Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology in India

INDOCRYPT 2020: Progress in Cryptology – INDOCRYPT 2020 pp 16–38Cite as

Proof-of-Reputation Blockchain with Nakamoto Fallback

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12578))

Abstract

Reputation is a major component of trustworthy systems. However, the subjective nature of reputation, makes it tricky to base a system’s security on it. In this work, we describe how to leverage reputation to establish a highly scalable and efficient blockchain. Our treatment puts emphasis on reputation fairness as a key feature of reputation-based protocols. We devise a definition of reputation fairness that ensures fair participation while giving chances to newly joining parties to participate and potentially build reputation. We also describe a concrete lottery in the random oracle model which achieves this definition of fairness. Our treatment of reputation-fairness can be of independent interest.

To avoid potential safety and/or liveness concerns stemming from the subjective and volatile nature of reputation, we propose a hybrid design that uses a Nakamoto-style ledger as a fallback. To our knowledge, our proposal is the first cryptographically secure design of a proof-of-reputation-based (in short PoR-based) blockchain that fortifies its PoR-based security by optimized Nakamoto-style consensus. This results in a ledger protocol which is provably secure if the reputation system is accurate, and preserves its basic safety properties even if it is not, as long as the fallback blockchain does not fail.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    We do not specify here how this data is efficiently encoded into a block, e.g., so that they can be updated and addressed in an efficient manner; however, one can use the standard Merkle-tree approach used in many common blockchains, e.g., Bitcoin, Ethereum, Ouroboros, Algorand, etc.

  2. 2.

    For instance, one can consider a mechanism which rewards honest behavior by increasing the parties’ reputation.

  3. 3.

    As discussed above, here we focus on a proof-of-stake Nakamoto-style blockchain, e.g., [20], but our fallback uses the Nakamoto blockchain in a blackbox manner and can therefore be instantiated using any blockchain that realizes a Bitcoin-style transaction ledger [4].

  4. 4.

    As a side note, our blockchain does address concerns about adaptivity in corruptions through its fallback mechanism, which can be adaptively secure.

  5. 5.

    Observe that the adversary might send a message to a subset of parties, but if any honest party is instructed by the protocol to forward it, then the message will be delivered (to all other honest parties) in the round when this forwarding occurs.

  6. 6.

    For notational simplicity, we often refer to \(\mathtt {Rep} \) as a probability distribution rather than an ensemble, i.e., we omit the explicit reference to the parameter m.

  7. 7.

    Adaptive correlation-free reputation systems are described, analogously, as an ensemble of static reputation systems.

  8. 8.

    All our security statements here involve a negligible probability of error. For brevity we at times omit this from the statement.

  9. 9.

    The probability is taken over the coins associated with the distribution of the reputation system, and the coins of \(\mathcal {A}\) and \(\mathtt {A}\).

  10. 10.

    This is analogous to the rankings of common reputation/recommendation systems, e.g., in Yelp, a party might have reputation represented by a number of stars from 0 to 5, along with their midpoints, i.e., 0.5, 1.5, 2.5, etc.

  11. 11.

    This also gives us a way to effectively remove a reputation party—e.g., in case it is publicly caught cheating.

  12. 12.

    In our blockchain construction, \(\textit{pid}\) will the P’s public key.

  13. 13.

    In the random oracle model, r can be any unique nonce; however, for the epoch-resettable-adversary extension of our lottery we will need r to be a sufficiently fresh random value. Although most of our analysis here is in the static setting, we will still have r be such a random value to ensure compatibility with dynamic reputation.

  14. 14.

    For clarity in our description we will use a deterministic broadcast protocol for \(\mathsf{Broadcast}\), e.g., the Dolev-Strong broadcast protocol [13] for which we know the exact number of rounds. However, since our lottery will ensure honest majority in \(\mathcal {C}_{\text {BA}}\), using the techniques by Cohen et al. [10, 11], we can replace the round-expensive Dolev-Strong broadcast protocol by an randomized, expected-constant round broadcast protocol for honest majorities, e.g., [19].

References

  1. Asharov, G., Lindell, Y., Zarosim, H.: Fair and efficient secure multiparty computation with reputation systems. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 201–220. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_11

    Chapter  Google Scholar 

  2. Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 913–930. ACM Press (2018)

    Google Scholar 

  3. Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Consensus redux: distributed ledgers in the face of adversarial supremacy. Cryptology ePrint Archive, Report 2020/1021 (2020). https://eprint.iacr.org/2020/1021

  4. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11

    Chapter  Google Scholar 

  5. Bentov, I., Hubáček, P., Moran, T., Nadler, A.: Tortoise and hares consensus: the meshcash framework for incentive-compatible, scalable cryptocurrencies. IACR Cryptology ePrint Archive 2017/300 (2017)

    Google Scholar 

  6. Biryukov, A., Feher, D., Khovratovich, D.: Guru: universal reputation module for distributed consensus protocols. Cryptology ePrint Archive, Report 2017/671 (2017). http://eprint.iacr.org/2017/671

  7. Buterin, V.: A next-generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper

  8. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MathSciNet  Google Scholar 

  9. Chow, S.S.M.: Running on karma – P2P reputation and currency systems. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 146–158. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76969-9_10

    Chapter  Google Scholar 

  10. Cohen, R., Coretti, S., Garay, J., Zikas, V.: Probabilistic termination and composability of cryptographic protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 240–269. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_9

    Chapter  Google Scholar 

  11. Cohen, R., Coretti, S., Garay, J.A., Zikas, V.: Round-preserving parallel composition of probabilistic-termination cryptographic protocols. In: Chatzigiannakis, I., Indyk, P., Kuhn, F., Muscholl, A. (eds.) ICALP 2017, LIPIcs, vol. 80, pp. 37:1–37:15. Schloss Dagstuhl (2017)

    Google Scholar 

  12. David, B., Gaži, P., Kiayias, A., Russell, A.: Ouroboros Praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_3

    Chapter  Google Scholar 

  13. Dolev, D., Strong, H.R.: Authenticated algorithms for byzantine agreement. SIAM J. Comput. 12(4), 656–666 (1983)

    Article  MathSciNet  Google Scholar 

  14. Gai, F., Wang, B., Deng, W., Peng, W.: A reputation-based consensus protocol for peer-to-peer network. In: DASFAA, Proof of Reputation (2018)

    Google Scholar 

  15. Garay, J., Ishai, Y., Ostrovsky, R., Zikas, V.: The price of low communication in secure multi-party computation. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 420–446. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_14

    Chapter  MATH  Google Scholar 

  16. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Chapter  Google Scholar 

  17. Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454 (2017). http://eprint.iacr.org/2017/454

  18. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MathSciNet  Google Scholar 

  19. Katz, J., Koo, C.-Y.: On expected constant-round protocols for byzantine agreement. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 445–462. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_27

    Chapter  Google Scholar 

  20. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12

    Chapter  Google Scholar 

  21. Kleinrock, L., Ostrovsky, R., Zikas, V.: A por/pos-hybrid blockchain: proof of reputation with nakamoto fallback. Cryptology ePrint Archive, Report 2020/381 (2020). https://eprint.iacr.org/2020/381

  22. Magri, B., Matt, C., Nielsen, J.B., Tschudi, D.: Afgjort - a semi-synchronous finality layer for blockchains. IACR Cryptology ePrint Archive, 2019/504 (2019)

    Google Scholar 

  23. Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of BFT protocols. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 31–42. ACM Press (2016)

    Google Scholar 

  24. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf

  25. Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: Logrippo, L. (ed.) Proceedings of the 10th ACM PODC, pp. 51–59. ACM (1991)

    Google Scholar 

  26. Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22

    Chapter  MATH  Google Scholar 

  27. Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 3–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_1

    Chapter  Google Scholar 

  28. Yu, J., Kozhaya, D., Decouchant, J., Esteves-Verissimo, P.: RepuCoin: your reputation is your power. IEEE Trans. Comput. 68(8), 1225–1237 (2019)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

This research was supported by Sunday Group, Inc. A full version of this work can be found on the Cryptology ePrint Archive [21]. The authors would like to thank Yehuda Afek for useful discussions.

Author information

Authors and Affiliations

  1. Computer Science Department, UCLA, Los Angeles, USA

    Leonard Kleinrock & Rafail Ostrovsky

  2. School of Informatics, University of Edinburgh, Edinburgh, UK

    Vassilis Zikas

Authors
  1. Leonard Kleinrock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafail Ostrovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vassilis Zikas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vassilis Zikas .

Editor information

Editors and Affiliations

  1. Inria Paris, Paris, France

    Karthikeyan Bhargavan

  2. University of Klagenfurt, Klagenfurt, Austria

    Elisabeth Oswald

  3. Department of Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Manoj Prabhakaran

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kleinrock, L., Ostrovsky, R., Zikas, V. (2020). Proof-of-Reputation Blockchain with Nakamoto Fallback. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds) Progress in Cryptology – INDOCRYPT 2020. INDOCRYPT 2020. Lecture Notes in Computer Science(), vol 12578. Springer, Cham. https://doi.org/10.1007/978-3-030-65277-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65277-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65276-0

  • Online ISBN: 978-3-030-65277-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation