _i behaves honestly does not depend on what other reputation parties do. In this case, a static reputation system can be described by a vector of m numbers between 0 and 1, i.e., Rep = (R₁,…,R_m) ∈ [0,1]^m, where the interpretation of Rep is that with probability equal to R_i the party _i will play honestly (i.e., Pr[H_i = 1] = R_i).⁴ We then say that R_i is the reputation of party _i. We refer to such a reputation system as a correlation-free reputation system. In the following we provide more details of the corruption capabilities that a correlation-free reputation system (static or dynamic) gives to the adversary.

The adversary’s corruption capabilities are specified by the reputation system. A static reputation-bounded adversary for reputation system Rep, also referred to as a static Rep-adversary, corrupts the set of parties at the beginning of the protocol according to Rep, and sticks to this choice. In particular, given a reputation system Rep for m reputation parties, corruption with a static adversary occurs as follows: A vector (h₁,…,h_m) ∈{0,1}^m is sampled according to the distribution defined in Rep, and for each h_i = 0 the reputation party _i ∈ is corrupted by the adversary. For dynamic reputation systems, a stronger type of adversary, which we call epoch-resettable adversary corrupts a completely new set of parties at the beginning of each epoch, according to the reputation system at the beginning of that epoch—this is similarly to mobile adversaries [77]. Here we focus our analysis to the static case; an extension to epoch-resettable adversaries is discussed in the appendix.

2.3 Establishing and Updating the Reputation System

Möbby users will always be able to send and receive tokens without having reputation; however, only parties with non-zero reputation, who mark themselves as available will be able to participate in the PoR protocol. At initial mainnet launch, the reputation of parties is decided by the genesis block, PoR participation is restricted to core Möbby nodes, and no block reward is distributed. Taking a gradual approach to decentralization ensures the stability of our blockchain. In the decentralized phase, parties will be able to obtain initial reputation via known external reputation sources, such as known reputation aggregate sites like Yelp and Amazon. An individual party’s reputation can then increase by importing reputation from external reputation sources. This will account for a small fraction of the party’s reputation on our PoR blockchain. Moreover, a party can increase their reputation by participating correctly in the PoR protocol, or having an endorsed reputation party participate honestly in the protocol. The reputation increase from an endorsement is distributed among the endorsed party and their endorsers. Lastly, a party’s effective reputation is increased when they receive reputation endorsements from other parties.

On the other hand, parties can lose reputation by being accused with evidence of misbehaviour in the PoR or fallback PoS protocols—an example of evidence being signatures of two conflicting transaction sets in the PoR protocol. This significantly reduces the party’s reputation. A party can also lose reputation by endorsing a reputation party, who misbehaves in the PoR or PoS protocols (even if the endorser does not misbehave themselves). While the reputation penalty is less for the endorsers than the misbehaving party, this penalty incentivizes parties to only endorse parties who they trust to behave honestly and prevent attackers from taking advantage of the endorsement system. Lastly, a party’s effective reputation is decreased if they lose endorsements from other parties.

Fig. 4: Summary of how reputation changes.

2.4 PoR-blockchain

We assume a (dynamically updatable) set of parties where a subset ⊆ of them are special parties called reputation parties. The parties wish to leverage the reputation of the reputation parties to securely maintain a ledger containing a sequence of blocks, each block containing a collection of messages that can represent arbitrary data (throughout this paper, we refer to this data as transactions).⁵

Informally, a reputation system for a party set is similar to a probabilistic adversary structure [47]: It assigns to each subset of a probability that this subset is corrupted by the adversary—we consider active, aka Byzantine, corruption. In its simplest form, which we refer to as static correlation-free, a reputation system can be described by a vector of || independent boolean random variables. The probability that the ith variable is 1 is the probability that the i-th party in —in a given canonical ordering, e.g., using the party-IDs—is honest. This is similar to independent reputation systems investigated in [13]. We also extend this notion by allowing the reputation to evolve as rounds advance, yielding a dynamic reputation system. The update happens in an epoch-based manner, where an epoch consists of a fixed number of rounds. To capture feasibility of PoR-based consensus, we introduce the notion of a feasible reputation system (cf. Definition 2) which for static reputation systems requires that there is a party-sampling algorithm, such that the probability that a super-majority of the selected parties is honest is overwhelming. (This is analogous to the feasibility condition from [13].)

Our ledger protocol proceeds in rounds. Each block is associated with a slot, where a slot lasts a predefined number of rounds. We use the reputation system as follows (we restrict the discussion here to static correlation-free reputation): The contents of the genesis block—which is assumed to be available to any party joining the protocol and includes the (initial) reputation system along with a random nonce—are hashed to generate common randomness used in the first epoch. Since every party is assumed access to the genesis block, every party can locally run a lottery which is “biased” by the parties’ reputation using these coins to choose a committee for each slot. (For dynamic reputation, the contents of an epoch are used to extracts coins for the following epoch.)

The above implicit lottery is used to elect a slot committee BAⁱ for each slot i, which is responsible for gathering all known transactions at the beginning of the slot that have not yet been inserted in the blockchain, and proposing the block corresponding to this slot along with evidence to enable all parties to agree on this block. More concretely, in every slot, every party in a random subset BCⁱ of BAⁱ pools all new and valid transactions received by the blockchain users into a set, and broadcasts this set to BAⁱ, by means of a byzantine broadcast protocol. The union of the tractions broadcasted by BCⁱ is then signed by every member of BAⁱ and circulated to the whole party set who accept it if and only if it has at least |BAⁱ|∕2 signatures from parties in BAⁱ. As long as for each of the slot committees the majority of its members is honest—a property which will be induced by an accurate and feasible reputation system—the above consensus protocol will achieve agreement on the proposed block.

Of prime importance in our construction, and a novelty of our PoR-ledger, is a mechanism which ensures an intuitive notion of inclusivity. For clarity, we focus our description and analysis on static correlation-free reputation systems. Different ways to extend our result to dynamic and correlated adversaries are discussed in the appendix. As proved in [13], for any feasible static correlation-free reputation system, the following sampler, denoted as Amax, outputs a committee with honest majority: Order the parties according to their reputation and choose a sufficient number (cf. [13]) of reputation parties with the highest reputations. The above simple Amax algorithm is optimal (up to negligible error) for minimizing the risk of electing a dishonest-majority committee, but it suffers from the following issues: First, if some malicious party establishes (e.g., by behaving honestly) a high reputation, then this party will be included in almost every committee. Second, the approach lacks a natural fairness property which would give all parties voting power according to their reputation (even to parties with low reputation). Such a fairness property is important for sustainable decentralization, as it does not deter participation of parties with low reputation making the overall system more inclusive. ⁶ We propose and instantiate an appropriate notion of reputation fairness, termed PoR-fairness, which addresses the above concerns. The idea behind PoR-fairness is that every reputation party should get a “fair” chance to be part of each slot-i committee BAⁱ. Defining such a notion turns out to be non-trivial (cf. Section 3.1). Intuitively, a reputation-based lottery (i.e., committee selection protocol) is reputation-fair, if, (1) on average, the representation of parties on the selected committee becomes higher, the more likely those parties are to be honest (according to their reputation); (2) this representation increases as the ratio of parties with higher over parties with lower reputation increases; and (3) the probabilities of parties included in the lottery increase proportionally to their reputation. Realizing such a reputation-fair lottery also turns out to be a challenging task and a core technical contribution of our work.

2.5 Proof-of-Stake Fallback

Arguably, reputation is a subjective and manipulable resource. For instance, the way reputation of new parties is assigned might be flawed or a malicious party might act honestly to build up its reputation, and then use its earned trust to attack the system. We address this in the following way: We back our PoR-blockchain with a light-weight use of a (Proof-of-Stake) Nakamoto-style blockchain⁷ which will ensure that if the reputation system fails to provide security, this will be observed and agreed upon on the Nakamoto-chain. This ensures that reputation parties, who try to actively cheat (e.g., sign conflicting messages) or abstain to hurt liveness or safety, will be exposed on the fallback chain.

The idea for our fallback is as follows: Parties report on the fallback chain (an appropriate hash of) their view of the PoR-blockchain. If any party observes an inconsistency of this with its own view, it contest the reported view, by posting an accusation along with appropriate evidence (signatures and hash-pointers). The original reporting party is then expected to respond to this accusation by the contents and signatures of the disputed block. Once the accusation is answered, it will either expose one of the two disputing parties as a cheater, or it will expose a misbehavior on the PoR-chain (e.g., signing conflicting messages). In either case the exposed party gets its reputation zeroed out and is excluded from the system.

This fallback mechanism fortifies the security of the blockchain under an independent backup assumption, e.g., majority of honest stake. Note that the fallback blockchain is not used for communicating transactions, but only digests (hashes) of blocks from the main, reputation chain as discussed below. Furthermore, it does not need to run in a synchronized manner with the main PoR-chain. This allows a very light-weight use of the fallback chain, which as it is a black-box use, can even be outsourced to an existing Nakamoto-style chain. We refer to this type of blockchain design as a PoR/PoS-Hybrid Blockchain. We remark that the generic fallback mechanism allows to recover from safety attacks. By an additional assumption on the quality of the reputation system we can also prevent liveness attacks as discussed in Section 5.2.

² Observe that the adversary might send a message to a subset of parties, but if any honest party is instructed by the protocol to forward it, then the message will be delivered (to all other honest parties) in the round when this forwarding occurs.↩

³ For notational simplicity, we often refer to Rep as a probability distribution rather than an ensemble, i.e., we omit the explicit reference to the parameter m.↩

⁴ Adaptive correlation-free reputation systems are described, analogously, as an ensemble of static reputation systems.↩

⁵ We do not specify here how this data is efficiently encoded into a block, e.g., so that they can be updated and addressed in an efficient manner; however, one can use the standard Merkle-tree approach used in many common blockchains, e.g., Bitcoin, Ethereum, Ouroboros, Algorand, etc.↩

⁶ For instance, one can consider a mechanism which rewards honest behavior by increasing the parties’ reputation.↩

⁷ As discussed above, here we focus on a proof-of-stake Nakamoto-style blockchain, e.g., [ 65 ], but our fallback uses the Nakamoto blockchain in a blackbox manner and can therefore be instantiated using any blockchain that realizes a Bitcoin-style transaction ledger [ 18 ].↩

The Möbby Blockchain and Digital Asset

Technical Whitepaper

Summary

1 Motivation

2 Model

3 Reputation-based Lotteries

4 The PoR-Blockchain

5 The PoR/PoS-Hybrid Blockchain

6 Establishing, Updating, and Extending the Reputation System

7 Conclusions and Open Problems

References

A Supplementary Material to Section 3

B Supplementary Material to Section 4

C Deferred Proofs

D Hoeffding's Inequality

E Reputation Systems with Limited Correlations

F Epoch-Resettable Adversaries

G Extensions and Future Research

About the Authors

Möbby Tokenomics

1 Monetizing Reputation for a Stable and Truthful Recommender / Reputation System

2 The Möbby Decentralized Ledger Technology (DLT) backbone

3 Major Möbby Deployment Milestones

4 Rewards and Transaction Fees

5 Reputation Rewards

6 Applications and Utilization

1. Binance Smart Chain: A parallel binance chain to enable smart contracts. https://github.com/binance-chain/whitepaper/blob/master/WHITEPAPER.md.94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.
2. Eurus economic blockchain network. https://www.eurus.network/technology/.
3. GoChain: Proof of reputation. https://medium.com/gochain/proof-of-reputation-e37432420712.
4. OpenEthereum Documentation: Proof-of-authority chains - wiki. https://openethereum.github.io/Proof-of-Authority-Chains.
5. PoA Private Chains. https://github.com/ethereum/guide/blob/master/poa.md.
6. The New York Times a fashion brand agrees to pay $4.2 million after f.t.c. says it suppressed negative reviews online. https://www.nytimes.com/2022/01/25/business/fashion-nova-reviews.html.
7. The Verge split screen: The crowdfunded phone of the future was a multimillion-dollar scam. https://www.theverge.com/2019/8/13/20758599/idealfuture-dragonfly-futurefon-indiegogo-crowdfunding-phone-scam-fraud-case.
8. Time how extortion scams and review bombing trolls turned goodreads into many authors’ worst nightmare. https://time.com/6078993/goodreads-review-bombing/.
9. Vechain whitepaper 2.0. https://www.vechain.org/whitepaper/.
10. Ahmed S Almasoud, Farookh Khadeer Hussain, and Omar K Hussain. Smart contracts for blockchain-based reputation systems: A systematic literature review. Journal of Network and Computer Applications, 170:102814, 2020.
11. Akram Alofi, Rami Bahsoon, and Robert Hendley. Minerrepu: A reputation model for miners in blockchain networks. In 2021 IEEE International Conference on Web Services (ICWS), pages 724–733. IEEE, 2021.
12. Oladotun Aluko and Anton Kolonin. Proof-of-reputation: An alternative consensus mechanism for blockchain systems. International Journal of Network Security & Its Applications (IJNSA) Vol, 13, 2021.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
14. Alia Asheralieva and Dusit Niyato. Reputation-based coalition formation for secure self-organized and scalable sharding in iot blockchains with mobile-edge computing. IEEE Internet of Things Journal, 7(12):11830–11850, 2020.
15. Hagit Attiya, Amir Herzberg, and Sergio Rajsbaum. Optimal clock synchronization under different delay assumptions (preliminary version). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 109–120. ACM, August 1993.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
17. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Consensus redux: Distributed ledgers in the face of adversarial supremacy. Cryptology ePrint Archive, Report 2020/1021, 2020. https://eprint.iacr.org/2020/1021.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.
19. Leila Bahri and Sarunas Girdzijauskas. Trust mends blockchains: Living up to expectations. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1358–1368. IEEE, 2019.
20. Ammar Battah, Youssef Iraqi, and Ernesto Damiani. Blockchain-based reputation systems: Implementation challenges and mitigation. Electronics, 10(3):289, 2021.
21. Mihir Bellare and Sara K. Miner. A forward-secure digital signature scheme. In Michael J. Wiener, editor, CRYPTO’99, volume 1666 of LNCS, pages 431–448. Springer, Heidelberg, August 1999.
22. Emanuele Bellini, Youssef Iraqi, and Ernesto Damiani. Blockchain-based distributed trust and reputation management systems: A survey. IEEE Access, 8:21127–21151, 2020.
23. Iddo Bentov, Pavel Hubáček, Tal Moran, and Asaf Nadler. Tortoise and hares consensus: the meshcash framework for incentive-compatible, scalable cryptocurrencies. IACR Cryptology ePrint Archive, 2017:300, 2017.
24. Alex Biryukov and Daniel Feher. Recon: Sybil-resistant consensus from reputation. Pervasive and Mobile Computing, 61:101109, 2020.
25. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Cryptology ePrint Archive, Report 2017/671, 2017. http://eprint.iacr.org/2017/671.
26. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Technical report, University of Luxembourg, 2017.
27. Jacques Bou Abdo, Rayane El Sibai, and Jacques Demerjian. Permissionless proof-of-reputation-x: A hybrid reputation-based consensus algorithm for permissionless blockchains. Transactions on Emerging Telecommunications Technologies, 32(1):e4148, 2021.
28. Jacques Bou Abdo, Rayane El Sibai, Krishna Kambhampaty, and Jacques Demerjian. Permissionless reputation-based consensus algorithm for blockchain. Internet Technology Letters, 3(3):e151, 2020.
29. Ahmet Bugday, Adnan Ozsoy, Serdar Murat Öztaner, and Hayri Sever. Creating consensus group using online learning based reputation in blockchain networks. Pervasive and Mobile Computing, 59:101056, 2019.
30. Vitalik Buterin. A next-generation smart contract and decentralized application platform, 2013. https://github.com/ethereum/wiki/wiki/White-Paper.
31. Wenjun Cai, Wei Jiang, Ke Xie, Yan Zhu, Yingli Liu, and Tao Shen. Dynamic reputation–based consensus mechanism: Real-time transactions for energy blockchain. International Journal of Distributed Sensor Networks, 16(3):1550147720907335, 2020.
32. Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143–202, January 2000.
33. Haoye Chai, Supeng Leng, Ke Zhang, and Sun Mao. Proof-of-reputation based-consortium blockchain for trust resource sharing in internet of vehicles. IEEE Access, 7:175744–175757, 2019.
34. Hongyin Chen, Zhaohua Chen, Yukun Cheng, Xiaotie Deng, Wenhan Huang, Jichen Li, Hongyi Ling, and Mengqian Zhang. A provable softmax reputation-based protocol for permissioned blockchains. IEEE Transactions on Cloud Computing, 2021.
35. Zelei Cheng, Zuotian Li, Bowen Sun, Shuhan Zhang, and Yuanrong Shao. Reputation-based q-routing for robust inter-committee routing in the sharding-based blockchain. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 230–236. IEEE, 2020.
36. Sherman S. M. Chow. Running on Karma - P2P reputation and currency systems. In Feng Bao, San Ling, Tatsuaki Okamoto, Huaxiong Wang, and Chaoping Xing, editors, CANS 07, volume 4856 of LNCS, pages 146–158. Springer, Heidelberg, December 2007.
37. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Probabilistic termination and composability of cryptographic protocols. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part III, volume 9816 of LNCS, pages 240–269. Springer, Heidelberg, August 2016.
38. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Round-preserving parallel composition of probabilistic-termination cryptographic protocols. In Ioannis Chatzigiannakis, Piotr Indyk, Fabian Kuhn, and Anca Muscholl, editors, ICALP 2017, volume 80 of LIPIcs, pages 37:1–37:15. Schloss Dagstuhl, July 2017.
39. Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 66–98. Springer, Heidelberg, April / May 2018.
40. Marcela T de Oliveira, Lúcio HA Reis, Dianne SV Medeiros, Ricardo C Carrano, Sílvia D Olabarriaga, and Diogo MF Mattos. Blockchain reputation-based consensus: A scalable and resilient mechanism for distributed mistrusting applications. Computer Networks, 179:107367, 2020.
41. Thuat Do, Thao Nguyen, and Hung Pham. Delegated proof of reputation: A novel blockchain consensus. In Proceedings of the 2019 International Electronics Communication Conference, pages 90–98, 2019.
42. Danny Dolev, Joseph Y. Halpern, and H. Raymond Strong. On the possibility and impossibility of achieving clock synchronization. In 16th ACM STOC, pages 504–511. ACM Press, 1984.
43. Danny Dolev and H. Raymond Strong. Authenticated algorithms for byzantine agreement. SIAM J. Comput., 12(4):656–666, 1983.
44. Shlomi Dolev and Jennifer L. Welch. Wait-free clock synchronization (extended abstract). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 97–108. ACM, August 1993.
45. Shlomi Dolev and Jennifer L. Welch. Self-stabilizing clock synchronization in the presence of byzantine faults (abstract). In James H. Anderson, editor, 14th ACM PODC, page 256. ACM, August 1995.
46. Fangyu Gai, Baosheng Wang, Wenping Deng, and Wei Peng. Proof of reputation: A reputation-based consensus protocol for peer-to-peer network. In DASFAA, 2018.
47. Juan A. Garay, Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. The price of low communication in secure multi-party computation. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 420–446. Springer, Heidelberg, August 2017.
48. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 281–310. Springer, Heidelberg, April 2015.
49. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. http://eprint.iacr.org/2017/454.
50. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP ’17, page 51–68, New York, NY, USA, 2017. Association for Computing Machinery.
51. Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, April 1988.
52. Joseph Y. Halpern, Barbara Simons, H. Raymond Strong, and Danny Dolev. Fault-tolerant clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 89–102. ACM, August 1984.
53. Wassily Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, March 1963.
54. Qiaohong Hu, Hongju Cheng, Xiaoqi Zhang, and Chengkuan Lin. Trusted resource allocation based on proof-of-reputation consensus mechanism for edge computing. Peer-to-Peer Networking and Applications, pages 1–17, 2021.
55. Shuang Hu, Lin Hou, Gongliang Chen, Jian Weng, and Jianhua Li. Reputation-based distributed knowledge sharing system in blockchain. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pages 476–481, 2018.
56. Zhuo Hu, Yuhao Du, Congjun Rao, and Mark Goh. Delegated proof of reputation consensus mechanism for blockchain-enabled distributed carbon emission trading system. IEEE Access, 8:214932–214944, 2020.
57. Chenyu Huang, Zeyu Wang, Huangxun Chen, Qiwei Hu, Qian Zhang, Wei Wang, and Xia Guan. Repchain: A reputation-based secure, fast, and high incentive blockchain system via sharding. IEEE Internet of Things Journal, 8(6):4291–4304, 2020.
58. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 332–354. Springer, Heidelberg, August 2001.
59. Abdellah Kaci and Abderrezak Rachedi. Toward a machine learning and software defined network approaches to manage miners’ reputation in blockchain. Journal of Network and Systems Management, 28(3):478–501, 2020.
60. Sep Kamvar, Marek Olszewski, and Rene Reinsberg. Celo: A multi-asset cryptographic protocol for decentralized social payments.(2017). 2017.
61. Sepandar D Kamvar, Mario T Schlosser, and Hector Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web, pages 640–651, 2003.
62. Jiawen Kang, Zehui Xiong, Dusit Niyato, Dongdong Ye, Dong In Kim, and Jun Zhao. Toward secure blockchain-enabled internet of vehicles: Optimizing consensus management using reputation and contract theory. IEEE Transactions on Vehicular Technology, 68(3):2906–2920, 2019.
63. Jonathan Katz and Chiu-Yuen Koo. On expected constant-round protocols for byzantine agreement. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 445–462. Springer, Heidelberg, August 2006.
64. Hakima Khelifi, Senlin Luo, Boubakr Nour, Hassine Moungla, and Syed Hassan Ahmed. Reputation-based blockchain for secure ndn caching in vehicular networks. In 2018 IEEE Conference on Standards for Communications and Networking (CSCN), pages 1–6. IEEE, 2018.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
66. Aggelos Kiayias, Hong-Sheng Zhou, and Vassilis Zikas. Fair and robust multi-party computation using a global transaction ledger. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, pages 705–734. Springer, Heidelberg, May 2016.
67. Leslie Lamport and P. M. Melliar-Smith. Byzantine clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 68–74. ACM, August 1984.
68. Kai Lei, Qichao Zhang, Limei Xu, and Zhuyun Qi. Reputation-based byzantine fault-tolerance for consortium blockchain. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 604–611. IEEE, 2018.
69. Christoph Lenzen, Thomas Locher, and Roger Wattenhofer. Clock synchronization with bounded global and local skew. In 49th FOCS, pages 509–518. IEEE Computer Society Press, October 2008.
70. Bernardo Magri, Christian Matt, Jesper Buus Nielsen, and Daniel Tschudi. Afgjort - A semi-synchronous finality layer for blockchains. IACR Cryptology ePrint Archive, 2019:504, 2019.
71. Shirshak Maskey, Shahriar Badsha, Shamik Sengupta, and Ibrahim Khalil. Reputation-based miner node selection in blockchain-based vehicular edge computing. IEEE Consumer Electronics Magazine, 2020.
72. Silvio Micali, Michael O. Rabin, and Salil P. Vadhan. Verifiable random functions. In 40th FOCS, pages 120–130. IEEE Computer Society Press, October 1999.
73. Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. The honey badger of BFT protocols. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016, pages 31–42. ACM Press, October 2016.
74. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008. http://bitcoin.org/bitcoin.pdf.
75. Mehrdad Nojoumian, Arash Golchubian, Laurent Njilla, Kevin Kwiat, and Charles Kamhoua. Incentivizing blockchain miners to avoid dishonest mining strategies by a reputation-based paradigm. In Science and Information Conference, pages 1118–1134. Springer, 2018.
76. Rafail Ostrovsky and Boaz Patt-Shamir. Optimal and efficient clock synchronization under drifting clocks. In Brian A. Coan and Jennifer L. Welch, editors, 18th ACM PODC, pages 3–12. ACM, May 1999.
77. Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks (extended abstract). In Luigi Logrippo, editor, 10th ACM PODC, pages 51–59. ACM, August 1991.
78. Rafael Pass, Lior Seeman, and abhi shelat. Analysis of the blockchain protocol in asynchronous networks. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part II, volume 10211 of LNCS, pages 643–673. Springer, Heidelberg, April / May 2017.
79. Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 3–33. Springer, Heidelberg, April / May 2018.
80. Muntadher Sallal, Gareth Owenson, Dawood Salman, and Mo Adda. Security and performance evaluation of master node protocol based reputation blockchain in the bitcoin network. Blockchain: Research and Applications, page 100048, 2021.
81. Sidharth Shyamsukha, Pronaya Bhattacharya, Farnazbanu Patel, Sudeep Tanwar, Rajesh Gupta, and Emil Pricop. Porf: Proof-of-reputation-based consensus scheme for fair transaction ordering. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE, 2021.
82. T. K. Srikanth and Sam Toueg. Optimal clock synchronization. In Michael A. Malcolm and H. Raymond Strong, editors, 4th ACM PODC, pages 71–86. ACM, August 1985.
83. You Sun, Rui Xue, Rui Zhang, Qianqian Su, and Sheng Gao. Rtchain: A reputation system with transaction and consensus incentives for e-commerce blockchain. ACM Transactions on Internet Technology (TOIT), 21(1):1–24, 2020.
84. You Sun, Rui Zhang, Rui Xue, Qianqian Su, and Pengchao Li. A reputation based hybrid consensus for e-commerce blockchain. In International Conference on Web Services, pages 1–16. Springer, 2020.
85. Changbing Tang, Luya Wu, Guanghui Wen, and Zhonglong Zheng. Incentivizing honest mining in blockchain networks: a reputation approach. IEEE Transactions on Circuits and Systems II: Express Briefs, 67(1):117–121, 2019.
86. Eric Ke Wang, Zuodong Liang, Chien-Ming Chen, Saru Kumari, and Muhammad Khurram Khan. Porx: A reputation incentive scheme for blockchain consensus of iiot. Future Generation Computer Systems, 102:140–151, 2020.
87. Gang Wang. Repshard: Reputation-based sharding scheme achieves linearly scaling efficiency and security simultaneously. In 2020 IEEE International Conference on Blockchain (Blockchain), pages 237–246. IEEE, 2020.
88. J. Yu, D. Kozhaya, J. Decouchant, and P. Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, Aug 2019.
89. Jiangshan Yu, David Kozhaya, Jeremie Decouchant, and Paulo Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, 2019.
90. Jiarui Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Mengqian Zhang. A reputation-based mechanism for transaction processing in blockchain systems. IEEE Transactions on Computers, 2021.
91. Jiarui Zhang, Yaodong Huang, Fan Ye, and Yuanyuan Yang. A novel proof-of-reputation consensus for storage allocation in edge blockchain systems. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
92. Mengqian Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Jiarui Zhang. Accelerating transactions relay in blockchain networks via reputation. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
93. Shenchen Zhu, Ziyan Zhang, Liquan Chen, Hui Chen, and Yanbo Wang. A pbft consensus scheme with reputation value voting based on dynamic clustering. In International Conference on Security and Privacy in Digital Economy, pages 336–354. Springer, 2020.
94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
49. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. http://eprint.iacr.org/2017/454.
49. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. http://eprint.iacr.org/2017/454.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.