(1) Field of Invention
The present invention relates to an anonymous reputation system and, more particularly, to a cryptographically secure and anonymous reputation system for ensuring that promises are kept between users.
(2) Description of Related Art
A reputation system computes and publishes reputation scores for a set of objects (e.g., service providers, services, goods, or parties) within a community or domain, based on a collection of opinions that other parties (i.e., users) hold about the objects. Parties in a community use reputation scores for decision making (e.g., whether or not to buy a specific service or good). An object with a high reputation score will normally attract more business than an object with a low reputation score. It is, therefore, in the interest of objects to have a high reputation score.
In “Reputation Systems for Anonymous Networks” by Androulaki et al. (hereinafter referred to as the Androulaki reference), which is hereby incorporated by reference as though fully set forth herein, the authors provide security requirements for an anonymous reputation system for peer-to-peer (P2P) networks. The authors also describe the operations required in such a system and a specific instantiation of one relying on electronic cash (e-cash), blind signatures, and anonymous credentials. Briefly, e-cash is used by users to pay each other reputation coins. The accumulation of a user's reputation coins determines his/her reputation. A blind signature is a form of digital signature in which the content of a message is disguised, or blinded, prior to being signed.
The Androulaki reference describes a central “trusted” entity, the bank, which keeps track of how many reputation coins each user in the system has accumulated. After each transaction, users can deposit the reputation coins they acquired, both positive and negative, using blind signatures to preserve anonymity. Additionally, the reputation coins can be deposited at any point as well as passed on to other users who can deposit the reputation coins. Users (peers) then use pseudonyms (and anonymous credentials) to prove that they belong to a certain group and/or reputation set (i.e., their reputation is above a certain value).
The model in the Androulaki reference assumes the following. First, the model assumes that normal users can behave according to a malicious model (i.e., try to cheat, double spend, and deposit fake reputation coins). Second, the model assumes that the bank can only behave according to a honest-but-curious model, which means that it follows the protocol specification correctly, but can try to keep track of the information it receives in order to violate privacy. There are several drawbacks to the model disclosed in the Androulaki reference. First, if the bank is fully malicious (e.g., able to deviate arbitrarily from the protocol specification), the system cannot function properly, as the bank is responsible for performing reputation updates correctly. Additionally, it is not clear how the model would work with multiple banks, as the authors only describe a scenario with one group with one bank. Further, security definitions are not formalized and detailed, rigorous proofs are not provided.
There are no known references that describe anonymous protocols for depositing negative reputation coins. Moreover, the known literature does not describe constructions, either rigorous or pseudo-rigorous (e.g., “privacy” conferences), that contain negative reputation schemes for anonymous networks. Anonymous reputation schemes, in general, have not been rigorously demonstrated. There are many settings where maintaining a reputation, while preserving privacy, would be beneficial, yet there is no current solution for such an environment. Thus, a continuing need exists for a reputation system that ensures that one party does what it has agreed to do, even if it will negatively affect that party's reputation, while still maintaining anonymity.