3 Rep Based Lotteries

Technical Whitepaper

3 Reputation-based Lotteries

At the heart of our construction is a lottery that chooses a (sublinear) set of parties according to their reputation. To demonstrate the idea, let us first consider two extreme scenarios: Scenario 1: No reputation party _i has R_i > 0.5. Scenario 2: All reputation parties _i have (independent) reputation R_i > 0.5 + ϵ for a constant ϵ, e.g,. R_i > 0.51.

In Scenario 1, one can prove that users cannot use the recommendation of the reputation parties to agree on a sequence of transactions. Roughly, the reason is that with good probability, the majority of the reputation parties might be dishonest and try to split the network of users, so that they accept conflicting transaction sequences. In Scenario 2, on the other hand, the situation is different. Here, by choosing a polylogarithmic random committee we can guarantee (except with negligible probability)⁸ that the majority of those parties will be honest (recall that we assume independent reputations), and we can therefore employ a consensus protocol to achieve agreement on each transaction (block).

Definition 1. For a reputation system Rep for parties from a reputation set , a (possibly probabilistic) algorithm A for sampling a subset of parties from , and an Rep-adversary , we say that Rep is (ϵ,A)-feasible for if, with overwhelming probability,⁹ A outputs a set of parties such that at most a 1∕2 - ϵ fraction of these parties is corrupted by .

In the above definition, the corrupted parties are chosen according to Rep from the entire reputation-party set , and independently of the coins of A. (Indeed, otherwise it would be trivial to corrupt a majority.)

Definition 2. We say that a reputation system is ϵ-feasible for Rep-adversary , if there exists a probabilistic polynomial-time (PPT) sampling algorithm A such that Rep is (ϵ,A)-feasible for .

It is easy to verify that to maximize the (expected) number of honest parties in the committee it suffices to always choose the parties with the highest reputation. In fact, [13] generalized this to arbitrary correlation-free reputation systems by proving that for any ϵ-feasible reputation system Rep (i.e., for any Rep-adversary ) the algorithm which orders that parties according to their reputation chooses sufficiently many (see. [13]) parties with the highest reputation induces a set which has honest majority. We denote this algorithm by Amax.

Lemma 1 ([13]). A correlation-free reputation system is ϵ-feasible for a Rep-adversary if and only if it is (ϵ,Amax)-feasible for .

As discussed in the introduction, despite yielding a maximally safe lottery, Amax has issues with fairness which renders it suboptimal for use in a blockchain ledger protocol. In the following we introduce an appropriate notion of reputation-fairness for lotteries and an algorithm for achieving it.

3.1 PoR-Fairness

As a warm up, let us consider a simple case, where all reputations parties can be partitioned in two subsets: ₁ consisting of parties with reputation at least 0.76, and ₂ consisting of parties with reputation between 0.51 and 0.75. Let |₁| = α₁ and |₂| = α₂. We want to sample a small (sublinear in || = α₁ + α₂) number y of parties in total.

Recall that we want to give every reputation party a chance (to be part of the committee) while ensuring that, the higher the reputation, the better his relative chances. A first attempt would be to first sample a set where each party _i is sampled according to his reputation (i.e., with probability R_i) and then reduce the size of the sampled set by randomly picking the desired number of parties. This seemingly natural idea suffers from the fact that if there are many parties with low reputation—this is not the case in our above example where everyone has reputation at least 0.51, but it might be the case in reality—then it will not yield an honest majority committee even when the reputation system is feasible.

A second attempt is the following. Observe that per our specification of the above tiers, the parties in ₁ are about twice more likely to be honest than parties in ₂. Hence we can try to devise a lottery which selects (on expectation) twice as many parties from ₁ as the number of parties selected from ₂. This will make the final set sufficiently biased towards high reputations (which can ensure honest majorities) but has the following side-effect: The chances of a party being selected diminish with the number of parties in his reputation tier. This effectively penalizes large sets of high-reputation parties; but formation of such sets should be a desideratum for a blockchain protocol. To avoid this situation we tune our goals to require that when the higher-reputation set |₁| is much larger than |₂|, then we want to start shifting the selection towards ₁. This leads to the following informal fairness goal:

Goal (informal): We want to randomly select x₁ parties from ₁ and x₂ parties from ₂ so that:

1.: x₁ + x₂ = y
2.: x₁ = 2max{1,}x₂ (representation fairness)
3.: For each i ∈{1,2} : No party in _i has significantly lower probability of getting picked than other parties in _i (non-discrimination), but parties in ₁ are twice as likely to be selected as parties in ₂ (selection fairness).

Assuming α₁ and α₂ are sufficiently large, the above goal can be achieved by the following sampler: For appropriately chosen numbers ℓ₁ and ℓ₂ ≥ 0 with ℓ₁ + ℓ₂ = y, sample ℓ₁ parties from ₁, and then sample ℓ₂ parties from ₁ ∪₂ (where if you sample a party from ₁ twice, replace him with a random, upsampled party from ₁). As it will become clear in the following general analysis, by carefully choosing ℓ₁ and ℓ₂ we can ensure that the conditions of the above goal are met. For the interested reader, we analyze the above lottery in Appendix A.1 . Although this is a special case of the general lottery which follows, going over that simpler analysis might be helpful to a reader, who wishes to ease into our techniques and design choices.

Our PoR-Fairness Definition and Lottery

We next discuss how to turn the above informal fairness goals into a formal definition, and generalize the above lottery mechanism to handle more than two reputation tiers and to allow for arbitrary reputations. To this direction we partition, as in the simple example, the reputations in m = O(1) tiers¹⁰ as follows: For a given small δ > 0, the first tier includes parties with reputation between m-m1- + δ and 1, the second tier includes parties with reputation between mm-2- + δ and m-m1- + δ, and so on. Parties with reputation 0 are ignored.¹¹ We refer to the above partitioning of the reputations as an m-tier partition.

The main differences of the generalized reputation-fairness notion from the above informal goal, is that (1) we parameterize the relation between the representation of different ties by a parameter c (in the above informal goal c = 2) and (2) we do not only require an appropriate relation on the expectations of the numbers of parties from the different tiers but require that these numbers are concentrated around numbers that satisfy this relation. The formal reputation fairness definition follows.

Definition 3. Let ˆ
P ₁,…, ˆ
P _m be a partition of the reputation-party set ˆ
P into m tiers as above (where the parties in ˆ
P ₁ have the highest reputation) and let L be a lottery which selects x_i parties from each ˆ
P _i. For some c ≥ 1, we say that L is c-reputation-fair, or simply, c-fair if it satisfies the following properties:

1.: (c-Representation Fairness): For j = 1,…,m, let c_j = max{c,c ⋅}. Then L is c-fair if for each j ∈{0,…,m - 1} and for every constant ϵ ∈ (0,c): $Pr [(cj - ϵ)xj+1 ≤ xj ≤ (cj + ϵ)xj+1] ≥ 1- μ(k),$ for some negligible function μ.
2.: (c-Selection Fairness): For any p_j ∈ ∪_i=1^m_i, let Member_j denote the indicator (binary) random variable which is 1 if p_j is selected by the lottery and 0 otherwise. The L is c-selection-fair if for any i ∈{1,…,m - 1}, for any pair (_i₁,_i₂) ∈_i ×_i+1, and any constant c′ < c: $Pr[Memberi1-=-1]≥ c′ - μ(k) Pr[Memberi2 = 1]$ for some negligible function μ.
3.: (Non-Discrimination): Let Member_i defined as above. The L is non-discriminatory if for any _i₁,_i₂ in the same _i: $Memberi1 ≈ Memberi2,$ where ≈ in the above equation means that the random variables are computationally indistinguishable.

Fig. 5: High level description of the PoR lottery algorithm in Fig. 6 .

A high level description of the lottery is given in Fig. 5 . Informally, lottery for the m-tier case is similar in spirit to the two-tier case: First we sample a number of ℓ₁ parties from the highest reputation set ₁, then we sample ℓ₂ parties from the union of second-highest and the highest 1 ∪₂, then we sample ℓ₃ parties from the union of the three highest reputation tiers ₁ ∪₂ ∪₃, and so on. As we prove, the values ℓ₁,ℓ₂,ℓ₃ etc. can be carefully chosen so that the above fairness goal is reached whenever there are sufficiently many parties in the different tiers. We next detail our generalized sampling mechanism and prove its security properties.

We start by describing two standard methods for sampling a size-t subset of a party set —where each party P ∈ is associated with a unique identifier pid¹²—which will both be utilized in our fair sampling algorithm. Intuitively, the first sampler samples the set with replacement and the second without. The first method, denoted by Rand, takes as input/parameters the set , the size of the target set t—where naturally t < ||—and a nonce r. It also makes use of a hash function h which we will assume behaves as a random oracle.¹³ In order to sample the set, for each party with ID pid, the sampler evaluates the random oracle on input (pid,r) and if the output has more than log |P-|
t tailing 0’s the party is added to the output set. By a simple Chernoff bound, the size of the output set will be concentrated around t. The second sampler denoted by RandSet is the straight-forward way to sample a random subset of t parties from without replacement: Order the parties according to the output of h on input (pid,r) and select the ones with the highest value (where the output h is taken as the standard binary representation of integers). It follows directly from the fact that h behaves as a random oracle—and, therefore, assigns to each P_i ∈ a random number from {0,…,2^k - 1}—that the above algorithm uniformly samples a set ⊂ of size t out of all the possible size-t subsets of . For completeness we have included detailed description of both samplers in Appendix A.2 . Given the above two samplers, we can provide the formal description of our PoR-fair lottery, see Figure 6 . Theorem 1 states the achieved security.


L(,Rep,c,δ,ϵ,r) 1. Divide the reputation parties into m tiers ₁,…,_m as follows,^a : For i = 0…,m - 1, define _m-i to be the set of parties in with reputation Rep_j ∈ ( + δ, + δ]. 2. Initialize _i := ∅ for each i ∈ [m]. 3. Let c_i = max{c,c}, i = 1,,m - 1. Let c_m =. 4. For each i = 1,…,m: α_i := \|_i\|. 5. For each i = 1,…,m - 1: Let $∑ ∏ ∏ ----ij=1-αj--αi+1-mj=icj --αi-mj=i+1cj 1+ϵ ℓi = ∑mj=1∏mq=jcq αi+1αi log n$ and let $∑ ----mj=1αj---1- 1+ ϵ ℓm := ∑mj=1∏mq=jcqαm log n$ 6. For each i = 1,…,m do the following: If \|∪_j=1ⁱ_j\|≥ ℓ_i: (a) Invoke Rand(∪_j=1ⁱ_j,⌈ℓ_i⌉; (r\|\|i)) to choose a set _i of parties uniformly at random from ∪_j=1ⁱ_j. (b) For each j ∈ [i] compute col_i,j := _i ∩_j and update _j := _j ∪ (_i ∩_j). (c) For each j ∈ [i] if col_i,j≠∅, then i. if \|_j \_j\| < \|col_i,j\| then reset the lottery and select sel as the output of Amax. ii. Else Invoke RandSet(_j \_j,\|col_i,j\|; (r\|\|i\|\|j)) to choose a set _i,j⁺; For each j ∈ [i] update _j := _j ∪_i,j⁺. iii. Set _i⁺ := ∪_j=1^m_i,j⁺ Else (i.e., \|∪_j=1ⁱ_j\| < ℓ_i): Reset the lottery and select (and output) sel as the output of Amax for choosing log ^1+ϵn. 7. If the lottery was not reset in any of the above steps, then set sel := ∪_j=1^m_j(= ∪_i=1^m(Q_i ∪ Q_i⁺)) and output sel.

Fig. 6: c-fair reputation-based lottery for m=O(1) tiers

Theorem 1 (Reputation-Fair Lottery for m = O(1)-tiers). In the above lottery L(,Rep,(c₁,…,c_m),δ,ϵ,r), let ϵ,δ > 0 be strictly positive constants, and for each i ∈{1,…,m = O(1)}, let X_i be the random variable (r.v.) corresponding to the number of parties in the final committee that are from set _i; and for each i ∈ [m] let c_i = max{c,c -|ˆPi|-
|ˆPi+1| } where c = O(1) such that for some constant ξ ∈ (0,1) : -1--
cm -1 ≤ m--2
2m -ξ. If for some constant ϵ_f ∈ (0,1∕2) the reputation system Rep is ϵ_f-feasible for a static Rep-bounded adversary , then for the set sel of parties selected by L the following properties hold with overwhelming probability (in the security parameter k):

1.: |sel| = Θ(log ^1+ϵn)
2.: for some constant ϵ_δ > 0 adversary corrupts at most an 1∕2 - ϵ_δ fraction of the parties in sel
3.: If every set _i has at least γ ⋅ log ^1+ϵn parties for some γ > 1, then the lottery is c-fair.

The complete proof can be found in Appendix C.1 . In the following we included a sketch of the main proof ideas. Proof (sketch). We consider two cases: Case 1: L noes not reset, and Case 2: L resets.
In Case 1, The lottery is never reset. This case is the bulk of the proof. First, in Lemma 3 using a combination of Chernoff bounds we prove that the random variable X_i corresponding to the number of parties from _i selected in the lottery is concentrated around the (expected) value:

∑m xi := Exp (Xi ) = αi ⋅ ∑--ℓj--- j=i jq=1αq

(1)

i.e., for any constant λ_i ∈ (0,1):

Pr [|(1 - λi)xi ≤ Xi ≤ (1+ λi)xi] ≥ 1- μi(k),

(2)

Hence, by inspection of the protocol one can verify that the x_i’s and the ℓ_j’s satisfy the following system of linear equations:

T T (x1,...,xm) = B ⋅(ℓ1,...,ℓm)

(3)

Where B is an m × m matrix with the (i,j) position being

{ ∑j-αi- , if i ≥ j Bi,j = q=1αq 0, otherwise

The above system of m equations has 2m unknowns. To solve it we add the following m equations which are derived from the desired reputation fairness: For each i ∈ [m - 1] :

x := c ⋅x i i i+1

(4)

and

m∑ xi = log1+ϵk i=1

(5)

This yields 2m linear equations. By solving the above system of equations we can compute:

∑i ∏m ∏m ℓ = -----j=1-αj--αi+1--j=icj --αi-j=i+1-cjlog1+ϵn, i ∑mj=1∏jq=1cq αi+1αi

for each i ∈ [m - 1], and

∑m ℓ := ∑---j=∏1αj----1-log1+ϵn. m mj=1 mq=jcqαm

This already explains some of the mystery around the seemingly complicated choice of the ℓ_i’s in the protocol. Next we observe that for each j ∈ [m] : ∑ _i=1^mB_i,j = 1 which implies that

m∑ ∑m ℓj = xi Eq.= 5log1+ϵk j=1 i=1

(6)

Because in each round we choose parties whose number is from a distribution centered around ℓ_i, the above implies that the sum of the parties we sample is centered around ∑ _j=1^mℓ_j = log ^1+ϵk which proves Property 1.

Property 2 is proven by a delicate counting of the parties which are corrupted, using Chernoff bounds for bounding the number of corrupted parties selected by Rand (which selects with replacement) and Hoeffding’s inequality for bounding the number of parties selected by RandSet (which selects without replacement). The core idea of the argument is that because the reputation in different tiers reduces in a linear manner but the representation to the output of the lottery reduces in an exponential manner, even if the adversary corrupts for free all the selected parties from the lowest half reputation tiers, still the upper half will have a strong super-majority to compensate so that overall the majority is honest.

Finally, the c-fairness (Property 3) is argued as follows:

–The c-Representation Fairness follows directly from Equations 1 , 2 and 4 .
–The non-discrimination property follows from the fact that our lottery picks each party in every _i with exactly the same probability as any other party.
–The c-Selection Fairness is proved by using the fact that the non-discrimination property mandates that each party in sel ∩_i is selected with probability p_i = |P ∩ˆP |
--se|Plˆi|i- . By using our counting of the sets’ cardinalities computed above we can show that for any constant c′ < c: ppi+i1- ≥ c′.

In Case 2 the lottery is reset and the output sel is selected by means of invocation of algorithm Amax. This is the simpler case since Lemma 1 ensures that if the reputation system is ϵ_f-feasible, then a fraction 1∕2 + ϵ_f of the parties in sel will be honest except with negligible probability. Note that Amax is only invoked if a reset occurs, i.e., if in some step there are no sufficiently many parties to select from; this occurs only if any set _i does not have sufficiently many parties to choose from. But the above analysis, for δ < γ - 1, the sampling algorithms choose at most (1 + δ)log ^1+ϵn with overwhelming probability. Hence when each _i has size at least γ ⋅ log ^1+ϵn, with overwhelming probability no reset occurs. In this case, by inspection of the protocol one can verify that the number of selected parties is |sel| = log ^1+ϵn.

⁸ All our security statements here involve a negligible probability of error. For brevity we at times omit this from the statement.↩

⁹ The probability is taken over the coins associated with the distribution of the reputation system, and the coins of and A.↩

¹⁰ This is analogous to the rankings of common reputation/recommendation systems, e.g., in Yelp, a party might have reputation represented by a number of stars from 0 to 5, along with their midpoints, i.e., 0.5, 1.5, 2.5, etc.↩

¹¹ This also gives us a way to effectively remove a reputation party—e.g., in case it is publicly caught cheating.↩

¹² In our blockchain construction, pid will the P’s public key.↩

¹³ In the random oracle model, r can be any unique nonce; however, for the epoch-resettable-adversary extension of our lottery we will need r to be a sufficiently fresh random value. Although most of our analysis here is in the static setting, we will still have r be such a random value to ensure compatibility with dynamic reputation.↩

^a Where δ can be an arbitrary small constant.↩

The Möbby Blockchain and Digital Asset

Technical Whitepaper

Summary

1 Motivation

2 Model

3 Reputation-based Lotteries

4 The PoR-Blockchain

5 The PoR/PoS-Hybrid Blockchain

6 Establishing, Updating, and Extending the Reputation System

7 Conclusions and Open Problems

References

A Supplementary Material to Section 3

B Supplementary Material to Section 4

C Deferred Proofs

D Hoeffding's Inequality

E Reputation Systems with Limited Correlations

F Epoch-Resettable Adversaries

G Extensions and Future Research

About the Authors

Möbby Tokenomics

1 Monetizing Reputation for a Stable and Truthful Recommender / Reputation System

2 The Möbby Decentralized Ledger Technology (DLT) backbone

3 Major Möbby Deployment Milestones

4 Rewards and Transaction Fees

5 Reputation Rewards

6 Applications and Utilization

1. Binance Smart Chain: A parallel binance chain to enable smart contracts. https://github.com/binance-chain/whitepaper/blob/master/WHITEPAPER.md.94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.
2. Eurus economic blockchain network. https://www.eurus.network/technology/.
3. GoChain: Proof of reputation. https://medium.com/gochain/proof-of-reputation-e37432420712.
4. OpenEthereum Documentation: Proof-of-authority chains - wiki. https://openethereum.github.io/Proof-of-Authority-Chains.
5. PoA Private Chains. https://github.com/ethereum/guide/blob/master/poa.md.
6. The New York Times a fashion brand agrees to pay $4.2 million after f.t.c. says it suppressed negative reviews online. https://www.nytimes.com/2022/01/25/business/fashion-nova-reviews.html.
7. The Verge split screen: The crowdfunded phone of the future was a multimillion-dollar scam. https://www.theverge.com/2019/8/13/20758599/idealfuture-dragonfly-futurefon-indiegogo-crowdfunding-phone-scam-fraud-case.
8. Time how extortion scams and review bombing trolls turned goodreads into many authors’ worst nightmare. https://time.com/6078993/goodreads-review-bombing/.
9. Vechain whitepaper 2.0. https://www.vechain.org/whitepaper/.
10. Ahmed S Almasoud, Farookh Khadeer Hussain, and Omar K Hussain. Smart contracts for blockchain-based reputation systems: A systematic literature review. Journal of Network and Computer Applications, 170:102814, 2020.
11. Akram Alofi, Rami Bahsoon, and Robert Hendley. Minerrepu: A reputation model for miners in blockchain networks. In 2021 IEEE International Conference on Web Services (ICWS), pages 724–733. IEEE, 2021.
12. Oladotun Aluko and Anton Kolonin. Proof-of-reputation: An alternative consensus mechanism for blockchain systems. International Journal of Network Security & Its Applications (IJNSA) Vol, 13, 2021.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
14. Alia Asheralieva and Dusit Niyato. Reputation-based coalition formation for secure self-organized and scalable sharding in iot blockchains with mobile-edge computing. IEEE Internet of Things Journal, 7(12):11830–11850, 2020.
15. Hagit Attiya, Amir Herzberg, and Sergio Rajsbaum. Optimal clock synchronization under different delay assumptions (preliminary version). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 109–120. ACM, August 1993.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
17. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Consensus redux: Distributed ledgers in the face of adversarial supremacy. Cryptology ePrint Archive, Report 2020/1021, 2020. https://eprint.iacr.org/2020/1021.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.
19. Leila Bahri and Sarunas Girdzijauskas. Trust mends blockchains: Living up to expectations. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1358–1368. IEEE, 2019.
20. Ammar Battah, Youssef Iraqi, and Ernesto Damiani. Blockchain-based reputation systems: Implementation challenges and mitigation. Electronics, 10(3):289, 2021.
21. Mihir Bellare and Sara K. Miner. A forward-secure digital signature scheme. In Michael J. Wiener, editor, CRYPTO’99, volume 1666 of LNCS, pages 431–448. Springer, Heidelberg, August 1999.
22. Emanuele Bellini, Youssef Iraqi, and Ernesto Damiani. Blockchain-based distributed trust and reputation management systems: A survey. IEEE Access, 8:21127–21151, 2020.
23. Iddo Bentov, Pavel Hubáček, Tal Moran, and Asaf Nadler. Tortoise and hares consensus: the meshcash framework for incentive-compatible, scalable cryptocurrencies. IACR Cryptology ePrint Archive, 2017:300, 2017.
24. Alex Biryukov and Daniel Feher. Recon: Sybil-resistant consensus from reputation. Pervasive and Mobile Computing, 61:101109, 2020.
25. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Cryptology ePrint Archive, Report 2017/671, 2017. http://eprint.iacr.org/2017/671.
26. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Technical report, University of Luxembourg, 2017.
27. Jacques Bou Abdo, Rayane El Sibai, and Jacques Demerjian. Permissionless proof-of-reputation-x: A hybrid reputation-based consensus algorithm for permissionless blockchains. Transactions on Emerging Telecommunications Technologies, 32(1):e4148, 2021.
28. Jacques Bou Abdo, Rayane El Sibai, Krishna Kambhampaty, and Jacques Demerjian. Permissionless reputation-based consensus algorithm for blockchain. Internet Technology Letters, 3(3):e151, 2020.
29. Ahmet Bugday, Adnan Ozsoy, Serdar Murat Öztaner, and Hayri Sever. Creating consensus group using online learning based reputation in blockchain networks. Pervasive and Mobile Computing, 59:101056, 2019.
30. Vitalik Buterin. A next-generation smart contract and decentralized application platform, 2013. https://github.com/ethereum/wiki/wiki/White-Paper.
31. Wenjun Cai, Wei Jiang, Ke Xie, Yan Zhu, Yingli Liu, and Tao Shen. Dynamic reputation–based consensus mechanism: Real-time transactions for energy blockchain. International Journal of Distributed Sensor Networks, 16(3):1550147720907335, 2020.
32. Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143–202, January 2000.
33. Haoye Chai, Supeng Leng, Ke Zhang, and Sun Mao. Proof-of-reputation based-consortium blockchain for trust resource sharing in internet of vehicles. IEEE Access, 7:175744–175757, 2019.
34. Hongyin Chen, Zhaohua Chen, Yukun Cheng, Xiaotie Deng, Wenhan Huang, Jichen Li, Hongyi Ling, and Mengqian Zhang. A provable softmax reputation-based protocol for permissioned blockchains. IEEE Transactions on Cloud Computing, 2021.
35. Zelei Cheng, Zuotian Li, Bowen Sun, Shuhan Zhang, and Yuanrong Shao. Reputation-based q-routing for robust inter-committee routing in the sharding-based blockchain. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 230–236. IEEE, 2020.
36. Sherman S. M. Chow. Running on Karma - P2P reputation and currency systems. In Feng Bao, San Ling, Tatsuaki Okamoto, Huaxiong Wang, and Chaoping Xing, editors, CANS 07, volume 4856 of LNCS, pages 146–158. Springer, Heidelberg, December 2007.
37. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Probabilistic termination and composability of cryptographic protocols. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part III, volume 9816 of LNCS, pages 240–269. Springer, Heidelberg, August 2016.
38. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Round-preserving parallel composition of probabilistic-termination cryptographic protocols. In Ioannis Chatzigiannakis, Piotr Indyk, Fabian Kuhn, and Anca Muscholl, editors, ICALP 2017, volume 80 of LIPIcs, pages 37:1–37:15. Schloss Dagstuhl, July 2017.
39. Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 66–98. Springer, Heidelberg, April / May 2018.
40. Marcela T de Oliveira, Lúcio HA Reis, Dianne SV Medeiros, Ricardo C Carrano, Sílvia D Olabarriaga, and Diogo MF Mattos. Blockchain reputation-based consensus: A scalable and resilient mechanism for distributed mistrusting applications. Computer Networks, 179:107367, 2020.
41. Thuat Do, Thao Nguyen, and Hung Pham. Delegated proof of reputation: A novel blockchain consensus. In Proceedings of the 2019 International Electronics Communication Conference, pages 90–98, 2019.
42. Danny Dolev, Joseph Y. Halpern, and H. Raymond Strong. On the possibility and impossibility of achieving clock synchronization. In 16th ACM STOC, pages 504–511. ACM Press, 1984.
43. Danny Dolev and H. Raymond Strong. Authenticated algorithms for byzantine agreement. SIAM J. Comput., 12(4):656–666, 1983.
44. Shlomi Dolev and Jennifer L. Welch. Wait-free clock synchronization (extended abstract). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 97–108. ACM, August 1993.
45. Shlomi Dolev and Jennifer L. Welch. Self-stabilizing clock synchronization in the presence of byzantine faults (abstract). In James H. Anderson, editor, 14th ACM PODC, page 256. ACM, August 1995.
46. Fangyu Gai, Baosheng Wang, Wenping Deng, and Wei Peng. Proof of reputation: A reputation-based consensus protocol for peer-to-peer network. In DASFAA, 2018.
47. Juan A. Garay, Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. The price of low communication in secure multi-party computation. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 420–446. Springer, Heidelberg, August 2017.
48. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 281–310. Springer, Heidelberg, April 2015.
49. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. http://eprint.iacr.org/2017/454.
50. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP ’17, page 51–68, New York, NY, USA, 2017. Association for Computing Machinery.
51. Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, April 1988.
52. Joseph Y. Halpern, Barbara Simons, H. Raymond Strong, and Danny Dolev. Fault-tolerant clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 89–102. ACM, August 1984.
53. Wassily Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, March 1963.
54. Qiaohong Hu, Hongju Cheng, Xiaoqi Zhang, and Chengkuan Lin. Trusted resource allocation based on proof-of-reputation consensus mechanism for edge computing. Peer-to-Peer Networking and Applications, pages 1–17, 2021.
55. Shuang Hu, Lin Hou, Gongliang Chen, Jian Weng, and Jianhua Li. Reputation-based distributed knowledge sharing system in blockchain. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pages 476–481, 2018.
56. Zhuo Hu, Yuhao Du, Congjun Rao, and Mark Goh. Delegated proof of reputation consensus mechanism for blockchain-enabled distributed carbon emission trading system. IEEE Access, 8:214932–214944, 2020.
57. Chenyu Huang, Zeyu Wang, Huangxun Chen, Qiwei Hu, Qian Zhang, Wei Wang, and Xia Guan. Repchain: A reputation-based secure, fast, and high incentive blockchain system via sharding. IEEE Internet of Things Journal, 8(6):4291–4304, 2020.
58. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 332–354. Springer, Heidelberg, August 2001.
59. Abdellah Kaci and Abderrezak Rachedi. Toward a machine learning and software defined network approaches to manage miners’ reputation in blockchain. Journal of Network and Systems Management, 28(3):478–501, 2020.
60. Sep Kamvar, Marek Olszewski, and Rene Reinsberg. Celo: A multi-asset cryptographic protocol for decentralized social payments.(2017). 2017.
61. Sepandar D Kamvar, Mario T Schlosser, and Hector Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web, pages 640–651, 2003.
62. Jiawen Kang, Zehui Xiong, Dusit Niyato, Dongdong Ye, Dong In Kim, and Jun Zhao. Toward secure blockchain-enabled internet of vehicles: Optimizing consensus management using reputation and contract theory. IEEE Transactions on Vehicular Technology, 68(3):2906–2920, 2019.
63. Jonathan Katz and Chiu-Yuen Koo. On expected constant-round protocols for byzantine agreement. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 445–462. Springer, Heidelberg, August 2006.
64. Hakima Khelifi, Senlin Luo, Boubakr Nour, Hassine Moungla, and Syed Hassan Ahmed. Reputation-based blockchain for secure ndn caching in vehicular networks. In 2018 IEEE Conference on Standards for Communications and Networking (CSCN), pages 1–6. IEEE, 2018.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
66. Aggelos Kiayias, Hong-Sheng Zhou, and Vassilis Zikas. Fair and robust multi-party computation using a global transaction ledger. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, pages 705–734. Springer, Heidelberg, May 2016.
67. Leslie Lamport and P. M. Melliar-Smith. Byzantine clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 68–74. ACM, August 1984.
68. Kai Lei, Qichao Zhang, Limei Xu, and Zhuyun Qi. Reputation-based byzantine fault-tolerance for consortium blockchain. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 604–611. IEEE, 2018.
69. Christoph Lenzen, Thomas Locher, and Roger Wattenhofer. Clock synchronization with bounded global and local skew. In 49th FOCS, pages 509–518. IEEE Computer Society Press, October 2008.
70. Bernardo Magri, Christian Matt, Jesper Buus Nielsen, and Daniel Tschudi. Afgjort - A semi-synchronous finality layer for blockchains. IACR Cryptology ePrint Archive, 2019:504, 2019.
71. Shirshak Maskey, Shahriar Badsha, Shamik Sengupta, and Ibrahim Khalil. Reputation-based miner node selection in blockchain-based vehicular edge computing. IEEE Consumer Electronics Magazine, 2020.
72. Silvio Micali, Michael O. Rabin, and Salil P. Vadhan. Verifiable random functions. In 40th FOCS, pages 120–130. IEEE Computer Society Press, October 1999.
73. Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. The honey badger of BFT protocols. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016, pages 31–42. ACM Press, October 2016.
74. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008. http://bitcoin.org/bitcoin.pdf.
75. Mehrdad Nojoumian, Arash Golchubian, Laurent Njilla, Kevin Kwiat, and Charles Kamhoua. Incentivizing blockchain miners to avoid dishonest mining strategies by a reputation-based paradigm. In Science and Information Conference, pages 1118–1134. Springer, 2018.
76. Rafail Ostrovsky and Boaz Patt-Shamir. Optimal and efficient clock synchronization under drifting clocks. In Brian A. Coan and Jennifer L. Welch, editors, 18th ACM PODC, pages 3–12. ACM, May 1999.
77. Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks (extended abstract). In Luigi Logrippo, editor, 10th ACM PODC, pages 51–59. ACM, August 1991.
78. Rafael Pass, Lior Seeman, and abhi shelat. Analysis of the blockchain protocol in asynchronous networks. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part II, volume 10211 of LNCS, pages 643–673. Springer, Heidelberg, April / May 2017.
79. Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 3–33. Springer, Heidelberg, April / May 2018.
80. Muntadher Sallal, Gareth Owenson, Dawood Salman, and Mo Adda. Security and performance evaluation of master node protocol based reputation blockchain in the bitcoin network. Blockchain: Research and Applications, page 100048, 2021.
81. Sidharth Shyamsukha, Pronaya Bhattacharya, Farnazbanu Patel, Sudeep Tanwar, Rajesh Gupta, and Emil Pricop. Porf: Proof-of-reputation-based consensus scheme for fair transaction ordering. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE, 2021.
82. T. K. Srikanth and Sam Toueg. Optimal clock synchronization. In Michael A. Malcolm and H. Raymond Strong, editors, 4th ACM PODC, pages 71–86. ACM, August 1985.
83. You Sun, Rui Xue, Rui Zhang, Qianqian Su, and Sheng Gao. Rtchain: A reputation system with transaction and consensus incentives for e-commerce blockchain. ACM Transactions on Internet Technology (TOIT), 21(1):1–24, 2020.
84. You Sun, Rui Zhang, Rui Xue, Qianqian Su, and Pengchao Li. A reputation based hybrid consensus for e-commerce blockchain. In International Conference on Web Services, pages 1–16. Springer, 2020.
85. Changbing Tang, Luya Wu, Guanghui Wen, and Zhonglong Zheng. Incentivizing honest mining in blockchain networks: a reputation approach. IEEE Transactions on Circuits and Systems II: Express Briefs, 67(1):117–121, 2019.
86. Eric Ke Wang, Zuodong Liang, Chien-Ming Chen, Saru Kumari, and Muhammad Khurram Khan. Porx: A reputation incentive scheme for blockchain consensus of iiot. Future Generation Computer Systems, 102:140–151, 2020.
87. Gang Wang. Repshard: Reputation-based sharding scheme achieves linearly scaling efficiency and security simultaneously. In 2020 IEEE International Conference on Blockchain (Blockchain), pages 237–246. IEEE, 2020.
88. J. Yu, D. Kozhaya, J. Decouchant, and P. Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, Aug 2019.
89. Jiangshan Yu, David Kozhaya, Jeremie Decouchant, and Paulo Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, 2019.
90. Jiarui Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Mengqian Zhang. A reputation-based mechanism for transaction processing in blockchain systems. IEEE Transactions on Computers, 2021.
91. Jiarui Zhang, Yaodong Huang, Fan Ye, and Yuanyuan Yang. A novel proof-of-reputation consensus for storage allocation in edge blockchain systems. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
92. Mengqian Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Jiarui Zhang. Accelerating transactions relay in blockchain networks via reputation. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
93. Shenchen Zhu, Ziyan Zhang, Liquan Chen, Hui Chen, and Yanbo Wang. A pbft consensus scheme with reputation value voting based on dynamic clustering. In International Conference on Security and Privacy in Digital Economy, pages 336–354. Springer, 2020.
94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.