C Deferred Proofs

Technical Whitepaper

C Deferred Proofs

C.1 Proof of Theorem 1

Proof. Without loss of generality we will assume that all ℓ_i’s above are integers, to avoid unnecessary rounding-related discussions. This assumption is without loss of generality as removing it might result in the samplers adding at most a constant number of parties on the sampled sets which will not change any of our asymptotic statement about the (relative) set sizes; furthermore, even if those additional parties are all corrupted, the asymptotic fraction of corrupted over honest parties will not change, since, as we prove, the sets are all super-constant with overwhelming probability and our corruption bound ensures that the adversary is far from the majority by an at least ϵ_δ fraction of the selected parties.

We consider two cases: Case 1: L noes not reset, and Case 2: L resets. In Case 1 the output sel is selected by means of invocation of algorithm Amax. Hence, by Lemma 1, if the reputation system is ϵ_f-feasible, then a fraction 1∕2 + ϵ_f of the parties in sel will be honest except with negligible probability. Note that in this case, the number of selected parties is |sel| = log ^1+ϵn with probability 1. Note that Amax is only invoked if a reset occurs, i.e., if in some step there are no sufficiently many parties to select from; this never occurs if every set _i has at least γ⋅log ^1+ϵn and, therefore, c-fairness does not apply in this case. In Case 1, The lottery is never reset. This case is the bulk of the proof. Conditioned on the lottery never being reset to its default, we prove the following lemmas:

For each i ∈ [m] : let X_i denote the random variable corresponding to the number of parties from _i selected in the lottery and let x_i := Exp(X_i)

Lemma 3. For each i ∈ [m]:

1.: $∑m xi := Exp (Xi) = αi ⋅ ∑jℓj---- j=i q=1 αq$
2.: For any constant λ_i ∈ (0,1): $Pr[|(1- λi)xi ≤ Xi ≤ (1 + λi)xi] ≥ 1- μi(k),$

Proof. Let _i = {_i₁,…,_{i_{m_i}}}. For each _{i_ρ} ∈_i and denote by χ_{i_ρ,j} the indicator random variable which is 1 if _{i_ρ} is selected in the jth iteration of Step 4(b)i, i.e., if _{i_ρ} ∈_j, and 0 otherwise. The j-th iteration of Step 4(b)i chooses every party in ∪_q=1^j_q with probability ∑j-ℓi--
q=1αq independently of whether or not any other party in ∪_q=1^j_q is chosen. Indeed, observe that in the jth iteration of Step 4(b)i, the lottery L samples always from the set ∪_q=1^j_q with replacement and conflicts are resolved later. Because, out of the ∑ _q=1^jα_q parties in ∪_q=1^j_q, α_i parties are from from _i, Pr[χ_{i_ρ,j} = 1] = α_i ∑jℓiαq
q=1 independent of whether or not any other party is chosen in _j. Hence, each χ_{i_ρ,j} corresponds to a Bernoulli trial with the above success probability and by application of the Chernoff bound for the r.v. X_i,j := ∑ _ρ=1^m_iχ_{i_ρ,j} corresponding to the number of parties from _i that are selected in Q_j:

---ℓj--- xi,j := Exp(Xi,j) = αi ⋅∑j α q=1 q

(11)

and for any λ_i,j ∈ (0,1) and some negligible function μ_i,j:

Pr[|(1- λi,j)xi,j ≤ Xi,j ≤ (1+ λi,j)xi,j] ≥ 1- μi,j(k),

(12)

Next we observe that although some of the parties in _j ∩ ˆ
P _i selected in Step 4(b)i might have been already selected and included in sel (those are the parties in col_i,j), by selecting exactly |col_i,j| parties without replacement from _i, we ensure that the total number of parties selected in the jth iteration of Step 4(b) is exactly X_i,j.

To complete the proof we observe that X_i = ∑ _j=1^mX_i,j, hence by the linearity of expectation Equation 11 implies that

∑m ---ℓj--- xi := Exp (Xi ) = αi ⋅ ∑j αq j=i q=1

and Equation 12 implies that for any (λ_i,1,…,λ_i,m) ∈ (0,1)^m

⌊ ⌋ ∑m ∑m ∑m Pr⌈ |(1- λi,j)xi,j ≤ Xi,j ≤ (1 + λi,j)xi,j⌉ ≥ 1- μi(k), j=1 j=1 j=1

(13)

for some negligible function μ_i (recall that constant-term sums and products of constantly many negligible functions are also negligible). Hence, by setting λ_i,j = λ_i∕m (recall that m = O(1) hence λ_i∕m is a constant) we derive the second property of the lemma.

Given the above lemma, it is easy to verify that the x_i’s and the ℓ_j’s satisfy the following system of linear equations:

(x1,...,xm)T = B ⋅(ℓ1,...,ℓm)T

(14)

Where B is an m × m matrix with the (i,j) position being

{ ∑j-αi- , if i ≥ j Bi,j = q=1αq 0, otherwise

The above system of m equations has 2m unknowns. We add the following m equations:

For each i ∈ [m - 1] :

xi := ci ⋅xi+1

(15)

∑m xi = log1+ ϵk i=1

(16)

This yields 2m linear equations. By solving the above system of equations we can compute:

For each i = 1,…,m - 1:

∑i ∏m ∏m ℓ = ∑---j=∏1αj---αi+1--j=icj---αi--j=i+1cj-log1+ϵn i mj=1 jq=1 cq αi+1αi

and

∑m ℓ := -----j=1-αj---1- log1+ϵn m ∑mj=1∏jq=1cqαm

We next observe that for each j ∈ [m] : ∑ _i=1^mB_i,j = 1 which implies that

∑m m∑ ℓj = xi Eq. =16log1+ ϵk j=1 i=1

(17)

It is also easy to verify that B is invertible, hence

(ℓ ,...,ℓ )T = B-1(x ,...,x )T 1 m 1 m

(18)

We are now ready to prove properties 1 and 2 in the theorem. We start with Property 1:

Claim. With overwhelming probability (in the security parameter k) : |sel| = Θ(log ^1+ϵn)

Proof. Let L_j denote the random variable corresponding to |_j|, i.e., the total number of parties added to sel in the jth iteration of Step 4. Lemma 2 implies that that for each j ∈ [m]:

Exp (|Lj|) = ℓj

(19)

and for any constant ζ_j ∈ (0,1) and some negligible function _j:

Pr[|(1- ζj)ℓj ≤ Lj ≤ (1+ ζj)ℓj] ≥ 1 -μˆj(k),

(20)

Let Psel denote the r.v. corresponding to the selected party set. By definition of the protocol: Psel := ∑ _j=1^mL_j. Hence from the linearity of expectation and Equation 19 we have

m Exp(|P |) = ∑ ℓ Eq=.17log1+ϵk sel j=1 j

Similarly, from Equation 20 we get

⌊ ⌋ ∑m ∑m ∑m ∑m ∑m Pr ⌈|(1- ζj) ℓj ≤ Lj ≤ (1+ ζj) ℓj⌉ ≥ 1 - ˆμ(k ), j=1 j=1 j=1 j=1 j=1

(21)

for some negligible function , which, for any given ζ, by setting each j ∈ [m] : ζ_j = ζ∕m, and setting (⋅) = ∑ _j=1^m(⋅) (which is also negligible when each _j is negligible) and ∑ _j=1^mℓ_j = log ^1+ϵk derives

[ ] Pr |(1 - ζ)log1+ϵk ≤ |Psel| ≤ (1 + ζ)log1+ϵk ≥ 1- ˆμ(k),

(22)

which implies that with overwhelming probability |Psel| = Θ(log ^1+ϵk).

We next proceed to Property 2:

Lemma 4. With overwhelming probability (in the security parameter k) for some constant ϵ_δ > 0 adversary corrupts at most an 1∕2 - ϵ_δ fraction of the parties in sel.

Proof. The reputation system Rep assigns to each party _i a reputation R_i ∈ [0,1] which corresponds to the probability that _i is honest. (Recall that we for this proof we consider static reputation systems.) By the independent reputations assumption, this probability is independent of whether or not any other party in becomes corrupted. This induces a probabilistic adversary who corrupts each reputation party _i independently with probability 1 - R_i. We wish to prove that this adversary corrupts at most a 1∕2 - ϵ_δ fraction of the parties in sel. We will prove this by considering an adversary ′ which is stronger than , i.e, where Pr[′ corrupts more than 1∕2 - ϵ parties in sel] ≥ Pr[ corrupts more than 1∕2 - ϵ parties in sel], and proving that this adversary ′ corrupts more than 1∕2-ϵ parties with only negligible probability.

Here is how ′ is defined: For each _i (recall that this includes parties with reputation between ( i-m1 + δ, + δ]), ′ corrupts _i with probability 1 - ( i-m-1 + δ). Note that for each party ∈ : Pr[′ corrupts ] ≥ Pr[ corrupts ] and this probabilities are independent of whether ′ (resp. ) corrupts any other party. This ensures the above property between ′ and . Hence, it suffices to prove the lemma for ′ which is what we do in the following.

Claim. In the ith iteration of Step 4, let C_i,j denote the random variable corresponding to the number of corrupted parties in _i,j := (_i ∩ ˆ
P _j) ∪_i,j⁺, i.e., the number of parties from ˆ
P _j that are newly added to sel and are corrupted by ′. Then for some negligible function μ for any constant 0 ≤ δ′ < m--i
m :

m - i ′ Pr[Ci,j < (-m--- δ )|Qi,j|] > 1- μ(k).

Proof. We consider three cases: Case 1: col_i,j = o(|_i,j|); Case 2: col_i,j = ω(|_i,j|); and Case 3: col_i,j = Θ(|_i,j|). For Case 1: Since col_i,j = o(|_i,j|), this implies that |(_i∩_j)\_j| = O(|_i|). Hence Equation 20 implies that with overwhelming probability |(_i∩_j)\_j| = O(log ^1+ϵk). However, since each party in _i is chosen independently and the reputation is static, i.e., corruptions are defined before selecting the parties to join _i, every party in (_i ∩_j) \_j is corrupted by ′ with probability 1 - ( im- + δ). But then an invocation of the Chernoff bound yields that with overwhelming probability, for any δ′′ > 0 the fraction of corrupted parties in (_i ∩_j) \_j will be at most m-i-
m - δ + δ′′. Additionally since col_i,j = o(|_i,j|), this implies that for any constant δ′′′∈ (0,1) and for sufficiently large k |col_i,j| < δ′′′|_i,j|. Hence, even if we allow the adversary ′ to corrupt all parties in col_i,j, for δ + δ′′′-δ′′ < ϵ_δ we will have that with overwhelming probability the fraction of corrupted parties in _i,j will be at most m- i
-m-- - ϵ_δ. For Case 2: Since col_i,j = ω(|_i,j|), this implies that |_i,j⁺| = O(|Q_i|). Hence Equation 20 implies that with overwhelming probability |_i,j⁺| = O(log ^1+ϵk). However, unlike the case above each party in _i,j⁺ is not chosen independently, but rather a set of parties is chosen randomly. This corresponds to sampling with replacement and we can no longe use the Chernoff bound. But since the reputation is static, i.e., corruptions are defined before selecting the above set, we can make direct use of Hoeffding's inequality [53] (see Appendix D), to prove that with overwhelming probability, the fraction of corrupted parties in _i,j⁺ will be at most mm-i - δ + δ′′. Additionally since col_i,j = ω(|_i,j|), this implies that for any constant δ′′′∈ (0,1) and for sufficiently large k |(_i ∩_j) \_j| < δ′′′|_i,j|. Hence, even if we allow the adversary ′ to corrupt all parties in (_i ∩_j) \_j, for δ + δ′′′- δ′′ < ϵ_δ we again will have that with overwhelming probability the fraction of corrupted parties in _i,j will be at most m-m-i - ϵ_δ. Finally in Case 3, col_i,j = Θ(|_i,j|) impies that |(_i ∩_j) \_j| = O(log ^1+ϵk) and |_i,j⁺| = O(log ^1+ϵk). Hence by using both arguments from the above two cases we can prove that (1) with overwhelming probability the fraction of corrupted parties in (_i ∩_j) \_j will be at most ( m-m-i -ϵ_δ∕2)|(_i ∩_j) \_j| and (2) with overwhelming probability the fraction of corrupted parties in _i,j⁺ will be at most ( m-mi- - ϵ_δ∕2) of the size of Q_j⁺. Therefore by a union bound, the fraction of corrupted parties in Q_i,j will be at most m-mi- - ϵ_δ.

Next, we observe by inspection of the protocol that |_i,j| = X_i,j. Since from for any constant λ_i,j > 0, Equation 12 implies that

Pr[Xi,j ≤ (1 +λi,j)xi,j] ≥ 1- μˆi,j(k),

for some negligible function

_i,j, and i,m, and λ_i,j are all constants, this implies that for any sufficiently small positive constant δ′, and for some negligible function μ_i,j′:

Pr[C < (m---i- δ′)x ] ≥ 1 - μ ′(k). i,j m i,j i,j

(23)

But then from a union bound we can deduce that there exists a negligible function _i such that:

Pr[∀j : C < (m--- i - δ′)x ] ≥ 1- ˜μ (k). i,j m i,j i

(24)

which implies that

m m ∑ ∑ m---i ′ ′′ Pr[ Ci,j < ( m - δ )xi,j] ≥ 1 - μi(k), j=1 j=1

(25)

for some negligible μ_i′′. Denote by C_i the total number of corrupted parties from ˆ
P _i chosen in the lottery. By inspection of the protocol:

m∑ Ci = Ci,j j=1

Hence Equation 25 can be rewritten as follows

Pr[C < (m--- i - δ′)x ] ≥ 1- μ′′(k) i m i i

(26)

Wlog assume that m is even (the case when m is odd is analogous):

For each i ∈{2,…,m∕2 - 1} the above implies that the majority of the parties in C_i is honest with overwhelming probability. Hence, but a union bound, the majority of the parties in ∪_i=2^m∕2-1Q_i is honest with overwhelming probability. To complete the proof it suffices to prove that a (1∕2 -ϵ_δ′)-fraction of the parties in Q₁ ∪ (∪_j=m∕2^mQ_j) is honest with overwhelming probability. To this direction we observe that from Equation 26, with overwhelming probability, Pr[C₁ < ( 1m- - δ′)x₁]. By an easy calculation, it follows that for any δ′ and any c such that∑ _i=m∕2^m c1i-1 ≤ m-2m-2 - δ′ (which can be equivalently written as cm1-1 ≤ m2-m2- - δ′) the total number of parties in ∪_i=m∕2^mQ_j is less than ( m-2m-2 - δ′)x₁. But if this is the case then then even if we allow the adversary to corrupt all parties in every Q_j (note that this is an even stronger adversary than ′), still with overwhelming probability the total number corr₁ of corrupted parties in Q₁ ∪ (∪_i=m∕2^mQ_j) will be:

m---2 corr1 = C1 + 2m x1 -1 m---2 ′ < (m + 2m - δ )x1 = (1∕2- δ′)x1

(27)

Hence with overwhelming probability, the fraction R of corrupted parties in Q₁ ∪ (∪_i=m∕2^mQ_j) will be

(1∕2- δ′)x1 R < x--+-∑m-----x-< 1∕2- δ′ 1 i=m ∕2 i

(28)

We next argue the following which will ensure that under Condition 2 of the protocol, i.e., that every set _i has at least γ log ^1+ϵn parties, with overwhelming probability the lottery never resets and hence all the claims in this second case hold. This follows directly from the fact that the total number of parties selected in the lottery will be less than γ log ^1+ϵn with overwhelming probability; hence, none of the invocation of Step 4 exceeds the size of the corresponding sets and therefore the lottery never resets.

To complete the proof we show the c-fairness property of L in this case. The c-Representation Fairness follows directly from Lemma 3 and Equation 15. The non-discrimination property follows from the fact that our lottery picks each party in every _i with exactly the same probability as any other party. The c-Selection Fairness is proved as follows: Since by the non-discrimination property every party has the same probability of being picked, each party in each sel ∩_i is chosen with probability p_i = ˆ
|Pse|Pl∩ˆP|i|
i . However from Lemma 3 we know that with overwhelming probability, for any constant λ_i ∈ (0,1):

(1 - λi)xi ≤ |Psel ∩Pˆi| ≤ (1 +λi)xi

This means that with overwhelming probability, for all i = 1,…,m - 1:

-pi- ≥ --(1--λi)xi---⋅ αi+1 pi+1 (1+ λi+1)xi+1 αi -(1--λi)- -xi- αi+1 = (1+ λi+1) ⋅xi+1 ⋅ αi (1- λ ) α = ------i--⋅ci ⋅-i+1 (1+ λi+1) αi ≥ -(1--λi)-c (1+ λi+1)

(29)

Where the last inequality follows by the definition of c_i. For any constant c′ < c, by choosing λ_i and λ_i+1 such that (1-λi)--
(1+λi+1) ≥ c′∕c we can ensure that -pi-
pi+1 ≥ c′. In Case 2 the lottery is reset and the output sel is selected by means of invocation of algorithm Amax. This is the simpler case since Lemma 1 ensures that if the reputation system is ϵ_f-feasible, then a fraction 1∕2 + ϵ_f of the parties in sel will be honest except with negligible probability. Note that Amax is only invoked if a reset occurs, i.e., if in some step there are no sufficiently many parties to select from; this occurs only if any every set _i does not have sufficiently many parties to choose from. But the above analysis, for δ < γ - 1, the sampling algorithms choose at most (1 + δ)log ^1+ϵn with overwhelming probability. Hence when each _i has size at least γ ⋅ log ^1+ϵn, with overwhelming probability no reset occurs. In this case, by inspection of the protocol one can verify that the number of selected parties is |sel| = log ^1+ϵn.

C.2 Proof of Theorem 2

Proof (sketch). Assume that every party has received the same genesis block. This block includes the identifiers (public keys) of all parties currently in and their reputations (recall that for this proof, we assume static reputations) along with the randomness that seeds the lottery. Note that in the static adversary considered here, this randomness is independent from the randomness that samples the corrupted set. Since BA is selected by means of L, and the lottery is ϵ-feasible, Theorem 1 ensures that the majority of the parties in BA is honest. This means that we can use a Byzantine broadcast protocol to have any party _i ∈BA consistently broadcast any messages to all the parties in BA, i.e., in such a way that the following properties hold:

(consistency) All partiers in BA output the same message (string) Y as their output of the protocol with sender _i.
(validity) If _i is honest, then Y is the string that _i intended to broadcast (i.e., his input).

Thus validity implies that for every honest ˆ
P _i ∈BC, if T_i is the set of valid transactions that ˆ
P _i has seen at round ρ, then every (honest) party in BA will output T_i along with a uniformly random string r_i. Furthermore, by consistency, we know that for every (honest or corrupted) _j the broadcast output with sender _j is the same for all parties in BA. Hence the union T of all transactions broadcasted by parties in BC will be the same for all BA members, and the same holds for the concatenation of all random nonces r broadcasted in the current round. Additionally, because the history of the blockchain is the same for every party (in the first round this is the genesis block and in every subsequent round it is the sequence of the blocks until round ρ - 1), T_H is the same for every party in BA; hence every _i ∈BA will compute the same Y = in Step 4 of the protocol. Consequently, in Step 5, all honest parties in BA will sign the same (Y,h,ρ) and send it to the parties in BC. Since the majority of the parties in BA is honest, this implies that in Step 6, every party in BC will receive (Y,h,ρ) signed by at least the |BA|∕2 honest parties. Hence, if there is any honest party in BC the transaction pool T of that party broadcasted and included in and will be certifies by by at least ⌈|BA|∕2⌉ signatures from parties in BA; this T will be adopted by all parties as the next block, since, as we show below, the adversary is unable to make any party accept any other block. Indeed, with overwhelming probability (i.e., unless the adversary forges an honest party’s signature) for any (Y ′,h′,ρ′)≠(Y,h,ρ) the adversary will be able to produce at most ⌈|BA|∕2⌉- 1 signatures on (Y ′,h′,ρ′) from parties in BA. Hence the no value other than (Y,h,ρ) might be accepted by any party.

The Möbby Blockchain and Digital Asset

Technical Whitepaper

Summary

1 Motivation

2 Model

3 Reputation-based Lotteries

4 The PoR-Blockchain

5 The PoR/PoS-Hybrid Blockchain

6 Establishing, Updating, and Extending the Reputation System

7 Conclusions and Open Problems

References

A Supplementary Material to Section 3

B Supplementary Material to Section 4

C Deferred Proofs

D Hoeffding's Inequality

E Reputation Systems with Limited Correlations

F Epoch-Resettable Adversaries

G Extensions and Future Research

About the Authors

Möbby Tokenomics

1 Monetizing Reputation for a Stable and Truthful Recommender / Reputation System

2 The Möbby Decentralized Ledger Technology (DLT) backbone

3 Major Möbby Deployment Milestones

4 Rewards and Transaction Fees

5 Reputation Rewards

6 Applications and Utilization

1. Binance Smart Chain: A parallel binance chain to enable smart contracts. https://github.com/binance-chain/whitepaper/blob/master/WHITEPAPER.md.94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.
2. Eurus economic blockchain network. https://www.eurus.network/technology/.
3. GoChain: Proof of reputation. https://medium.com/gochain/proof-of-reputation-e37432420712.
4. OpenEthereum Documentation: Proof-of-authority chains - wiki. https://openethereum.github.io/Proof-of-Authority-Chains.
5. PoA Private Chains. https://github.com/ethereum/guide/blob/master/poa.md.
6. The New York Times a fashion brand agrees to pay $4.2 million after f.t.c. says it suppressed negative reviews online. https://www.nytimes.com/2022/01/25/business/fashion-nova-reviews.html.
7. The Verge split screen: The crowdfunded phone of the future was a multimillion-dollar scam. https://www.theverge.com/2019/8/13/20758599/idealfuture-dragonfly-futurefon-indiegogo-crowdfunding-phone-scam-fraud-case.
8. Time how extortion scams and review bombing trolls turned goodreads into many authors’ worst nightmare. https://time.com/6078993/goodreads-review-bombing/.
9. Vechain whitepaper 2.0. https://www.vechain.org/whitepaper/.
10. Ahmed S Almasoud, Farookh Khadeer Hussain, and Omar K Hussain. Smart contracts for blockchain-based reputation systems: A systematic literature review. Journal of Network and Computer Applications, 170:102814, 2020.
11. Akram Alofi, Rami Bahsoon, and Robert Hendley. Minerrepu: A reputation model for miners in blockchain networks. In 2021 IEEE International Conference on Web Services (ICWS), pages 724–733. IEEE, 2021.
12. Oladotun Aluko and Anton Kolonin. Proof-of-reputation: An alternative consensus mechanism for blockchain systems. International Journal of Network Security & Its Applications (IJNSA) Vol, 13, 2021.
13. Gilad Asharov, Yehuda Lindell, and Hila Zarosim. Fair and efficient secure multiparty computation with reputation systems. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 201–220. Springer, Heidelberg, December 2013.
14. Alia Asheralieva and Dusit Niyato. Reputation-based coalition formation for secure self-organized and scalable sharding in iot blockchains with mobile-edge computing. IEEE Internet of Things Journal, 7(12):11830–11850, 2020.
15. Hagit Attiya, Amir Herzberg, and Sergio Rajsbaum. Optimal clock synchronization under different delay assumptions (preliminary version). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 109–120. ACM, August 1993.
16. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 913–930. ACM Press, October 2018.
17. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Consensus redux: Distributed ledgers in the face of adversarial supremacy. Cryptology ePrint Archive, Report 2020/1021, 2020. https://eprint.iacr.org/2020/1021.
18. Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas. Bitcoin as a transaction ledger: A composable treatment. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 324–356. Springer, Heidelberg, August 2017.
19. Leila Bahri and Sarunas Girdzijauskas. Trust mends blockchains: Living up to expectations. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1358–1368. IEEE, 2019.
20. Ammar Battah, Youssef Iraqi, and Ernesto Damiani. Blockchain-based reputation systems: Implementation challenges and mitigation. Electronics, 10(3):289, 2021.
21. Mihir Bellare and Sara K. Miner. A forward-secure digital signature scheme. In Michael J. Wiener, editor, CRYPTO’99, volume 1666 of LNCS, pages 431–448. Springer, Heidelberg, August 1999.
22. Emanuele Bellini, Youssef Iraqi, and Ernesto Damiani. Blockchain-based distributed trust and reputation management systems: A survey. IEEE Access, 8:21127–21151, 2020.
23. Iddo Bentov, Pavel Hubáček, Tal Moran, and Asaf Nadler. Tortoise and hares consensus: the meshcash framework for incentive-compatible, scalable cryptocurrencies. IACR Cryptology ePrint Archive, 2017:300, 2017.
24. Alex Biryukov and Daniel Feher. Recon: Sybil-resistant consensus from reputation. Pervasive and Mobile Computing, 61:101109, 2020.
25. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Cryptology ePrint Archive, Report 2017/671, 2017. http://eprint.iacr.org/2017/671.
26. Alex Biryukov, Daniel Feher, and Dmitry Khovratovich. Guru: Universal reputation module for distributed consensus protocols. Technical report, University of Luxembourg, 2017.
27. Jacques Bou Abdo, Rayane El Sibai, and Jacques Demerjian. Permissionless proof-of-reputation-x: A hybrid reputation-based consensus algorithm for permissionless blockchains. Transactions on Emerging Telecommunications Technologies, 32(1):e4148, 2021.
28. Jacques Bou Abdo, Rayane El Sibai, Krishna Kambhampaty, and Jacques Demerjian. Permissionless reputation-based consensus algorithm for blockchain. Internet Technology Letters, 3(3):e151, 2020.
29. Ahmet Bugday, Adnan Ozsoy, Serdar Murat Öztaner, and Hayri Sever. Creating consensus group using online learning based reputation in blockchain networks. Pervasive and Mobile Computing, 59:101056, 2019.
30. Vitalik Buterin. A next-generation smart contract and decentralized application platform, 2013. https://github.com/ethereum/wiki/wiki/White-Paper.
31. Wenjun Cai, Wei Jiang, Ke Xie, Yan Zhu, Yingli Liu, and Tao Shen. Dynamic reputation–based consensus mechanism: Real-time transactions for energy blockchain. International Journal of Distributed Sensor Networks, 16(3):1550147720907335, 2020.
32. Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143–202, January 2000.
33. Haoye Chai, Supeng Leng, Ke Zhang, and Sun Mao. Proof-of-reputation based-consortium blockchain for trust resource sharing in internet of vehicles. IEEE Access, 7:175744–175757, 2019.
34. Hongyin Chen, Zhaohua Chen, Yukun Cheng, Xiaotie Deng, Wenhan Huang, Jichen Li, Hongyi Ling, and Mengqian Zhang. A provable softmax reputation-based protocol for permissioned blockchains. IEEE Transactions on Cloud Computing, 2021.
35. Zelei Cheng, Zuotian Li, Bowen Sun, Shuhan Zhang, and Yuanrong Shao. Reputation-based q-routing for robust inter-committee routing in the sharding-based blockchain. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 230–236. IEEE, 2020.
36. Sherman S. M. Chow. Running on Karma - P2P reputation and currency systems. In Feng Bao, San Ling, Tatsuaki Okamoto, Huaxiong Wang, and Chaoping Xing, editors, CANS 07, volume 4856 of LNCS, pages 146–158. Springer, Heidelberg, December 2007.
37. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Probabilistic termination and composability of cryptographic protocols. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part III, volume 9816 of LNCS, pages 240–269. Springer, Heidelberg, August 2016.
38. Ran Cohen, Sandro Coretti, Juan A. Garay, and Vassilis Zikas. Round-preserving parallel composition of probabilistic-termination cryptographic protocols. In Ioannis Chatzigiannakis, Piotr Indyk, Fabian Kuhn, and Anca Muscholl, editors, ICALP 2017, volume 80 of LIPIcs, pages 37:1–37:15. Schloss Dagstuhl, July 2017.
39. Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 66–98. Springer, Heidelberg, April / May 2018.
40. Marcela T de Oliveira, Lúcio HA Reis, Dianne SV Medeiros, Ricardo C Carrano, Sílvia D Olabarriaga, and Diogo MF Mattos. Blockchain reputation-based consensus: A scalable and resilient mechanism for distributed mistrusting applications. Computer Networks, 179:107367, 2020.
41. Thuat Do, Thao Nguyen, and Hung Pham. Delegated proof of reputation: A novel blockchain consensus. In Proceedings of the 2019 International Electronics Communication Conference, pages 90–98, 2019.
42. Danny Dolev, Joseph Y. Halpern, and H. Raymond Strong. On the possibility and impossibility of achieving clock synchronization. In 16th ACM STOC, pages 504–511. ACM Press, 1984.
43. Danny Dolev and H. Raymond Strong. Authenticated algorithms for byzantine agreement. SIAM J. Comput., 12(4):656–666, 1983.
44. Shlomi Dolev and Jennifer L. Welch. Wait-free clock synchronization (extended abstract). In Jim Anderson and Sam Toueg, editors, 12th ACM PODC, pages 97–108. ACM, August 1993.
45. Shlomi Dolev and Jennifer L. Welch. Self-stabilizing clock synchronization in the presence of byzantine faults (abstract). In James H. Anderson, editor, 14th ACM PODC, page 256. ACM, August 1995.
46. Fangyu Gai, Baosheng Wang, Wenping Deng, and Wei Peng. Proof of reputation: A reputation-based consensus protocol for peer-to-peer network. In DASFAA, 2018.
47. Juan A. Garay, Yuval Ishai, Rafail Ostrovsky, and Vassilis Zikas. The price of low communication in secure multi-party computation. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 420–446. Springer, Heidelberg, August 2017.
48. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Elisabeth Oswald and Marc Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 281–310. Springer, Heidelberg, April 2015.
49. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. http://eprint.iacr.org/2017/454.
50. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP ’17, page 51–68, New York, NY, USA, 2017. Association for Computing Machinery.
51. Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, April 1988.
52. Joseph Y. Halpern, Barbara Simons, H. Raymond Strong, and Danny Dolev. Fault-tolerant clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 89–102. ACM, August 1984.
53. Wassily Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, March 1963.
54. Qiaohong Hu, Hongju Cheng, Xiaoqi Zhang, and Chengkuan Lin. Trusted resource allocation based on proof-of-reputation consensus mechanism for edge computing. Peer-to-Peer Networking and Applications, pages 1–17, 2021.
55. Shuang Hu, Lin Hou, Gongliang Chen, Jian Weng, and Jianhua Li. Reputation-based distributed knowledge sharing system in blockchain. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pages 476–481, 2018.
56. Zhuo Hu, Yuhao Du, Congjun Rao, and Mark Goh. Delegated proof of reputation consensus mechanism for blockchain-enabled distributed carbon emission trading system. IEEE Access, 8:214932–214944, 2020.
57. Chenyu Huang, Zeyu Wang, Huangxun Chen, Qiwei Hu, Qian Zhang, Wei Wang, and Xia Guan. Repchain: A reputation-based secure, fast, and high incentive blockchain system via sharding. IEEE Internet of Things Journal, 8(6):4291–4304, 2020.
58. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 332–354. Springer, Heidelberg, August 2001.
59. Abdellah Kaci and Abderrezak Rachedi. Toward a machine learning and software defined network approaches to manage miners’ reputation in blockchain. Journal of Network and Systems Management, 28(3):478–501, 2020.
60. Sep Kamvar, Marek Olszewski, and Rene Reinsberg. Celo: A multi-asset cryptographic protocol for decentralized social payments.(2017). 2017.
61. Sepandar D Kamvar, Mario T Schlosser, and Hector Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web, pages 640–651, 2003.
62. Jiawen Kang, Zehui Xiong, Dusit Niyato, Dongdong Ye, Dong In Kim, and Jun Zhao. Toward secure blockchain-enabled internet of vehicles: Optimizing consensus management using reputation and contract theory. IEEE Transactions on Vehicular Technology, 68(3):2906–2920, 2019.
63. Jonathan Katz and Chiu-Yuen Koo. On expected constant-round protocols for byzantine agreement. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 445–462. Springer, Heidelberg, August 2006.
64. Hakima Khelifi, Senlin Luo, Boubakr Nour, Hassine Moungla, and Syed Hassan Ahmed. Reputation-based blockchain for secure ndn caching in vehicular networks. In 2018 IEEE Conference on Standards for Communications and Networking (CSCN), pages 1–6. IEEE, 2018.
65. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part I, volume 10401 of LNCS, pages 357–388. Springer, Heidelberg, August 2017.
66. Aggelos Kiayias, Hong-Sheng Zhou, and Vassilis Zikas. Fair and robust multi-party computation using a global transaction ledger. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part II, volume 9666 of LNCS, pages 705–734. Springer, Heidelberg, May 2016.
67. Leslie Lamport and P. M. Melliar-Smith. Byzantine clock synchronization. In Robert L. Probert, Nancy A. Lynch, and Nicola Santoro, editors, 3rd ACM PODC, pages 68–74. ACM, August 1984.
68. Kai Lei, Qichao Zhang, Limei Xu, and Zhuyun Qi. Reputation-based byzantine fault-tolerance for consortium blockchain. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 604–611. IEEE, 2018.
69. Christoph Lenzen, Thomas Locher, and Roger Wattenhofer. Clock synchronization with bounded global and local skew. In 49th FOCS, pages 509–518. IEEE Computer Society Press, October 2008.
70. Bernardo Magri, Christian Matt, Jesper Buus Nielsen, and Daniel Tschudi. Afgjort - A semi-synchronous finality layer for blockchains. IACR Cryptology ePrint Archive, 2019:504, 2019.
71. Shirshak Maskey, Shahriar Badsha, Shamik Sengupta, and Ibrahim Khalil. Reputation-based miner node selection in blockchain-based vehicular edge computing. IEEE Consumer Electronics Magazine, 2020.
72. Silvio Micali, Michael O. Rabin, and Salil P. Vadhan. Verifiable random functions. In 40th FOCS, pages 120–130. IEEE Computer Society Press, October 1999.
73. Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. The honey badger of BFT protocols. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016, pages 31–42. ACM Press, October 2016.
74. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008. http://bitcoin.org/bitcoin.pdf.
75. Mehrdad Nojoumian, Arash Golchubian, Laurent Njilla, Kevin Kwiat, and Charles Kamhoua. Incentivizing blockchain miners to avoid dishonest mining strategies by a reputation-based paradigm. In Science and Information Conference, pages 1118–1134. Springer, 2018.
76. Rafail Ostrovsky and Boaz Patt-Shamir. Optimal and efficient clock synchronization under drifting clocks. In Brian A. Coan and Jennifer L. Welch, editors, 18th ACM PODC, pages 3–12. ACM, May 1999.
77. Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks (extended abstract). In Luigi Logrippo, editor, 10th ACM PODC, pages 51–59. ACM, August 1991.
78. Rafael Pass, Lior Seeman, and abhi shelat. Analysis of the blockchain protocol in asynchronous networks. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part II, volume 10211 of LNCS, pages 643–673. Springer, Heidelberg, April / May 2017.
79. Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part II, volume 10821 of LNCS, pages 3–33. Springer, Heidelberg, April / May 2018.
80. Muntadher Sallal, Gareth Owenson, Dawood Salman, and Mo Adda. Security and performance evaluation of master node protocol based reputation blockchain in the bitcoin network. Blockchain: Research and Applications, page 100048, 2021.
81. Sidharth Shyamsukha, Pronaya Bhattacharya, Farnazbanu Patel, Sudeep Tanwar, Rajesh Gupta, and Emil Pricop. Porf: Proof-of-reputation-based consensus scheme for fair transaction ordering. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE, 2021.
82. T. K. Srikanth and Sam Toueg. Optimal clock synchronization. In Michael A. Malcolm and H. Raymond Strong, editors, 4th ACM PODC, pages 71–86. ACM, August 1985.
83. You Sun, Rui Xue, Rui Zhang, Qianqian Su, and Sheng Gao. Rtchain: A reputation system with transaction and consensus incentives for e-commerce blockchain. ACM Transactions on Internet Technology (TOIT), 21(1):1–24, 2020.
84. You Sun, Rui Zhang, Rui Xue, Qianqian Su, and Pengchao Li. A reputation based hybrid consensus for e-commerce blockchain. In International Conference on Web Services, pages 1–16. Springer, 2020.
85. Changbing Tang, Luya Wu, Guanghui Wen, and Zhonglong Zheng. Incentivizing honest mining in blockchain networks: a reputation approach. IEEE Transactions on Circuits and Systems II: Express Briefs, 67(1):117–121, 2019.
86. Eric Ke Wang, Zuodong Liang, Chien-Ming Chen, Saru Kumari, and Muhammad Khurram Khan. Porx: A reputation incentive scheme for blockchain consensus of iiot. Future Generation Computer Systems, 102:140–151, 2020.
87. Gang Wang. Repshard: Reputation-based sharding scheme achieves linearly scaling efficiency and security simultaneously. In 2020 IEEE International Conference on Blockchain (Blockchain), pages 237–246. IEEE, 2020.
88. J. Yu, D. Kozhaya, J. Decouchant, and P. Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, Aug 2019.
89. Jiangshan Yu, David Kozhaya, Jeremie Decouchant, and Paulo Esteves-Verissimo. Repucoin: Your reputation is your power. IEEE Transactions on Computers, 68(8):1225–1237, 2019.
90. Jiarui Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Mengqian Zhang. A reputation-based mechanism for transaction processing in blockchain systems. IEEE Transactions on Computers, 2021.
91. Jiarui Zhang, Yaodong Huang, Fan Ye, and Yuanyuan Yang. A novel proof-of-reputation consensus for storage allocation in edge blockchain systems. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
92. Mengqian Zhang, Yukun Cheng, Xiaotie Deng, Bo Wang, Jan Xie, Yuanyuan Yang, and Jiarui Zhang. Accelerating transactions relay in blockchain networks via reputation. In 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS), pages 1–10. IEEE, 2021.
93. Shenchen Zhu, Ziyan Zhang, Liquan Chen, Hui Chen, and Yanbo Wang. A pbft consensus scheme with reputation value voting based on dynamic clustering. In International Conference on Security and Privacy in Digital Economy, pages 336–354. Springer, 2020.
94. Qianwei Zhuang, Yuan Liu, Lisi Chen, and Zhengpeng Ai. Proof of reputation: A reputation-based consensus protocol for blockchain based systems. In Proceedings of the 2019 International Electronics CommunicationConference, pages 131–138, 2019.