In online marketplaces (e-commerce, cloud marketplaces), potential buyers/consumers do not have direct access to inspect the quality of products and services offered by retailers and service providers of marketplaces. Therefore, consumers have to trust the reputation system of the marketplace for making a meaningful decision whether they should have interaction with the particular service provider or not. Consumer's feedback plays an important role while evaluating the trustworthiness of the service provider, but it brings challenges to security and the consumer's privacy. Existing centralized reputation systems collect and process consumer's feedback at the centralized trusted system but these systems could leak sensitive information of consumers (such as buying history, likes and dislikes). To ensure the privacy of consumers, in this paper, we present PrivBox, a privacy-preserving decentralized reputation system that computes reputation of retailers or service providers by leveraging feedback from users in a secure and private way. The PrivBox system uses primitives of a homomorphic cryptographic system and non interactive zero-knowledge proof to achieve objectives of privacy-preservation and well-formedness. PrixBox performs its operations in a decentralized setting, and ensures the following characteristics. (1) It guarantees privacy of consumers without relying on any trusted setup or trusted third party system, (2) it ensures that the consumer's feedback ratings remain within the prescribed range, and (3) it enables consumers and service providers to verify the computed statistics without relying on a trusted third party. To evaluate the performance, we have implemented operations of the PrivBox system. The results demonstrate that the proposed system has a small communication and computation overheads with the essential properties of privacy-preservation and decentralization. (C) 2018 Elsevier B.V. All rights reserved.
