Detecting Misbehavior at the Application Layer (DTA2)

As described in Section 4.4, DTA1 consists of protocols that enable an honest peer to detect misbehavior of another peer in a P2P-based marketplace. It has been noted early that scalability is one of the main obstacles that must be addressed before DTA1 can be realized in practice. This section describes how TTM helps improve the scalability of DTA1. The new set of protocols for DeTecting misbehavior at the Application layer, called DTA2, reduce the cost of verifying if a publishing peer has truthfully reported the sale offers. DTA2 also allows the publishing peer to securely remove an offer from its list, but only when agreed by the seller.

Assume that peers are equipped with TTMs. In addition, at each TTM, one monotonic counter, namely cid, is used exclusively for the marketplace application. For simplicity, assume further that the initial values of cid at all peers are 0. Let 2si _{be the maximum}

number of types of items that is accepted by a publishing peer, for 0¤si ¤m. The main

idea behind DTA2 is that each peer creates 2m _{R-T tokens, from which 2}m
si

tokens are used for sale offers of each item. When a seller publishes its sale offer for an item, it takes away one token from the range of tokens reserved for the item. Once the the sale offer is accepted and the item is sold, the seller gives the token back to the publishing node.

During verification, the publishing node returns the Merkle’s root, list of missing tokens and the list of sale offers for the item.

Initialization. A peer pi initializes a set of new tokens as follows:

1. Establishes a transport session with the TTM.

2. Executes TTM IncrementCounter(cid) inside the session. 3. Executes init(n,cid,isRT,isRecreatable,h,even) where:

• isRecreatable F

• isRT T

• hm

4. Closes the session. The session’s log sliis returned, together with a TTM’s signature

σi on the log.

At the end of the initialization, 2m _{tokens whose types are ttype}

i are created. The external

Merkle tree storing the tokens have 2m _{leaves, and L}

i.offset  0, Li.size  1 for all

i P r0, 2

m

q. For item d, the sale offers stored at pd are linked with tokens in the range rdsi.2

m
si

,pdsi 1q.2

m
si

1sttype

i where dsi SHA1pdqmodulo 2

si_{. Notice that different}

peers initialize different types of tokens; but all the tokens are R-T, and non-recreatable.

publish(d). The seller p first asks the publisher pd to prove that it has tokens of the

appropriate types, then publishes its offer for d. More specifically:

1. p asks pd to execute TTM ReadCounter(cid) and TTM ReadStatepttypep

dq command

inside a transport session. The results of these commands and the proof that they are executed inside a transport session are sent back to p. pd also sends the proof

σd that shows tokens whose types are ttypepd were initialized correctly at pd, and

2. p verifies the proof, and checks that the leaf is part of the current Merkle tree. In addition, the leaf represents a token in the rangerdsi.2

m
si

,pdsi 1q.2

m
si

1sttype

pd

where dsi SHA1pdqmodulo2

si_{. If the verifications are correct, p asks p}

dto transfer

to it the token represented by the returned leaf.

3. Finally, p sends the payment f to pd and the protocol terminates successfully.

retrieve(d). To retrieve the list of offers for item d stored at pd, the buyer pr first asks

pd to prove its latest token state tks storing the tokens of type ttypepd. This is similar to

the first step in publish(d) protocol.

Next, pd returns a list of tokens missing from the range rdsi.2

m
si

,pdsi 1q.2

m
si

1sttype

pd. In particular, the list consists of details of the Merkle’s leaves representing the

tokens in the range rdsi.2

m
si

,pdsi 1q.2

m
si

1sttype

pd that have been taken away. p

verifies the list by computing the Merkle’s root using the leaves’ details and checking that the result is the same as tks.root.

Finally, pd returns a list of sale offers for item d, together with the receipts generated

when the offers were published. p can verify the completeness of such the list, because the offers are tied to the missing tokens. The list contains the same number of sale offers for d, and therefore is smaller than the what returned in DTR1, namely Wpd, which also

contains offers of other items. In other words, TTM helps reduce the cost of verification.

Post-transaction. Once the buyer accepts an offer for the item d, it pays the listed price to the seller p. But before the transaction is considered as completed, p returns the token it acquired when publishing the sale offer to pd. The publishing peer then adds the

returned token back to its state so that the token can be reused later. This mechanism increases the publishing peer’s capacity as more sale offers can be stored over time.