pith. sign in

arxiv: 2511.17260 · v3 · submitted 2025-11-21 · 💻 cs.CR

Persistent BitTorrent Trackers

Fran\c{c}ois-Xavier Wicht , Zhengwei Tong , Shunfan Zhou , Hang Yin , Aviv Yaish This is my paper

Pith reviewed 2026-05-17 20:36 UTC · model grok-4.3

classification 💻 cs.CR
keywords BitTorrentprivate trackersreputation systemssmart contractsBLS signaturescryptographic receiptsDHT fallbackprivacy preservation
0
0 comments X

The pith

Storing reputation in smart contracts with signed receipts makes private BitTorrent trackers survive shutdowns and move between communities.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper replaces unverifiable self-reported upload statistics in private BitTorrent trackers with peer-signed receipts for each received piece. Reputation lives in smart contracts so it survives tracker failure and travels to new communities through single-hop migration. When a tracker is down, peers switch to an authenticated distributed hash table that treats the stored reputation as a public key infrastructure to keep access control intact. Privacy measures include ephemeral session keys, zero-knowledge proofs for DHT membership, and homomorphic commitments to hide reputation values. A hybrid signature scheme uses ECDSA for fast per-piece signing and BLS for compact aggregation, keeping added overhead below 5 percent for typical piece sizes.

Core claim

Peers sign receipts for received pieces; the tracker aggregates them via BLS signatures and updates reputation on smart contracts. If the tracker is unavailable, peers fall back to an authenticated DHT where stored reputation acts as PKI to preserve access control. Reputation migrates portably across tracker failures through single-hop migration in factory-deployed contracts. Privacy is protected by ephemeral keys, zero-knowledge membership proofs, and confidential reputation via homomorphic commitments. The design proves four security properties under standard cryptographic assumptions.

What carries the argument

Peer-signed transfer receipts aggregated with BLS signatures and stored as reputation in smart contracts, with an authenticated DHT fallback that uses the reputation as PKI.

If this is right

  • Reputation becomes portable so users keep their standing when switching communities after a tracker closes.
  • Access control continues through the DHT even if the original tracker is unavailable.
  • The hybrid ECDSA-plus-BLS scheme keeps client signing cost down by roughly an order of magnitude compared with pure BLS.
  • Four security properties hold under standard cryptographic assumptions for the receipt, aggregation, and migration steps.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same receipt-and-contract pattern could support verifiable contribution tracking in other peer-to-peer file or data sharing systems.
  • Measuring actual gas costs and DHT lookup latency on a public blockchain would test whether the overhead stays acceptable at larger scale.
  • If many trackers adopt the factory contract pattern, a single migration protocol might emerge for reputation across the entire BitTorrent ecosystem.

Load-bearing premise

Peers honestly generate and sign receipts for pieces they receive, and the smart contracts plus DHT stay available and secure without collusion or implementation flaws.

What would settle it

A tracker shutdown after which users cannot prove or migrate their reputation via the smart contracts or authenticated DHT would show the persistence claim fails.

Figures

Figures reproduced from arXiv: 2511.17260 by Aviv Yaish, Fran\c{c}ois-Xavier Wicht, Hang Yin, Shunfan Zhou, Zhengwei Tong.

Figure 2
Figure 2. Figure 2: PBTS initialization. Setup generates tracker instance ID and system parameters (MinRep, InitCredit). KeyGen generates key pairs for an aggregatable signature scheme. by reading from the smart contract. If the user ID al￾ready exists, registration is rejected to prevent duplicate accounts. Otherwise, the tracker writes the user’s ID, public key, and initial reputation counters to the contract. New users rec… view at source ↗
Figure 3
Figure 3. Figure 3: User registration with signature verification and on-chain state [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Torrent announcement with reputation-based access control. [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 7
Figure 7. Figure 7: Tracker migration with TEE attestation verification. Deploys [PITH_FULL_IMAGE:figures/full_fig_p006_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: (a) Workflow of the reputation smart contract showing interactions among the tracker’s TEE, the [PITH_FULL_IMAGE:figures/full_fig_p008_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Function details of the Reputation Smart Contract implement [PITH_FULL_IMAGE:figures/full_fig_p008_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Throughput reduction as a function of download speed under [PITH_FULL_IMAGE:figures/full_fig_p012_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Projected computational overhead of proposed optimizations [PITH_FULL_IMAGE:figures/full_fig_p013_11.png] view at source ↗
read the original abstract

Private BitTorrent trackers enforce upload-to-download ratios to prevent free-riding, but suffer from three critical weaknesses: reputation cannot move between trackers, centralized servers create single points of failure, and upload statistics are self-reported and unverifiable. When a tracker shuts down, users lose their contribution history and cannot prove their standing to new communities. We address these problems by storing reputation in smart contracts and replacing self-reports with cryptographic attestations. Peers sign receipts for received pieces; the tracker aggregates them via BLS signatures and updates reputation. If a tracker is unavailable, peers fall back to an authenticated distributed hash table (DHT): stored reputation acts as a public key infrastructure (PKI), preserving access control without the tracker. Reputation is portable across tracker failures through single-hop migration in factory-deployed contracts. We also address the privacy implications of publishing public keys and reputations tied to private trackers on a public ledger: we propose ephemeral session keys to prevent linking peer identities, zero-knowledge membership proofs for anonymous DHT participation, and confidential reputation using homomorphic commitments. We formalize the security requirements, prove four security properties under standard cryptographic assumptions, and evaluate a prototype. Measurements show that transfer receipts add less than 5\% end-to-end overhead with typical piece sizes. To minimize signing overhead, we adopt a hybrid signature scheme: ECDSA signs individual piece receipts at transfer time for low per-operation latency, while BLS serves as the overarching scheme, enabling compact aggregation of many receipts into a single proof at report time. This design reduces client-side signing cost by an order of magnitude compared to using BLS throughout.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes persistent BitTorrent trackers that store reputation in smart contracts and replace self-reported upload statistics with cryptographic attestations: peers sign receipts for received pieces, which the tracker aggregates via BLS signatures to update on-chain reputation. On tracker failure, peers migrate to an authenticated DHT that uses stored reputation as a PKI for access control. Privacy is addressed via ephemeral session keys, zero-knowledge membership proofs, and homomorphic commitments. The authors formalize security requirements, prove four properties under standard cryptographic assumptions, and report prototype measurements showing transfer receipts add less than 5% end-to-end overhead; a hybrid ECDSA/BLS signature scheme is used to reduce client signing cost.

Significance. If the proofs hold under realistic assumptions and the prototype results generalize, the work provides a practical path to portable, verifiable reputation in decentralized P2P file-sharing without single points of failure. The combination of blockchain storage, BLS aggregation, DHT fallback, and privacy primitives addresses longstanding issues in private trackers while offering concrete overhead numbers and a hybrid signature optimization.

major comments (2)
  1. [Security Model / Proofs] Security model and proofs: the four security properties are stated to hold under standard assumptions that include honest receipt signing by receivers. However, the protocol description provides no enforcement mechanism (e.g., signature required before piece delivery or on-chain challenge for non-signing), allowing a malicious receiver to withhold a signature and thereby deny upload credit. This assumption is load-bearing for the central claim that cryptographic attestations replace unverifiable self-reports.
  2. [DHT Fallback Mechanism] DHT fallback and PKI role: the claim that stored reputation acts as a public key infrastructure for access control when the tracker is unavailable requires explicit analysis of how reputation entries are authenticated and updated in the DHT without introducing forgery or replay attacks that could bypass access control.
minor comments (2)
  1. [Evaluation] The abstract and evaluation section report <5% overhead but do not specify the exact piece sizes, network conditions, or baseline (tracker-only) measurements used; adding these details would strengthen the quantitative claim.
  2. [Privacy Mechanisms] Notation for ephemeral session keys and homomorphic commitments is introduced without a consolidated table of symbols or a short security-game definition; this would improve readability for readers outside the immediate subfield.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed review. The comments highlight important aspects of the security model and DHT fallback that warrant clarification and expansion. We address each point below and outline the revisions we will make to strengthen the manuscript.

read point-by-point responses

  1. Referee: Security model and proofs: the four security properties are stated to hold under standard assumptions that include honest receipt signing by receivers. However, the protocol description provides no enforcement mechanism (e.g., signature required before piece delivery or on-chain challenge for non-signing), allowing a malicious receiver to withhold a signature and thereby deny upload credit. This assumption is load-bearing for the central claim that cryptographic attestations replace unverifiable self-reports.

    Authors: We agree that the manuscript does not currently specify an enforcement mechanism for receipt signing, which leaves the honest-signing assumption implicit. In the revised version we will add an explicit subsection under the protocol description that outlines two practical enforcement options: (1) the sender withholds the next piece until a signed receipt for the current piece is received, and (2) an optional on-chain challenge protocol in which a peer can submit a non-repudiation proof if a receiver refuses to sign. These additions will be accompanied by a brief argument showing that the existing security proofs continue to hold once enforcement is in place, thereby making the replacement of self-reported statistics by cryptographic attestations fully rigorous. revision: partial

  2. Referee: DHT fallback and PKI role: the claim that stored reputation acts as a public key infrastructure for access control when the tracker is unavailable requires explicit analysis of how reputation entries are authenticated and updated in the DHT without introducing forgery or replay attacks that could bypass access control.

    Authors: We acknowledge that the current text states the PKI role of on-chain reputation but does not provide a dedicated security analysis of the DHT fallback. In the revision we will insert a new subsection that details: (a) how DHT entries are authenticated by embedding a BLS signature (or ZK membership proof) derived from the smart-contract state, (b) the use of per-update nonces and timestamps to prevent replay, and (c) a reduction showing that forgery is prevented under the same discrete-log and BLS assumptions used elsewhere in the paper. This analysis will be cross-referenced with the existing four security properties to demonstrate that access control remains intact during tracker unavailability. revision: yes

Circularity Check

0 steps flagged

No significant circularity; security claims rest on external cryptographic assumptions

full rationale

The paper formalizes security requirements for a BitTorrent reputation system and proves four properties under standard cryptographic assumptions, employing a hybrid ECDSA/BLS signature scheme and mechanisms such as ephemeral keys and zero-knowledge proofs. These elements draw from established primitives rather than self-definitional reductions, fitted parameters renamed as predictions, or load-bearing self-citations. The central construction replaces self-reported uploads with peer-signed receipts aggregated via BLS, with reputation stored in smart contracts and fallback to authenticated DHT; none of the described steps reduce by construction to the paper's own inputs or prior author results. The design is self-contained against external benchmarks, with overhead measurements provided as independent evaluation.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The central claim rests on standard cryptographic assumptions plus the domain assumption of honest receipt signing; no data-fitted free parameters are introduced.

axioms (2)
  • standard math Standard cryptographic assumptions hold for BLS signatures, ECDSA, zero-knowledge proofs, and homomorphic commitments.
    Security properties are proved under these assumptions as stated in the abstract.
  • domain assumption Peers honestly sign receipts for pieces they receive.
    The attestation and reputation update mechanism depends on this honest behavior.
invented entities (1)
  • Authenticated DHT with reputation acting as PKI no independent evidence
    purpose: Fallback mechanism to preserve access control when the primary tracker is unavailable
    New application of stored reputation records as a public-key infrastructure for DHT authentication.

pith-pipeline@v0.9.0 · 5592 in / 1537 out tokens · 75512 ms · 2026-05-17T20:36:26.270412+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages · 1 internal anchor

  1. [1]

    Free rid- ing on Gnutella

    Eytan Adar and Bernardo A. Huberman. “Free rid- ing on Gnutella”. en. In:First Monday(Oct. 2000). ISSN: 1396-0466.DOI: 10.5210/fm.v5i10.792

    work page doi:10.5210/fm.v5i10.792 2000

  2. [2]

    2020.URL: https://www.amd.com/content/ dam / amd / en / documents / epyc - technical - docs / programmer - references / 55766 _ SEV- KM _ API _ Specification.pdf

    AMD.Secure Encrypted Virtualization API Version 0.24. 2020.URL: https://www.amd.com/content/ dam / amd / en / documents / epyc - technical - docs / programmer - references / 55766 _ SEV- KM _ API _ Specification.pdf

    work page 2020

  3. [3]

    Snowflake, a cen- sorship circumvention system using temporary WebRTC proxies

    Cecylia Bocovich, Arlo Breault, David Fifield, Serene, and Xiaokang Wang. “Snowflake, a cen- sorship circumvention system using temporary WebRTC proxies”. In:33rd USENIX Security Symposium (USENIX Security 24). Philadelphia, PA: USENIX Association, Aug. 2024, pp. 2635– 2652.ISBN: 978-1-939133-44-1.URL: https : / / www . usenix . org / conference / usenixs...

    work page 2024

  4. [4]

    Brahms: byzantine resilient random membership sampling

    Edward Bortnikov, Maxim Gurevich, Idit Keidar, Gabriel Kliot, and Alexander Shraer. “Brahms: byzantine resilient random membership sampling”. In:Proceedings of the Twenty-Seventh Annual ACM Symposium on Principles of Distributed Comput- ing, PODC 2008, Toronto, Canada, August 18-21,

    work page 2008

  5. [5]

    In: Proceedings of the Twenty-Seventh ACM Symposium on Principles of Distributed Computing

    Ed. by Rida A. Bazzi and Boaz Patt-Shamir. ACM, 2008, pp. 145–154.DOI: 10.1145/1400751. 1400772

    work page doi:10.1145/1400751 2008

  6. [6]

    https : / / electriccoin.co/blog/new- snark- curve/

    Sean Bowe.New SNARK Curve. https : / / electriccoin.co/blog/new- snark- curve/. Accessed: 2025-01-19. 2017

    work page 2025

  7. [7]

    2009.URL: https : / / www

    David Brooks and David Aslanian.BitTorrent Pro- tocol Abuses. 2009.URL: https : / / www. blackhat . com / presentations / bh - usa - 09 / BROOKS / BHUSA09-Brooks-BitTorrHacks-PAPER.pdf

    work page 2009

  8. [8]

    June 2022.URL: https://vitalik.eth.limo/ general/2022/06/15/using_snarks.html

    Vitalik Buterin.Some ways to use ZK-SNARKs for privacy. June 2022.URL: https://vitalik.eth.limo/ general/2022/06/15/using_snarks.html

    work page 2022

  9. [9]

    Measurements, Analysis and Modeling of Private Trackers

    X. Chen, Y . Jiang, and X. Chu. “Measurements, Analysis and Modeling of Private Trackers”. In: 2010 IEEE Tenth International Conference on Peer- to-Peer Computing (P2P). 2010, pp. 1–10.DOI: 10. 1109/P2P.2010.5569968

    work page arXiv 2010

  10. [10]

    Intel TDX Demystified: A Top-Down Approach

    Pau-Chen Cheng, Wojciech Ozga, Enriquillo Valdez, Salman Ahmed, Zhongshu Gu, Hani Jamjoom, Hubertus Franke, and James Bottomley. “Intel TDX Demystified: A Top-Down Approach”. In:ACM Comput. Surv.56.9 (Apr. 2024), 238:1– 238:33.ISSN: 0360-0300.DOI: 10.1145/3652597

    work page doi:10.1145/3652597 2024

  11. [11]

    Study on Agent Incentives for Resource Sharing on P2P Networks

    Yukun Cheng, Xiaotie Deng, and Yuhao Li. “Study on Agent Incentives for Resource Sharing on P2P Networks”. In:Asia-Pacific Journal of Operational Research39.03 (June 2022), p. 2150031.ISSN: 0217-5959.DOI: 10.1142/S0217595921500317

    work page doi:10.1142/s0217595921500317 2022

  12. [12]

    Tight incentive analysis of Sybil at- tacks against the market equilibrium of resource exchange over general networks

    Yukun Cheng, Xiaotie Deng, Yuhao Li, and Xi- ang Yan. “Tight incentive analysis of Sybil at- tacks against the market equilibrium of resource exchange over general networks”. In:Games and Economic Behavior148 (Nov. 2024), pp. 566–610. ISSN: 0899-8256.DOI: 10.1016/j.geb.2024.10.009

    work page doi:10.1016/j.geb.2024.10.009 2024

  13. [13]

    Truthfulness of a Network Resource-Sharing Protocol

    Yukun Cheng, Xiaotie Deng, Qi Qi, and Xiang Yan. “Truthfulness of a Network Resource-Sharing Protocol”. In:Mathematics of Operations Research 48.3 (Aug. 2023), pp. 1522–1552.ISSN: 0364- 765X.DOI: 10.1287/moor.2022.1310

    work page doi:10.1287/moor.2022.1310 2023

  14. [14]

    May 2003.URL: https : / / stuker

    Bram Cohen.Incentives Build Robustness in BitTorrent. May 2003.URL: https : / / stuker . com / wp - content / uploads / import / i - 1fd3ae7c5502dfddfe8b2c7acdefaa5e - bittorrentecon.pdf

    work page 2003

  15. [15]

    2007.URL: https: / / web

    Jon Dolan, Rob Levine, Ben Sisario, and Douglas Wolk.The Powergeek 25 — the Most Influential People in Online Music - Blender. 2007.URL: https: / / web. archive . org / web / 20101221224758 / http : / / www.blender.com/lists/68786/powergeek-25-151- most-influential-people-in-online-music.html?p=2

    work page 2007

  16. [16]

    The Sybil Attack

    John R. Douceur. “The Sybil Attack”. In:Peer- to-Peer Systems. Ed. by Peter Druschel, Frans Kaashoek, and Antony Rowstron. Berlin, Heidel- berg: Springer Berlin Heidelberg, 2002, pp. 251– 260.ISBN: 978-3-540-45748-0

    work page 2002

  17. [17]

    PAST: A Large- Scale, Persistent Peer-to-Peer Storage Utility

    P. Druschel and A. Rowstron. “PAST: A Large- Scale, Persistent Peer-to-Peer Storage Utility”. In: Proceedings Eighth Workshop on Hot Topics in Operating Systems. May 2001, pp. 75–80.DOI: 10. 1109/HOTOS.2001.990064

    work page arXiv 2001

  18. [18]

    https : / / hackmd

    Benjamin Edgington.BLS12-381 Aggregation. https : / / hackmd . io / @benjaminion / bls12 - 381 # Aggregation. Accessed: 2025-01-19. 2025

    work page 2025

  19. [19]

    Ken Fisher.OiNK?S New Piglets Proof Positive That Big Content?S Efforts Often Backfire. 2007. URL: https : / / arstechnica . com / tech - policy / 2007 / 11 / oinks - new - piglets - proof - positive - that - big - contents-efforts-often-backfire/

    work page 2007

  20. [20]

    Incentives for Sharing in Peer-to-Peer Networks

    Philippe Golle, Kevin Leyton-Brown, and Ilya Mironov. “Incentives for Sharing in Peer-to-Peer Networks”. In:Proceedings of the 3rd ACM Confer- ence on Electronic Commerce. EC ’01. New York, NY , USA: Association for Computing Machinery, Oct. 2001, pp. 264–267.ISBN: 978-1-58113-387-5. DOI: 10.1145/501158.501193

    work page doi:10.1145/501158.501193 2001

  21. [21]

    Hanna Halaburda, Benjamin Livshits, and Aviv Yaish.Platform Building With Fake Consumers: On Double Dippers and Airdrop Farmers. en. Rochester, NY, July 2025.DOI: 10 . 2139 / ssrn . 5364583

    work page 2025

  22. [22]

    BitTor- rent or BitCrunch: Evidence of a Credit Squeeze in BitTorrent?

    David Hales, Rameez Rahman, Boxun Zhang, Michel Meulpolder, and Johan Pouwelse. “BitTor- rent or BitCrunch: Evidence of a Credit Squeeze in BitTorrent?” In:2009 18th IEEE International Workshops on Enabling Technologies: Infrastruc- tures for Collaborative Enterprises. ISSN: 1524-

    work page 2009

  23. [23]

    99–104.DOI: 10

    June 2009, pp. 99–104.DOI: 10 . 1109 / WETICE.2009.22

    work page 2009

  24. [24]

    International Journal of Information Security1(1), 36–63 (2001).https://doi.org/10.1007/s102070100002 26 S

    Don Johnson, Alfred Menezes, and Scott A. Van- stone. “The Elliptic Curve Digital Signature Algo- rithm (ECDSA)”. In:Int. J. Inf. Sec.1.1 (2001), pp. 36–63.DOI: 10 . 1007 / S102070100002.URL: https://doi.org/10.1007/s102070100002

    work page doi:10.1007/s102070100002 2001

  25. [25]

    Economics of BitTorrent communities

    Ian A. Kash, John K. Lai, Haoqi Zhang, and Aviv Zohar. “Economics of BitTorrent communities”. In: Proceedings of the 21st international conference on World Wide Web. WWW ’12. New York, NY , USA: Association for Computing Machinery, Apr. 2012, pp. 221–230.ISBN: 9781450312295.DOI: 10.1145/ 2187836.2187867

    work page arXiv 2012

  26. [26]

    SpotProxy: Rediscovering the Cloud for Censorship Circumvention

    Patrick Tser Jern Kon, Sina Kamali, Jinyu Pei, Diogo Barradas, Ang Chen, Micah Sherr, and Moti Yung. “SpotProxy: Rediscovering the Cloud for Censorship Circumvention”. In:33rd USENIX Security Symposium (USENIX Security 24). Philadelphia, PA: USENIX Association, Aug. 2024, pp. 2653–2670.ISBN: 978-1-939133-44-1. URL: https : / / www . usenix . org / confere...

    work page 2024

  27. [27]

    Bittorrent Is an Auction: Analyzing and Improving Bittorrent’s Incentives

    Dave Levin, Katrina LaCurts, Neil Spring, and Bobby Bhattacharjee. “Bittorrent Is an Auction: Analyzing and Improving Bittorrent’s Incentives”. In:Proceedings of the ACM SIGCOMM 2008 Con- ference on Data Communication. SIGCOMM ’08. New York, NY , USA: Association for Computing Machinery, Aug. 2008, pp. 243–254.ISBN: 978-1- 60558-175-0.DOI: 10.1145/1402958.1402987

    work page doi:10.1145/1402958.1402987 2008

  28. [28]

    Optimal Pricing for Peer- to-Peer Sharing With Network Externalities

    Yunpeng Li, Costas A. Courcoubetis, Lingjie Duan, and Richard Weber. “Optimal Pricing for Peer- to-Peer Sharing With Network Externalities”. In: IEEE/ACM Transactions on Networking29.1 (Feb. 2021), pp. 148–161.ISSN: 1558-2566.DOI: 10 . 1109/TNET.2020.3029398

    work page arXiv 2021

  29. [29]

    Carlini, N., Liu, C., Erlingsson, ´U., Kos, J., and Song, D

    Deepak Maram, Harjasleen Malvai, Fan Zhang, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Ty- rone Lobban, Christine Moy, Ari Juels, and Andrew Miller. “CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability”. In:2021 IEEE Symposium on Se- curity and Privacy (SP). May 2021, pp. 1348–1366. DOI: 10.1109/SP400...

    work page doi:10.1109/sp40001.2021.00038 2021

  30. [30]

    Kadem- lia: A Peer-to-Peer Information System Based on the XOR Metric

    Petar Maymounkov and David Mazières. “Kadem- lia: A Peer-to-Peer Information System Based on the XOR Metric”. en. In:Peer-to-Peer Systems. Ed. by Peter Druschel, Frans Kaashoek, and Antony Rowstron. V ol. 2429. Berlin, Heidelberg: Springer, Oct. 2002, pp. 53–65.ISBN: 9783540457480.DOI: 10.1007/3-540-45748-8_5

    work page doi:10.1007/3-540-45748-8_5 2002

  31. [31]

    Turning Piracy into Profits: a Theoretical Investigation

    Antonio Minniti and Cecilia Vergari. “Turning Piracy into Profits: a Theoretical Investigation”. In:Information Economics and Policy22.4 (Dec. 2010), pp. 379–390.ISSN: 0167-6245.DOI: 10 . 1016/j.infoecopol.2010.06.001

    work page 2010

  32. [32]

    Glen Weyl, and Vitalik Buterin

    Puja Ohlhaver, E. Glen Weyl, and Vitalik Buterin. Decentralized Society: Finding Web3’s Soul. SSRN Scholarly Paper. Rochester, NY, May 2022.DOI: 10 . 2139 / ssrn . 4105763. Social Science Research Network: 4105763

    work page 2022

  33. [33]

    https://phala.com/

    Phala Network.Phala Network. https://phala.com/. Accessed: 2025-01-19. 2025

    work page 2025

  34. [34]

    Improving Efficiency and Fairness in P2P Systems with Effort-Based In- centives

    R. Rahman, M. Meulpolder, D. Hales, J. Pouwelse, D. Epema, and H. Sips. “Improving Efficiency and Fairness in P2P Systems with Effort-Based In- centives”. In:2010 IEEE International Conference on Communications. ISSN: 1938-1883. May 2010, pp. 1–5.DOI: 10.1109/ICC.2010.5502544

    work page doi:10.1109/icc.2010.5502544 2010

  35. [35]

    https:// interviewfor.red/en/index.html

    RED Interview Team.Interview for RED. https:// interviewfor.red/en/index.html. Accessed: 2025-01-

    work page 2025

  36. [36]

    Publication info: Published elsewhere

    Maurice Shih, Michael Rosenberg, Hari Kailad, and Ian Miers.zk-promises: Anonymous Moderation, Reputation, and Blocking from Anonymous Creden- tials with Callbacks. Publication info: Published elsewhere. Major revision. Usenix Security 2025. Aug. 2024.URL: https://ia.cr/2024/1260

    work page 2025

  37. [37]

    UniRep.UniRep Docs. en. 2025.URL: https : / / developer.unirep.io/

    work page 2025

  38. [38]

    Ben Westhoff.Trent Reznor and Saul Williams Discuss Their New Collaboration, Mourn OiNK. Oct. 2007.URL: https://www.vulture.com/2007/ 10 / trent % 5C _ reznor % 5C _ and % 5C _ saul % 5C _ williams.html

    work page 2007

  39. [39]

    Proportional Response Dynamics Leads to Market Equilibrium

    Fang Wu and Li Zhang. “Proportional Response Dynamics Leads to Market Equilibrium”. In:Pro- ceedings of the Thirty-Ninth Annual ACM Sympo- sium on Theory of Computing. STOC ’07. New York, NY , USA: Association for Computing Ma- chinery, June 2007, pp. 354–363.ISBN: 978-1- 59593-631-8.DOI: 10.1145/1250790.1250844

    work page doi:10.1145/1250790.1250844 2007

  40. [40]

    Aviv Yaish, Nir Chemaya, Lin William Cong, and Dahlia Malkhi.Inequality in the Age of Pseudonymity. Aug. 2025.DOI: 10.48550/arXiv. 2508.04668

    work page internal anchor Pith review doi:10.48550/arxiv 2025

  41. [41]

    Town Crier: An Authen- ticated Data Feed for Smart Contracts

    Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. “Town Crier: An Authen- ticated Data Feed for Smart Contracts”. In:Pro- ceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16. New York, NY , USA: Association for Computing Machinery, Oct. 2016, pp. 270–282.ISBN: 978-1- 4503-4139-4.DOI: 10.1145/297674...

    work page doi:10.1145/2976749.2978326 2016

  42. [42]

    Adding incentives to file-sharing systems

    Aviv Zohar and Jeffrey S. Rosenschein. “Adding incentives to file-sharing systems”. In:Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 2. AA- MAS ’09. Richland, SC: International Foundation for Autonomous Agents and Multiagent Systems, May 2009, pp. 859–866.ISBN: 9780981738178. URL: https : / / dl . acm...

    work page 2009