E-commerce platforms incorporate reputation systems that allow customers to rate suppliers following financial transactions. Existing reputation systems cannot defend the centralized server against arbitrarily tampering with the supplier’s reputation. Furthermore, they do not offer reputation access across platforms. Rates are faced with privacy leakages because rating activities are correlated with privacy (e.g., identity and rating). Meanwhile, raters could be malicious and initiate multiple rating attacks and abnormal rating attacks. Determining how to address these issues have both research and practical value. In this paper, we propose a blockchain-based privacy-preserving reputation system for e-commerce platforms named RepChain; our system allows cross-platform reputation access and anonymous and private ratings. Using RepChain, all e-commerce platforms collaborate and share users’ reputations by co-constructing a consortium blockchain and modeling the rating process as a finite state machine. In particular, we facilitate one-show anonymous credentials constructed from two-move blind signatures to protect customers’ identities and resist multiple rating attacks, leverage zero-knowledge range proof to verify the correctness of ratings and defend against abnormal rating attacks, design a secure sum computation protocol among nodes to update reputations, and verify ratings via batch processing and consensus hashes. Finally, we demonstrate the security and privacy of RepChain via a formal analysis and evaluate its performance based on Ethereum test network.
|Number of pages||16|
|Journal||IEEE Transactions on Network and Service Management|
|Early online date||19 Jul 2021|
|Publication status||E-pub ahead of print - 19 Jul 2021|