research-article

A verifiable, centralized, coercion-free reputation system

Author:

Florian KerschbaumAuthors Info & Claims

WPES '09: Proceedings of the 8th ACM workshop on Privacy in the electronic society

Pages 61 - 70

https://doi.org/10.1145/1655188.1655197

Published: 09 November 2009 Publication History

Abstract

Reputation systems are popular tools to evaluate the trustworthiness of an unknown party before a transaction, but the reputation score can greatly impact the rated subject, such that it might be inclined to suppress negative ratings. In order to elicit coercion-resistant, honest feedback, this paper proposes a reputation system that provides complete privacy of the ratings, i.e. neither the ratee nor the reputation system will learn the value of the rating. We take both, a cryptographic as well as a non-cryptographic approach, to the problem. Privacy of ratings may foster bad mouthing attacks where an attacker leaves intentionally bad feedback. We limit the possibility for this attack by providing a token system such that one can only leave feedback after a transaction, and provide a cryptographic proof of the privacy of our system. We consider the Virtual Organization formation problem and develop and evaluate a novel reputation aggregation algorithm for it.

References

[1]

R. Agrawal, and R. Srikant. Privacy-Preserving Data Mining. ACM SIGMOD Record 29(2), 2000.

Digital Library

[2]

E. Androulaki, S. Choi, S. Bellovin, and T. Malkin. Reputation Systems for Anonymous Networks. Proceedings of the 8th International Symposium on Privacy Enhancing Technologies, 2008.

Digital Library

[3]

A. Arenas, B. Aziz, and G. Silaghi. Reputation Management in Grid-Based Virtual Organisations. Proceedings of the International Conference on Security and Cryptography, 2008.

[4]

J. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, 1987.

Digital Library

[5]

M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proceedings of the 20th ACM symposium on theory of computing, 1988.

Digital Library

[6]

Y. Bo, Z. Min, and L. Guohuan. A Reputation System with Privacy and Incentive. Proceedings of the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007.

Digital Library

[7]

D. Boneh, and M. Franklin. Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing 32(3), 2003.

Digital Library

[8]

D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. Proceedings of Asiacrypt, 2001.

Digital Library

[9]

J. Camenisch, and E. Van Herreweghen. Design and Implementation of the Idemix Anonymous Credential System. Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002.

Digital Library

[10]

J. Camenisch, and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. Proceedings of EUROCRYPT, 2001.

Digital Library

[11]

J. Canny. Collaborative Filtering with Privacy. Proceedings of the IEEE Symposium on Security and Privacy, 2002.

Digital Library

[12]

T. Chen, W. Han, H. Wang, Y. Zhou, B. Xu, and B. Zang. Content Recommendation System Based on Private Dynamic User Profile. Proceedings of the International Conference on Machine Learning and Cybernetics, 2007.

[13]

I. Damgard, and M. Jurik. A Generalisation, a Simplification and some Applications of Pailliers Probabilistic Public-Key System. Proceedings of International Conference on Theory and Practice of Public-Key Cryptography, 2001.

Digital Library

[14]

O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. Proceedings of the 19th ACM conference on theory of computing, 1987.

Digital Library

[15]

J. Groth. A Verifiable Secret Shuffle of Homomorphic Encryptions. Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography, 2003.

Digital Library

[16]

A. Josang, R. Ismail. The Beta Reputation System. Proceedings of the 15th Bled Electronic Commerce Conference, 2002.

[17]

A. Joux, and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. IACR E-print Archive 2001/03, 2001.

[18]

F. Kerschbaum, J. Haller, Y. Karabulut, and P. Robinson. PathTrust: A Trust-Based Reputation Service for Virtual Organization Formation. Proceedings of the 4th International Conference on Trust Management, 2006.

Digital Library

[19]

M. Kinateder, and S. Pearson. A Privacy-Enhanced Peer-to-Peer Reputation System. Proceedings of the 4th International Conference on Electronic Commerce and Web Technologies, 2003.

[20]

Y. Lindell, and B. Pinkas. Privacy Preserving Data Mining. Proceedings of Crypto, 2000.

Digital Library

[21]

A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym Systems. Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, 1999.

Digital Library

[22]

T. Mahler, and T. Olsen. Reputation Systems and Data Protection Law. Proceedings of e-Challenges, 2004.

[23]

D. Naccache, and J. Stern. A New Public-Key Cryptosystem Based on Higher Residues. Proceedings of the ACM Conference on Computer and Communications Security, 1998.

Digital Library

[24]

V. Naessens, L. Demuynck, and B. De Decker. A Fair Anonymous Submission and Review System. Proceedings of the 10th IFIP International Conference on Communications and Multimedia Security, 2006.

Digital Library

[25]

A. Narayanan, and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. Proceedings of the 29th IEEE Symposium on Security and Privacy, 2008.

Digital Library

[26]

A. Narayanan, and V. Shmatikov. De-anonymizing Social Networks. Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009.

Digital Library

[27]

L. Nguyen, R. Safavi-Naini, and K. Kurosawa. Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security. International Journal of Information Security 5(4), 2006.

Digital Library

[28]

T. Norman, A. Preece, S. Chalmers, N. Jennings, M. Luck, V. Dang, T. Nguyen, V. Deora, J. Shao, A. Gray, and N. Fiddian. CONOISE: Agent-based formation of virtual organisations. Proceedings of the 23rd SGAI International Conference on Innovative Techniques and Applications of AI, 2003.

[29]

T. Okamoto, and S. Uchiyama. A new public-key cryptosystem as secure as factoring. Proceedings of EUROCRYPT, 1998.

[30]

P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Proceedings of EUROCRYPT, 1999.

Digital Library

[31]

E. Pavlov, J. Rosenschein, and Z. Topol. Supporting Privacy in Decentralized Additive Reputation Systems. Proceedings of the 2nd International Conference on Trust Management, 2004.

[32]

F. Pingel, and S. Steinbrecher. Multilateral Secure Cross-Community Reputation Systems for Internet Communities. Proceedings of the 5th International Conference on Trust, Privacy and Security in Digital Business, 2008.

Digital Library

[33]

P. Resnick, K. Kuwabara, R. Zeckhauser, and E. Friedman. Reputation Systems. Communications of the ACM 43(12), 2000.

Digital Library

[34]

P. Robinson, F. Kerschbaum, and A. Schaad. From Business Process Choreography to Authorization Policies. Proceedinfs of the 20th IFIP Conference on Data and Applications Security, 2006.

[35]

S. Steinbrecher. Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities. Proceedings of the 21st IFIP International Information Security Conference, 2006.

[36]

G. Swamynathan, B. Zhao, K. Almeroth, and R. Jammalamadaka. Towards Reliable Reputations for Dynamic Networked Systems. Proceedings of the IEEE Symposium on Reliable Distributed Systems, 2008.

Digital Library

[37]

M. Voss, A. Heinemann, M. Mühlhäuser. A Privacy Preserving Reputation System for Mobile Information Dissemination Networks. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks 2005.

Digital Library

[38]

A. Yao. Protocols for Secure Computations. Proceedings of the IEEE Symposium on foundations of computer science 23, 1982.

Digital Library

Cited By

Mahmoud HArshad JAneiba A(2024)A Systematic Review of Blockchain-Based Privacy-Preserving Reputation Systems for IoT ApplicationsDistributed Ledger Technologies: Research and Practice10.1145/36741563:4(1-40)Online publication date: 8-Dec-2024
https://dl.acm.org/doi/10.1145/3674156
Dimitriou T(2024)Visor: Privacy-Preserving Reputation for Decentralized MarketplacesData and Applications Security and Privacy XXXVIII10.1007/978-3-031-65172-4_9(131-150)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-65172-4_9
An HHe DBao ZPeng CLiu Q(2023)An identity-based dynamic group signature scheme for reputation evaluation systemsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.102875139:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.sysarc.2023.102875
Show More Cited By

Index Terms

A verifiable, centralized, coercion-free reputation system
1. Human-centered computing
  1. Collaborative and social computing
2. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

On-line Reputation Systems: The Effects of Feedback Comments and Reactions on Building and Rebuilding Trust in On-line Auctions

Previous research on reputation systems primarily focused on their trust-building function. The present research addresses their trust-rebuilding function-specifically, the role of the short text comments given in reaction to negative feedback. ...
Modeling and Evaluating a Robust Feedback-Based Reputation System for E-Commerce Platforms

Despite the steady growth of e-commerce communities in the past two decades, little has changed in the way these communities manage reputation for building trust and for protecting their member's financial interests against fraud. As these communities ...
e-Trust and reputation

Trust online can be a hazardous affair; many are trustworthy, but some people use the anonymity of the web to behave very badly indeed. So how can we improve the quality of evidence for trustworthiness provided online? I focus on one of the devices we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '09: Proceedings of the 8th ACM workshop on Privacy in the electronic society

November 2009

130 pages

ISBN:9781605587837

DOI:10.1145/1655188

General Chair:
Ehab Al-Shaer
De Paul University, USA
,
Program Chair:
Stefano Paraboschi
Università di Bergamo, Italy

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
306
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mahmoud HArshad JAneiba A(2024)A Systematic Review of Blockchain-Based Privacy-Preserving Reputation Systems for IoT ApplicationsDistributed Ledger Technologies: Research and Practice10.1145/36741563:4(1-40)Online publication date: 8-Dec-2024
https://dl.acm.org/doi/10.1145/3674156
Dimitriou T(2024)Visor: Privacy-Preserving Reputation for Decentralized MarketplacesData and Applications Security and Privacy XXXVIII10.1007/978-3-031-65172-4_9(131-150)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-65172-4_9
An HHe DBao ZPeng CLiu Q(2023)An identity-based dynamic group signature scheme for reputation evaluation systemsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.102875139:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.sysarc.2023.102875
Hasan OBrunie LBertino E(2022)Privacy-Preserving Reputation Systems Based on Blockchain and Other Cryptographic Building Blocks: A SurveyACM Computing Surveys10.1145/349023655:2(1-37)Online publication date: 18-Jan-2022
https://dl.acm.org/doi/10.1145/3490236
Fu XYue KLiu LFeng YLiu L(2021)Reputation Measurement for Online Services Based on Dominance RelationshipsIEEE Transactions on Services Computing10.1109/TSC.2018.285487314:4(1054-1067)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TSC.2018.2854873
Azad MBag SAhmad FHao F(2021)Sharing is Caring: A collaborative framework for sharing security alertsComputer Communications10.1016/j.comcom.2020.09.013165(75-84)Online publication date: Jan-2021
https://doi.org/10.1016/j.comcom.2020.09.013
Gurtler SGoldberg I(2020)SoK: Privacy-Preserving Reputation SystemsProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00072021:1(107-127)Online publication date: 9-Nov-2020
https://doi.org/10.2478/popets-2021-0007
Fu XLiu LLiu LFeng YYue K(2020)Ordinal Preferences Driven Reputation Measurement for Online Services with User Incentive2020 IEEE International Conference on Web Services (ICWS)10.1109/ICWS49710.2020.00039(248-255)Online publication date: Oct-2020
https://doi.org/10.1109/ICWS49710.2020.00039
Raeini MNojoumian M(2019)Secure Trust Evaluation Using Multipath and Referral Chain MethodsSecurity and Trust Management10.1007/978-3-030-31511-5_8(124-139)Online publication date: 20-Sep-2019
https://doi.org/10.1007/978-3-030-31511-5_8
Liu JManulis M(2019)pRate: Anonymous Star Rating with Rating SecrecyApplied Cryptography and Network Security10.1007/978-3-030-21568-2_27(550-570)Online publication date: 29-May-2019
https://doi.org/10.1007/978-3-030-21568-2_27
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten