Design of Trusted Market Platforms using Permissioned Blockchains and Game Theory

01/16/2020 ∙ by Shivika Narang, et al. ∙ 0

The blockchain concept forms the backbone of a new wave technology that promises to be deployed extensively in a wide variety of industrial and societal applications. Governments, financial institutions, banks, industrial supply chains, service companies, and even educational institutions and hospitals are investing in a substantial manner in the hope of improving business efficiency and operational robustness through deployment of blockchain technology. This thesis work is concerned with designing trustworthy business-to-business (B2B) market platforms drawing upon blockchain technology and game theory. The proposed platform is built upon three key ideas. First, we use permissioned blockchains with smart contracts as a technically sound approach for building the B2B platform. The blockchain deploys smart contracts that govern the interactions of enterprise buyers and sellers. Second, the smart contracts are designed using a rigorous analysis of a repeated game model of the strategic interactions between buyers and sellers. We show that such smart contracts induce honest behavior from buyers and sellers. Third, we embed cryptographic regulation protocols into the permissioned blockchain to ensure that business sensitive information is not revealed to the competitors. We believe our work is an important step in the direction of building a powerful B2B platform that maximizes social welfare and enables trusted collaboration between strategic enterprise agents.



There are no comments yet.


page 1

page 22

page 29

page 30

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1.1 Motivation and Background

A Business-to-Business (B2B) platform, as depicted in Figure 1.1, is one which enables interactions amongst enterprise buyers and sellers along with service providers such as logistics providers. Such a platform also serves the purpose of enabling information exchange amongst competing manufacturers/suppliers. B2B platforms are growing fast and intend to help upcoming businesses manage and streamline their work [35]. The design of robust B2B collaboration platforms and incentivizing cooperation on them constitute important research directions.

Figure 1.1: A B2B Platform

A B2B procurement market platform is a B2B platform which helps facilitate the procurement process of enterprises. Businesses can utilize such platforms to trade goods and services which will be used to manufacture a good or deliver a service. While recent years have seen a lot of progress in Business-to-Customers (B2C) market platforms, especially with the advent of mobile applications, B2B platforms have not progressed technologically. They continue to be centralized and use point-to-point messages. One reason for this is a lack of technology which preserves privacy of the agents interacting on the platform, especially from the platform itself. While it need not be concerning for an individual if Amazon knows her purchase history, for an enterprise such information is business-critical. Consequently, the functionality that can be obtained by an enterprise from current B2B platforms gets limited. The work presented in this thesis aims to help solve this problem by proposing a blockchain-based solution. Recent progress in distributed ledgering technology, which is collectively referred to as blockchain technology has gained widespread attention from media and industry. In the last few years, it has quickly transitioned from an exciting technology, with a cult user base for the Bitcoin cryptocurrency [30], to being seen as a powerful tool for transformation of business ecosystems. The technology allows users on a distributed peer-to-peer network to maintain a distributed ledger without any need for a centralized intermediary. At the core of any blockchain platform are,

  1. A mechanism for secure and distributed consensus protocol for maintaining the ledger, and

  2. A framework to autonomously execute smart contracts based on the state of the distributed ledger.

The initial research focus on blockchain has been on various security, privacy, and game theoretic aspects of distributed consensus mechanisms for applications in cryptocurrencies. The focus of our work is on identifying and providing solutions to the issues that are critical to making blockchain a tool for transforming business ecosystems. An advantage of a blockchain-based market platform is that rules can be imposed on the transactions that occur on the platform, by way of smart contracts. For instance, smart contracts can be used to govern the prices charged, and can be a means of ensuring that goods are traded at a fair price. The rules that are to be enforced can be decided jointly after negotiations between the buyers association and the sellers association. The appropriate form of blockchain technology for such a purpose would be permissioned blockchains, where the access to the data is restricted to users of a company or consortium of companies that manage the blockchain. Permissioned networks are essential for business-to-business (B2B) collaborations as businesses need to know who they are transacting with and there is a need to control the purposes for which they transact with different entities. a typical B2C market platform, such as Amazon or eBay, when a buyer decides to buy a particular good, she typically searches for it and is able to view different vendors who sell the good. She then proceeds to buy from the vendor who she believes offers the best tradeoff between quality and price. Studies indicate that to induce sellers to consistently provide high-quality products, it is necessary to make it publicly known when a seller fails to do so. B2C market platforms achieve this by way of ratings for each good sold by a vendor. Our work aims to enable an enterprise buyer to do the same on a B2B market platform, while being incentivized to be honest. Further, we use a repeated game formulation to study various pricing rules and punishment strategies, so as to identify the ones that best incentivize high-quality offerings from sellers. This analysis is intended to help design appropriate smart contracts which will define the interactions that occur on the platform.

1.2 Review of Relevant Work

A motivation of our work is to achieve sustained cooperation amongst buyers and sellers. Buyer-Seller interactions over market networks have been studied from various aspects. From an economics point of view Fainmesser found that the frequency of high-quality given by a seller in large market networks increases with moderate and balanced competition, and that the inclusion of institutions like litigation can sustain cooperation in denser networks [12]. Zhang and van der Scharr study this problem from a crowdsourcing aspect. They consider a mechanism, where each worker has reputation in the set . After each period, based on the report by the requester, assumed to be truthful, the reputation is either incremented or decremented. If the reputation of a worker falls below a threshold, she is put into isolation. They study how the choice of the threshold affects cooperation. Conditions are given on as a function of the system parameters on when the protocol will have the workers putting in high effort to take on the tasks given to them, as a Nash equilibrium. In order to sustain high-quality from sellers in a market, information about how an agent behaves with other agents is needed[44]. However, this information often remains local, known only to the two parties and perhaps their neighbors. Wolitzky [44] studies two communication technologies to replicate public information. While the problem at hand is of market interactions, the broader motivation of our work is aimed towards supply chains. Much like in market networks, information sharing in supply chains has been found to reduce costs both theoretically and experimentally [5, 14, 15]

, much like in market networks. We enable information sharing, and hence collaboration, between enterprise agents by providing a cryptographic protocol for computing a ratings vector for the sellers, without revealing their own input. This problem of jointly computing reputation of agents or building reputation systems is neither new nor trivial. Procaccia et al

[36] use a gossip-based aggregation technique to provide a simple decentralized reputation system without a need for complex data structures. Jiang [23] attempts to design reputation systems that are robust to attacks such as malicious ratings. Haghpanah [20] focuses on reputation systems for supply chains which do not downweight the value of feedback given by other participants. The method proposed in this thesis, for rating sellers on a B2B platform, is able to achieve the salient features of all of the three papers mentioned above. Our problem also fits into the broader area of collaborative rating, which is an important problem for recommender systems [10]. In the problem of collaborative rating, ratings must be computed for a set of objects jointly by users. Each user provides ratings on a strict subset of the objects, and complete ratings must be computed from these partial ratings. The problem of computing collaborative ratings itself is a specific case of the matrix completion problem, pioneered by Candes and Retch [6].

1.3 Contributions of the Thesis

Having established the positioning of our work, we now provide an outline of the specific contributions of the work presented in this thesis. Figure 1.2 depicts the various building blocks of the proposed platform and motivates the various contributions of this work.

Figure 1.2: Building blocks of the proposed blockchain-based B2B platform

A Formal Framework for Secure B2B Collaboration

One of the key aspects of B2B collaboration is that, often, the cooperating entities are also competing entities and the information required for cooperation is business sensitive information from competitive perspective. As discussed, designing a platform that successfully enables privacy-preserving B2B collaboration is a non-trivial task and requires a formal discussion. Therefore, there is a need for a framework to formulate the requirements of a secure and private B2B collaboration. We provide a formal notation for studying and analyzing all the components of a B2B platform and the events that occur on the platform. To the best of our knowledge, we present the first such framework for B2B collaboration.

Game Theoretic Modeling and Analysis

We use repeated games to analyze the strategic interactions between buyers and sellers in the context of a supplier rating problem. We compute the equilibrium behavior under different strategies and pricing settings. The analysis reveals that the equilibrium attained is contingent on the sellers’ discounting factor for future payoffs, as well as, on the profit margin of the pricing system. We study markets where social welfare is maximized when sellers provide high quality and deduce conditions under which high quality offerings constitute an equilibrium. These characterizations are of independent interest in themselves. There is prior literature on game theoretic analysis of mining in permissionless networks, exemplified by [26, 27]. To the best of our knowledge, there is no prior work on a framework to study game theoretic aspects of blockchain based B2B collaboration.

Implementation using Permissioned Blockchains and Cryptographic Protocols

We show how to employ permissioned blockchain networks to securely and privately mimic an oracle’s solution to the supplier rating problem. We deploy a smart contract that implements the business logic in a given mechanism with the help of two regulation protocols: (a) a public perception protocol and (b) a monitoring protocol. The public perception protocol is a cryptographic protocol that aggregates buyer feedback about sellers into a rating, known as the public perception vector, while preserving privacy. The purpose of the monitoring protocol is to disincentivize dishonest feedback by the buyers. We show that our implementation is a secure and private simulation of the oracle’s supplier rating.

1.4 Outline of the Thesis

The organization of this thesis is as follows.

Chapter 2: Foundations of Blockchain Technology

This chapter provides the foundations of blockchain technology. Section 2.1 covers the building blocks of blockchain technology. It begins by explaining the different contexts in which the term blockchain is used, followed by details of the blockchain data structure. We describe the organization of data in the blockchain, followed by how blocks are added to a blockchain, introducing two commonly used mining techniques. Section 2.2 discusses the key features of blockchain technology, its role as an asset ledger and introduces smart contracts. The chapter concludes with Section 2.3 which gives a discussion of a commonly used classification of blockchains into permissionless and permissioned blockchains. We discuss the issues that arise with each of them like mining and scalability. We describe the various types of permissioning that may be employed.

Chapter 3: Problem Formulation and Approach

The third chapter of the thesis presents the formulation of the problem studied in this thesis along with the approaches followed. The chapter begins with Section 3.1 which first gives a brief description of the technology being used to deploy current B2B platforms. It discusses the limitations of the current approach, and motivates the use of permissioned blockchains for designing a B2B platform. The section then concludes with the requirements of such a B2B platform. Section 3.2 then defines a formal framework to study interactions on the platform. To the best of our knowledge, this is the first attempt at formally defining interactions over a blockchain network. Section 3.3 goes on to detail the building blocks of this framework. It begins with a description of the model, defining the repeated interactions as a repeated game. Following this discussion, we introduce the cryptographic protocols that are used to compute the ratings and the rating system adopted. The chapter concludes with the definition of the public perception vector, that is we define how the feedback from the buyers is aggregated into a ratings vector for the sellers.

Chapter 4: Game Theory Based Smart Contracts

The fourth chapter is devoted to game theoretic analysis of the problem presented in the third chapter. The chapter begins with a few preliminaries on game theory. Section 4.1 formally defines strategic form games and Nash equilibrium. This chapter also discusses some examples of strategic form games and the Nash equilibria that arise in each of these games. Section 4.2 goes on to define Extensive Form Games, and what a Nash equilibrium for an extensive form game is. It also presents a stronger notion of equilibrium called the subgame perfect equilibrium. Section 4.3 concludes the game theory preliminaries by defining repeated games and how subgame perfect equilibria can be characterized for a repeated game. It also explains the punishment aspect of the problem studied in the thesis. Section 4.4 begins the game theoretic analysis of the problem. This section considers a pricing rule called “Homogeneous Pricing”, where all sellers sell at the same price. It is shown that the only pure strategy equilibria for such a system can be either giving only high-quality or only low-quality. This section studies two different punishment models, one where sellers are punished by individual buyers for providing low-quality in a particular round. In the other model, a seller is punished collectively by the all the buyers in the market if his rating drops below a threshold value. It is also shown that the latter punishment model is better at incentivizing high-quality offerings from sellers. Section 4.5 considers a setting where sellers can sell their products at one of two prices. Within this setting two cases are considered, one where the price at which a seller sells never changes, and one where the price at which the seller sells is determined by his public perception. It is found that both these settings reduce to different cases of homogeneous pricing, contingent on the parameters of the system. Section 4.6 takes the idea of the price being determined by the seller’s rating forward and the seller’s rating is linearly transformed to determine the price which he charges. This section finds behaviour that was not observed in the previous two sections. The chapter concludes with the observation that the rather complicated behaviour observed in the case of continuous pricing, prevents a closed form expression for characterizing the Nash equilibria in this setting.

Chapter 5: Cryptographic Regulation Protocols

This chapter presents details of the cryptographic protocols deployed on the platform which ensure that the requirements of the B2B platform listed in Chapter 2 are met. We first present some relevant preliminaries on public-key cryptography and secure multi-party computation required for the protocol, such as homomorphic encryption. This is covered in Section 5.1. Sections 5.2 and 5.3 detail the two subprotocols, namely the Monitoring Protocol and the Public Perception Protocol. The former ensures that buyers are honest in their feedback, and the latter is responsible for actually aggregating buyer feedback into a ratings vector for the sellers. The chapter concludes with a discussion on the properties of these protocols and how the appropriate requirements are met by means of these protocols.

Chapter 6: Summary and Future Work

This chapter presents a summary of the thesis, along with some directions possible for future work. Section 6.1 presents a summary of the results presented in the preceding chapters. Section 6.2 discusses possible variations in the model presented in this thesis, and accordingly lists the scope of future work in this problem.

1.5 Conclusion

A review of existing literature shows that to ensure consistent quality is received from a seller, information of their behaviour should be made public to all the buyers. While most B2C platforms allow for buyers to rate sellers, progress has been stalled in the development of platforms enabling B2B collaboration. One of the reasons for this is that interactions on such platforms should be such that privacy of the agents is preserved. A B2B market platform requires a privacy-preserving way to rate the enterprise sellers or suppliers. The rating system must be robust to attacks such as malicious ratings attacks. This problem is solved using permissioned blockchains and Multi-Party Computation protocols. The other requirement of a B2B market platform is to incentivize sellers to provide high-quality. We conduct game theoretic modeling and analysis towards this end, which will be used to design smart contracts on the blockchain. In the following chapter, we provide an overview of blockchain technology that is relevant to our work.

2.1 Blockchain Building Blocks

A blockchain network is typically a peer-to-peer network where each node has computing resources and a data repository. The data repository at each node contains an an up-to-date copy of the blockchain. Figure 2.1 illustrates a blockchain network and its essential components: a computing resource and data repository within each node and a lack of centralization.

Figure 2.1: A Blockchain network

2.1.1 Blockchain Data Structure

The blockchain data structure is a structured collection or shared ledger of blocks. Figure 2 depicts a part of a typical blockchain. In this subsection, we describe the data structure that is used in the bitcoin blockchain, to bring out all essential features of a blockchain. A blockchain may contain any number of blocks. For example, the bitcoin blockchain (as of January 2018) contains more than 210000 blocks.

Figure 2.2: A Blockchain

As a data structure, a blockchain is a doubly linked list of the blocks. Thus, each block has a pointer to the next block as well as a pointer to the previous block. Each block contains the following:

  • Data corresponding to a number of transactions. Each transaction may involve a small subset of nodes and is represented in some digital form. A block may contain any number of transactions. For example, a block in the bitcoin blockchain could contain hundreds of transactions.

  • A hash value corresponding to the current block.

  • A hash value corresponding to the previous block.

Each hash value above is also called proof-of-work for that block. Proof-of-work for a block is computed by solving a difficult cryptographic puzzle: this puzzle takes as input the transaction data of that block and produces a final hash value, after a very large number of hash computations, such that the final value that satisfies a certain criterion that is difficult to achieve (for example, the hash value should start with a string of four zeros, etc.). Because of the intensive nature of this computation and the massive amount of computational work involved in producing this final hash value, the latter is aptly called proof-of-work. Since every block contains proof of work for the current block and proof-of-work for the previous block, the blockchain becomes virtually immutable. This is because, in order to modify a block, not only do you have to modify the current block but also all successive blocks.

Figure 2.3: Merkle Tree

The data corresponding to each block is organized as a Merkle tree as shown in Figure 3. Merkle tree is a binary tree data structure where hashing is used to facilitate efficient verification of the contents of the tree. The leaf nodes contain the hash values of individual transaction data. Each internal node contains only a hash value that is computed using the hash values contained in its children. The root node will thus contain a hash value which is called the root hash value. Given a Merkle tree, in order to verify that a given a set of transactions is precisely the same as the transactions stored in the Merkle tree, we only have to compute the hash value from the given transaction data and verify that the hash value is the same that of the root hash value in the given Merkle tree. A new block is included into the blockchain using a process called mining which is described in the next section. Once a new block gets included, the updated blockchain becomes available at all the nodes. The manner in which the blockchain data structure is organized, updated, and replicated ensures that the blockchain is a shared, synchronized, immutable, distributed ledger created through distributed consensus; all nodes have access to the ledger and can verify the truth. Simply speaking, the blockchain elegantly implements tamper-proof record keeping. The blockchain protocol is decentralized and eliminates the need for intermediation by trusted third parties. Blockchain technology thus represents a deep one that combines cryptography, data structuring, and distributed consensus in a brilliant way. Blockchain technology provides a way to implement a distributed, shared ledger without the need for a central trusted entity or trusted third parties. There are other ways to implement a distributed, shared ledger but blockchain technology is superior to the existing approaches because of the above features. For any immutable data structure, which continues to be decentralized, the issue of adding new blocks to the chain is not trivial. We now briefly study common techniques of adding new blocks to the blockchain.

2.1.2 Mining of Blocks

The addition of a new block to a blockchain is based on inverting a hash function, whose computational complexity is believed to grow exponentially in the length of the input. This process is known as mining or validation. Mining secures the blockchain system from fraudulent transactions. Mining can be done by any node in the (public) blockchain. The task of a miner is two fold: (1) to validate the data in the block and (2) to append the valid block to the already existing blockchain. Note that the success of the blockchain is attributed to the way mining is done i.e. how the verification of data is done in a decentralized, anonymous fashion. In the next two subsections, we present how this is achieved via the standard process called proof-of-work and a modified process called proof-of-stake. This section assumes a bitcoin/ethereum type of (public) blockchain. However, the principles are relevant for other types of blockchains as well.


The key idea behind proof-of-work is to make the selection of a miner in a way that nobody can monopolize the system by creating fake nodes. This is ensured in proof-of-work by making the nodes to compete to mine the block using their computation power. This would imply that no single node can monopolize the blockchain protocol as buying that much computation power would be next to impossible. The proof-of-work is based on inverting a hash function where the hardness of the computation can be controlled. This cryptographic computation is a hash function based computation where each miner is required to find a random numeric value nonce such that the cryptographic hash function of the nonce when combined with the data and the hash value of the previous block results in a hash value that is less then a specific target value. Specifically,

The target-value is adjusted automatically between the nodes in the blockchain so as to maintain the difficulty of mining to be a certain time duration. Note that once a miner broadcasts a mined block, every other node can verify that the mined block is valid and thus will append this block to its own blockchain. The proof-of-work technique described above prevents the problem of double-spending the same currency. A disadvantage of proof-of-work is that it needs a massive amount of computation power to validate a single block. Another problem is that mining has become rather proprietary hardware centric which leads to centralization issues as people who are manufacturing such hardware can control the blockchain system. Therefore, there is a shift to other mining techniques like proof-of-stake.


In proof-of-stake, nodes are selected for mining in proportion to the blockchain currency each node is holding as opposed to the computation power in proof-of-work. In proof-of-stake protocol, any node which holds blockchain based currency can become a miner by depositing its currency to the blockchain. Selecting the validator can be done in several ways, such as Randomized block selection and Coin age-based selection. The proof-of-stake protocol is significantly more computationally efficient over proof-of-work protocol in terms of energy consumption, however, this protocol suffers from other disadvantages like nothing at stake and long range attacks. Immutability and mining protocols to achieve consensus contribute towards a blockchain being a trusted ledger. We now explore the key features of blockchain technology which are a consequence of the building blocks discussed in this section.

2.2 Blockchain Technology: Key Features

The unique value proposition of blockchains is that they enable the creation of digital solutions with built in economics. This capability traces its roots to the first applications of blockchains: bitcoins as a digital currency. A necessary condition for a digital currency is the existence of a trusted ledger which can maintain the balances of the account holders. Nobody apart from the account owner should be able to reduce the account balance; not even the entity responsible for maintaining the ledger. This is precisely what is achieved by the blockchain. As a result, today blockchains are being used to develop applications which require decentralized asset registries, such as land registry, tamper-proof academic transcripts and even a registry for diamonds which tracks a diamond right from when it is mined[7].

2.2.1 Asset Ledger

At its very core, a blockchain is a trusted ledger. As explained in the previous section, the technological innovation of blockchains is that the trust in the ledger is ensured using a combination of cryptography and distributed consensus. The most important consequence of using a shared, trusted ledger is that everyone involved is able to agree on a single version of the truth. Thus, an immediate application of blockchains becomes as an asset registry. Assets such as land and property are the most common assets used as collateral to secure a loan, and thus require a trusted, immutable registry. One interesting question in creating a blockchain based asset registry relates to privacy. Does storing asset ownership on a public registry imply that everyone knows who owns what? Public blockchains like Ethereum and Bitcoin blockchains solve this system by using pseudo-anonymity. Every agent in the system is recognized by its account address (public key) but the blockchain does not store a mapping between this account address and the real-world identity of the agent. With these blockchains, thus, the mapping of assets to account addresses is common knowledge but the mapping between the account address and real-world identity may be kept private (known only to the individual agent). In the context of blockchains being used as an asset registry for cryptocurrencies, it is this pseudo-anonymity property which poses challenges to governments and law enforcement agencies worldwide. With permissioned blockchains (discussed in detail in the next section), the issue is less pronounced but still exists. With permissioned blockchains who all can become a part of the blockchain network is controlled by an administrator, so information sharing (of the asset registry) is within a group. Often, however, there may be cases where two (or more) agents in the network may want to undertake a transaction privately. Here again is the requirement for privacy. Interesting solutions to this challenge continue to be explored: cryptographic techniques like zero-knowledge proofs, ring signatures, and hash functions can be combined in interesting ways to achieve privacy while still ensuring trust in the underlying ledger.

2.2.2 Smart Contracts

Powerful as they are, the ideas of a trusted asset registry and a cryptocurrency are only part of the complete picture. It is when these two ideas are combined with the idea of self-enforcing contracts known as smart contracts that the real power of blockchains becomes apparent. Smart contracts are the building blocks to create any decentralized application. A smart contract can be thought of as a conditional transaction, that is, a transaction (or a group of transactions) which executes when certain conditions are met. The conditions required for the transaction are written in a high level programming language like Solidity, the scripting language accompanying Ethereum [3]. In this interpretation, a smart contract is a conditional transaction of value from one agent (account) to other agent(s) conditional on certain events that may occur in the future. Once the contract is deployed on the blockchain, it is guaranteed to execute as per the conditions specified. This “guarantee” stems from the distributed nature of the blockchain. When a smart contract is deployed on the blockchain, a copy of this smart contract resides on every single node in the underlying peer-to-peer network. Each node executes the smart contract code to check whether or not the conditions specified in the contract have been met or not. The verification of these conditions is subject to the same consensus algorithms that a transaction is, thus ensuring that the smart contract executes if and only if the nodes in the blockchain agree that the conditions have been met. To summarize, smart contracts are self-executing contracts written in a high level programming language and deployed on a decentralized peer-to-peer network. Traditionally, contracts underlie a vast span of global commerce, for example, procurement contracts detail the requirements and the conditions under which payments would be made or penalties imposed. Commercial contracts build up the trust for the two (or more) parties thus facilitating trade across the globe. In the blockchain world, these contracts are encoded in a programming language. In this context, smart contracts are computer software which implement commercial contract using cryptography and distributed systems. The great advantage of doing so is that once deployed, these smart contracts are guaranteed to execute and do so automatically. Moreover, since written on a blockchain, when transactions happen with the help of smart contracts, these transactions are immutable. Not only does this enhances trust in the contract, it also reduces manual overhead of contract verification, payments processing etc. To summarize, the key properties of smart contracts are:

  • Decentralized: The smart contracts are executed on hundreds of computers without being controlled by any human. Thus, there are fewer risks of manipulation or fraud.

  • Autonomous: The smart contracts are executed by themselves once they are launched and thus they speed up the trading or the process for what the smart contracts are designed for.

  • Auto-sufficiency: The smart contracts can be sufficient in their own way e.g. they can collect money, provide automated access to storage units, vehicles, make payment for insurance or rent, distribute resources, etc.

Trusted ledgers and conditional transactions are required not just by platforms like Ethereum, where anybody can join, but also in more private settings. We now explore blockchains in both public and private settings, and the associated issues.

2.3 Blockchain Types: Permissionless and Permissioned

A common way to categorizing the types of blockchains is based on the permissioning used. Permissioning refers to the requirement of permission to be able to take a view or add blocks on the blockchain. Permissioning is a natural requirement for several applications where there is a requirement of confidentiality. In this section, we cover permissionless and permissioned blockchains, along with the consequences of the permissioning model chosen.

2.3.1 Permissionless Blockchains

Permissionless or public blockchains are essentially blockchains that do not require permission to view, join, or mine blocks. The lack of permission, may be essential to the application, as in the case of some of the most popular blockchain applications such as Ethereum and Namecoin, a decentralized platform to issue domain names. Typically, such blockchains are intended for use by the masses. Several issues come up, or are foreseen, as the majority of blockchain projects are yet to reach a level of maturity, in the deployment of public blockchains. We now discuss some of these issues.


Allowing users to freely join the network also necessitates much stricter security. This is required as public platforms cannot assume that nodes will not be malicious. The only underlying assumption critical to guarantee the correct execution of such platforms, is that the majority is honest. As a consequence, most common permissionless blockchain platforms use proof-of-work mining, which typically takes longer to validate a block. Ethereum, which has a relatively short validation time, when compared to other public blockchains, typically takes 12 seconds to mine a block. On the other hand, proof-of-stake mining, such as that which is used in Hyperledger, ensures that transactions are validated in 0.5 seconds.


Zohar studies the problem of scalability as it pertains to cryptocurrencies, which are typically implemented on public blockchains [46]. Currently, there are set limits for the size of a block that can be put on the blockchain, which limits the number of transactions that may be put on the block. With these limits held constant, as the number of users grows on the blockchain, the number of transactions also increases, thus leading to further delays in the time required to mine a block. Further, the need for computational power for such platforms is expected to grow much faster than the growth in the available computational power, thus leading to centralization in the validation of blocks [24]. Needless to say, this goes against the very purpose of a decentralized ledger. Thus, permissionless blockchains face a major challenge of scalability. Sompolinsky et al [38] offer solutions to the scalability problem by proposing an alternate consensus scheme, built on Nakamoto’s work [30].


While privacy is often a concern cited to justify the need for a private network, for an individual, a public network provides more privacy. As there is no restriction for joining the network, an individual may have multiple identities on the same network. Transactions on the network are typically attributed to public keys of the parties involved. Thus, by creating aliases on the network, individual users can each have multiple public keys and hence ensure their privacy. This privacy, however, is limited to being pseudonymity. There have been cases where leaks in transaction histories of merchant websites have led to revelation of the true identity of the user [19].

Application Space

The use of permissionless blockchains is reduced to applications which are trustless. Allowing anybody to join the network obviates the assumption of trust, and with it, all applications which require a measure of trust. Consequently, the realm of cryptocurrencies has seen the most prominent deployment of public blockchains. However, applications of permissionless blockchains extend far beyond cryptocurrencies. Some applications include prediction markets, land registry, voting and even governmental services being provided through blockchains [40].


Ethereum is a public blockchain platform, with an accompanying programming language, Solidity, to enable users to build distributed applications on it [40]. Ethereum provides rich functionality to solve computational problems through smart contracts. This provision can be used by developers to build apps on top of Ethereum. Currently deployed decentralized apps, or dapps, include those for voting, crowdfunding, online marketplaces, auctions, etc. Ethereum was proposed in 2014 by Vitalik Buterin, a young programmer who, at that time, was known primarily for writing extensively on Bitcoin. It was an attempt at heralding in the use of smart contracts in the cryptocurrency domain, by providing a scripting language, to write smart contracts, in order to implement the intended business logic [3] [45].

2.3.2 Permissioned Blockchains

Permissioned blockchains are typically not open for users to join freely. However, the term is used rather broadly. Any blockchain where users need permission to take up a role are considered to be permissioned blockchains. These include applications like Monax, where every single possible action, such as adding new users, deploying smart contracts, requires explicit permission. On the other hand, applications such as Quorum, where the only permission that is required is for a node to be a validator, are also categorized as permissioned blockchains. An extreme case of a permissioned blockchain is a private blockchain which is centralized in that write permissions are given only to a highly trusted central entity; read permissions are available to all participants. Only chosen players are permitted to join the network leading to a closed loop environment. Such blockchains are appropriate for handling certain employer-employee transactions in organizations. A widely used classification of permissioning followed is as follows.

  • Simple Permissioning: Typically, permission is only required to validate new blocks. With simple permissioning, new users may be registered by existing users, and smart contracts may be deployed by any of the users.

  • Complex Permissioning: Usually requires “fine-grained” permissions, including being able to view the content of the blockchain, adding new users, validating new blocks. Needless to say, the granularity of the permissions required, are a consequence of the business model and requirements of the use case.

Privacy Models

There is variation in the privacy provided by upcoming and currently deployed private blockchains. For any blockchain-based platform, the transactions that have been validated typically form the content of the blockchain, privacy of transactions is a part of the privacy being provided by the platform. Permissioned blockchains typically have three types of transactions:

  • Public Transactions: Similar to transactions on public blockchains.They can be seen by everybody on the network, and thus, can be validated by any validator.

  • Private Transactions: Such transactions are visible only to the parties involved in the transaction. Consensus must be reached by all the parties involved for the transaction to be validated. A validator present on the network but not involved in the transaction cannot view, let alone validate the transaction.

  • Group Transactions: Transactions are visible to a subset of the nodes, chosen by the parties involved in the transaction. However, validators of the transaction are typically the parties involved in the transaction.

Different types of permissioned blockchain applications adopt some combinations of these three types of transactions, based on their needs. Monax, while using complex permissioning, offers no privacy in transactions[18]. All transactions are public transactions. Corda, implemented for secure communication in the financial sector, only has private transactions, however, parties involved in the transaction may allow regulator nodes to be involved in the consensus. Quorum is an application that provides for all three, public, private and group transactions.


While public blockchains require proof-of-work based consensus, which are computationally expensive, permissioned blockchains can afford to have much more computationally efficient consensus protocols, and further have varying provisions for privacy of transactions. As a result, there is some variance in the consensus algorithm used. While a large fraction of the permissioned blockchains currently deploy proof-of-stake mining, some, like Quorum, use consensus similar to proof-of-stake, but may not provide byzantine fault tolerance. Applications like Corda simply have private transactions, and the parties involved must agree on the transaction to reach consensus.

Application Space

Permissioned blockchains developed as a response to the needs of enterprises to have a private tamper-proof distributed ledger. Consequently, many of these applications are geared towards enterprise networks, such as the banking industry and supply-chain finance and transparency [40]. However, the applicability extends well beyond this realm, including decentralized identity, which aims to decentralize the traditionally centralized domain of storing potentially confidential records and letting users choose the who is allowed to view which records.


The Hyperledger project

is a joint open-source effort led by a consortium of the Linux Foundation, towards the advancement of blockchain technology. The consortium currently has more than 50 member institutions and corporates that are interested in developing the capabilities of blockchain applications. The umbrella of the Hyperledger project, contains various projects within it, each with different flavors of blockchains.

Hyperledger Fabric is a permissioned blockchain framework, which can be implemented, according to the needs of the enterprise. Various components such as deploying the consensus protocol and membership services can be chosen to be included, or not, as per convenience [4]. The motivation behind Hyperledger Fabric is to enable enterprises and groups to deploy blockchains as per their own needs.

2.4 A Vast Canvas of Applications

We have seen that a well designed blockchain based platform, whether public, or private, or permissioned, is guaranteed to be trustworthy, immutable, secure, and enables powerful smart contracts to self-execute in an automated way. In addition, a platform that is built upon a public blockchain is guaranteed to eliminate intermediation and enables sharing in a decentralized and democratic way. A platform based on a permissioned blockchain can also harness some of the key advantages of public blockchain based platforms. The numerous desirable characteristics of blockchain based systems have opened up a wide canvas of powerful industrial and societal applications in the recent years. In the discussion below, we first briefly describe a number of such applications in different domains. Following that, we provide a more detailed treatment of four applications: tamper-proof land registries, academic transcripts, crowdfunding, and a B2B supply chain platform. This section is by no means exhaustive and the reader is urged to look into a large number of applications covered in the following articles: [7, 8, 13, 21, 39, 42, 43]. There are many other sources in the literature and webpages which contain a wealth of information. The references we have provided here cover only a small fraction of content available on the web and we apologize to the authors of a large number of articles we are unable to cite here. Depending on the application, a certain type of blockchain will be more appropriate than others. We have already seen the differences among public, private, and permissioned blockchains; the nature of the application and the requirements mandated by the application will decide which one of these will suit the application best. Buoyed by the exciting application possibilities of the blockchain technology, hundreds of startups have sprung up all over the world. These startups are building innovative solutions in a wide variety of domains. Startups like Consensys, Storj, Ripple, NEO, Bancor are creating solutions targeted at different industries. In India too, there are dozens of startups which have ventured into creating smart solutions based on blockchains.

Applications in the Financial Sector

Financial institutions in general and banking and insurance sectors in particular have started embracing blockchain technology because of a variety of robust features that blockchain technology provides: immutability, security, trustworthiness, and intelligent execution of smart contracts. As one example, more than 80 of the world’s major financial institutions are set to use a distributed ledger platform CORDA which is a blockchain based system developed by a prominent financial technology startup r3. The insurance sector is also pursuing the blockchain technology aggressively. See [8], [13], [39], and [43] for more details.

Applications in the Supply Chain and Logistics Sector

We foresee the supply chain and logistics sector to have the highest promise for a rich variety of usecases for application of blockchain technology. Usecases such as tracking food items from agricultural farms to customer delivery, tracking the numerous parts of a car that will circulate through various suppliers, manufacturers, and countries, and identifying contamination and reducing waste in perishable materials and food processing; etc. represent examples of situations where blockchain technology is valuable. A startup called everledger provides a global digital ledger that tracks and protects valuable assets throughout their lifetime. The digital incarnation on blockchains is used by various stakeholders across the supply chain to form provenance and verify authenticity. This has been used effectively for example in tracking diamonds; more than 1.6 million diamonds are reportedly captured in the blockchain created. We believe an intriguing application of blockchains in the supply chain context is in dynamic supply chain formation. Often, companies need to put together a supply chain of partners dynamically to respond to dynamically arriving demands. This may throw up the need to partner with unknown entities. The trust provided by the blockchain framework provides a brilliant opportunity for partners who are unknown to one another to come together and dynamically form a supply chain for the specific immediate purpose.

IoT Based Applications

In verticals such as healthcare, smart cities, intelligent buildings, home automation, energy industry, supply chains, and manufacturing, the application of IoT technology is well known and well documented. In these applications, typically, hundreds and often thousands of smart devices are connected to an Internet server or cloud, and, a variety of analytics based services are provided. These services, however, currently suffer from lack of scalability, challenges of security, lack of standards, high costs, and moreover are centralized. Blockchain technology can be harnessed to provide a distributed, scalable solution where smart devices now connect directly to distributed ledgers. Moreover, security guarantees can be provided by robust blockchain platforms. See for example [22] for more details.

Block Chains for Social Good

There is a wide repertoire of applications which are citizen centric and social welfare oriented where blockchains hold significant promise. These are discussed in detail in [8], [21], [39], [42], and [43]. In the education sector, safe deposit of academic transcripts and educational records is a usecase that is already being pursued by many startups and educational institutions. In the healthcare area, management of electronic medical records to ensure privacy guarantees and to enable analytics-based diagnosis, etc, are prominent examples where blockchain technology is being explored. In context of energy systems, monitoring smart grids using a blockchain based, IoT based framework is already popular. Blockchain technology has excellent potential for promoting ethical trade. For example, a startup Mediledger provides blockchain solutions for pharmaceutical supply chains. In one usecase, the blockchain systematically tracks pharma drugs from manufacture to ultimate delivery by making drug companies, hospitals, distributors, and wholesalers to record drug deliveries on the blockchain. This will enable to verify the authenticity and provenance of the drugs, thus leading to elimination of counterfeit drugs.

2.5 Conclusion

In this chapter, we have discussed key technical ingredients of the blockchain technology and made a brief survey of its tremendous application potential. Substantial investments have been made world over by corporations and Governments on implementing blockchain technology in multiple sectors and a large number of startups have sprung up in the past few years to harvest this technology in highly innovative ways. There are at least two major reasons why blockchain technology will survive the test of time. The first reason is it is deep technology founded on solid fundamental principles and technical rigor. Such a technology will always blossom, perhaps, in a slightly different form. The second reason is blockchain technology has the promise and potential to touch billions of people. It has the potential to enable vast improvements to existing applications and help launch radically new applications. One such application is enabling privacy-preserving B2B collaboration.

3.1 Requirements of the B2B Platform

Motivation for B2B Collaboration

Online B2B platforms are almost as old as the Internet itself. Electronic Data Exchange (EDI) brought the first wave of B2B transformation, providing significant benefits, especially, in the automotive and retail sectors [29]. However, the adoption of EDI and related mechanisms has not progressed beyond point-to-point messages and hence, not enabled ecosystem collaborations like supplier identification/selection, price negotiation, collective quality improvement, etc [41]. Apart from cost of EDI, another reason for the stalled progress has been the lack of a framework for collaboration which protects business sensitive information. B2B collaboration may appear to be rather paradoxical. Expecting businesses, who may be competitors, to cooperate, sounds implausible, however, there have been several studies that encourage it. Collaboration amongst businesses has been shown to be helpful in reducing supply chain costs both theoretically as well as empirically [5, 9, 14]. Furthermore, many studies show that to ensure continued quality in the products purchased from a strategic agent, it is necessary for all other buyers to know when a particular seller fails to deliver good quality [12, 15].


A typical online market platform, such as Amazon, Flipkart, eBay et cetera, allows for this by encouraging buyers to give feedback about the products they receive. Customers on these platforms accordingly make their decision based on the price quoted by the seller and the quality perceived from their own personal experience and the feedback regarding that seller. Enterprise agents would also like to have such information at hand to be able to choose the right supply chain partners [20]. However, giving such feedback is not a straightforward matter for enterprise buyers and sellers. Enterprise agents cannot have their identity and buying history be leaked by way of such feedback, and anonymous feedback in itself is not completely reliable. As a result, while there is a pressing need for a Business-to-Business collaboration platform, the sensitive nature of the information that must be exchanged on such a platform restricts the actual development.

Components of a B2B platform

On any B2B exchange, it is common to have a group of competing manufacturers (buyers) using the platform to interact with a common base of suppliers (sellers) to automate their procurement process. While they compete at an overall business level, they would like to cooperate for purposes of rating the suppliers for their quality, timeliness, compliance, et cetera, for collectively eliminating systemic inefficiencies. However, this is not possible at present because the available platforms do not have any functionality that allows collaboration without revealing business sensitive information such as who is transacting with whom. Permissioned blockchain networks bring the necessary levels of trust and data security along with the benefits of automation through smart contracts. There is a dire need for combining blockchain technology’s strengths with new ideas to ensure that agents can collaborate without revealing business sensitive information. In the context of rating suppliers for their quality, this amounts to the following: the buyers are able to collaborate in a way that they compute credible quality rating for the sellers with the guarantee that the buyers are incentivized to be honest and without revealing who buys from whom or what rating they have given. We achieve precisely this in our work with a confluence of ideas from game theory, encrypted private computations, and blockchain technology. In this thesis, we are motivated to undertake a principled study of how the blockchain technology facilitates better B2B collaborations across multiple networks. We propose a novel framework for orchestrating trusted and privacy-preserving B2B collaboration on blockchain platform. Further, we consider a prototypical example of B2B collaboration for implementing supplier rating system. We show how techniques from game theory and cryptography can be used for implementing such a system. We formulate a simple, stylized model that captures key aspects of a collaborative procurement process using a repeated game formulation. The motivation for choosing such a model is that it helps to bring out the key aspects of the problem without any diversions of actual business process. We consider an online B2B platform on which enterprise buyers and sellers interact repeatedly. Each seller can deliver either high quality goods or low quality goods. It costs a seller to produce high quality and to produce low quality. Further, the goods may be sold at a price fixed by the platform or different sellers may adopt different pricing strategies. The procurement happens in multiple rounds and in each round, a buyer chooses the seller to buy from. Further, each buyer gives a binary feedback on the quality of the received supply. If an oracle (a trusted third party with access to all the feedback), had to publish ratings for the sellers, these ratings would simply be the weighted average of the feedback that a seller gets from different buyers across all the rounds, with more importance for recent rounds. However, the assumption of a trusted third party itself is implausible, even more so for competing enterprise agents. Consequently, we look to blockchain technology to provide a decentralized solution. The problem is to first design a rating system which aggregates the buyer feedback such that:

  • Only the transacting parties get to know who bought from whom in any of the rounds, that is, it does not become public knowledge which buyer bought from which seller in any given round;

  • Sellers cannot decipher the exact feedback given about by a particular buyer in a specific round, unless everybody has given only low feedback or only high feedback;

  • The mechanism disincentivizes the buyers from providing dishonest feedback by means of a smart contract in place to penalize buyers suitably if feedback is found to be dishonest.

The design of such a strategy proof market platform (or simply strategy proof mechanism) involves many challenges, which we solve in this thesis, by drawing upon game theoretic analysis and smart contracts deployed on permissioned blockchains and multi-party secure computation. To achieve the aforementioned objectives, we propose a permissioned blockchain that implements an appropriate smart contract, in conjunction with regulation protocols (a public perception protocol and a monitoring protocol). Given such a marketplace that has a blockchain infrastructure and regulation protocols in place, we next explore different pricing rules and punishment strategies in a game theoretic setting with the objective of identifying mechanisms that maximize social welfare (that is, induce high quality goods to be produced most often).

3.2 A Framework for a Blockchain based B2B Platform

Having listed the requirements from the B2B platform, we introduce a formal framework to model and analyze events that take place on the B2B platform, and thus on the permissioned blockchain. To the best of our knowledge, this is the first notation used to formally capture the events on a blockchain-based platform. One of the purposes of this notation is to help capture and study the information shared on the platform, and whether any of the constraints discussed in 3.1 are violated. Another motivation for this framework is to formally encapsulate the nature of the blockchain ledger as a set of sequential events. An event on the blockchain may be a consequence of any subset of prior events. The framework assumes that the blockchain is a permissioned one. We use a permissioned blockchain setup as it helps provide a simple to implement reputation system and additionally provides provenance to all the events and information. The framework also provides notations for the analysis protocols deployed on such permissioned blockchains with regards to the anonymity properties satisfied.
Let be the set of participants (aka nodes) in a permissioned blockchain network.
Let be the set of all transactions (aka events) that occur as a part of collaboration between nodes in . For each event , there is an associated set of participants represented by ; it represents the set of participants involved with the event . Further, for each event , there is an associated record denoted by ; this captures the outcome of the event . Participants in the network may have selective access to the information about an event.
Let denote the subset of data fields of that can be accessed by the node .
Thus, is the overall data that is accessible to participant .
We denote the union of all accessible information in the blockchain network by , i.e, . Consider a function that can be computed if there is an oracle with access to the information .
Consider a protocol which

  1. Consists of an ordered set of encrypted messages generated by the nodes in , and,

  2. Executes a sequence of computation steps, denoted by with each step being carried out by a subset of nodes, where, each step may consume any subsequence of previously generated messages.

Suppose the protocol computes a function . Conceptually, one may regard the last step as a step carried out by a set of special monitor nodes. The protocol is said to be a secure and private simulation of if it satisfies the following conditions:

  1. If , then, even with access to and , cannot infer the exact set

  2. No node can infer any data belonging to

We regard, , the set of messages generated by all the nodes, as constituting the blockchain ledger. A B2B collaboration is essentially a sequence of computation steps We say that the collaboration can be securely and privately simulated on the blockchain if each of the steps has a secure and private simulation protocol. This framework is general enough to capture a host of B2B collaboration scenarios.
For our current problem, is the set of all buyers and sellers.
Each transaction between a buyer-seller pair is represented by an event .
Associated with each event is the record price, cost, quality, rating; the buyer knows price, quality, rating while the seller knows price, cost, quality.
Our goal is to compute the supplier rating that closely approximates the rating that an oracle with complete access would compute while satisfying trust and privacy issues captured in Section 3.1.

3.3 Building Blocks of the Framework

3.3.1 The Model

We now set up the model of the procurement process to be studied. Let be the set of buyers and , the set of sellers. Therefore, Let and be the number of buyers and number of sellers, respectively. We assume that and ; otherwise, irrespective of the system, anonymity constraints can never be met. If , then each seller knows that the buyer who did not buy from him, chose to buy from the other seller, if any. If , the sellers who have made a sale know which buyer has bought from whom, as if a buyer has not bought from him, she must have bought from the only other seller who has made a sale. We assume that the list of sellers who have made at least one sale in a given round is made public at the end of that round. Thus, it is imperative to assume that both and are strictly greater than 2. The recurring interactions are modeled as a repeated game. We formally define repeated games in the next chapter. Each round of the repeated game takes place as follows:

  1. Each buyer selects a seller to buy from and places an order

  2. Each seller decides what quality to give to which buyer

  3. Based on the quality received, the buyer submits encrypted feedback

(a) Buyers choose seller
(b) Sellers decide the quality
(c) Buyers submit feedback
Figure 3.1: An example round.
Red-dotted arrows and green-dashed arrows denote low and high quality respectively

The set of sellers who are making at least one sale is shared with all buyers and sellers through a smart contract at the end of each round. The buyers then deploy the public perception protocol, amongst themselves, for calculating the ratings of the sellers. Each buyer maintains a personal history vector which denotes the discounted average number of times the sellers have given buyer a high-quality product. For those sellers, with whom the buyer has never transacted, is the initial perception. is also the rating for sellers who are yet to make a sale. Thus, , .


where is the indicator function of whether seller gave buyer a high-quality product in round , and is the indicator function whether seller sold to buyer in round . is in round if else is . We model the buyer as being somewhat optimistic in believing the initial perception if the public perception is not as good, but once a buyer starts believing the public perception, she does not revert to the initial perception. The discounting factor is , . This value is private information of the buyer, and is not revealed during the game. At the start of each round, a buyer will compute the likelihood perceived by her that seller will give a high quality product in that round. She does so by taking a weighted average of her own history with the seller, and the seller’s public perception. This gives the buyer’s personal perception vector:


where is the type of the buyer, assigned by nature. denotes the weight that buyer places on her own history with a seller versus the seller’s public perception. Expected utility of a buyer from a seller is

where is the price charged by seller . Each buyer will choose the seller who maximizes her expected utility. If there are multiple such sellers, then the buyer chooses the one who most recently gave a high-quality product if any, else chooses randomly among them. Therefore, the first choice of seller will always be random. For a seller, as all buyers are equivalent, we assume that a seller will always follow the same strategy for all buyers. Seller has a discounting factor for future payoffs, which determines the strategy chosen. Thus, choosing a payoff of has utility in the current round, in the next round, in the round after that, and so on. We elaborate on this when we cover repeated games in the next chapter.

3.3.2 Cryptographic Protocols

Based on the model defined above, we propose a Multi-Party Computation (MPC) protocol to compute the public perception vector and to ensure that the requirements listed in 3.1 are satisfied. In order to do so, we utilize the blockchain structure and make an additional assumption that the indicator function , which denotes whether or not a seller has made at least one sale in round , is public knowledge to all entities. This can easily be ensured by means of a smart contract that is deployed across all the channels on the platform. We call the aforementioned MPC protocol as the Regulation protocol. This protocol is deployed amongst the buyers at the end of each round, by means of a smart contract. The core structure of the regulation protocol is as follows:

  • The protocol contains a set of monitors who together with a software entity (SE) are responsible for identifying dishonest feedback monitor the behavior of buyers.

  • Each buyer shares her encrypted feedback among the buyers and they jointly compute the components of public perception vector using homomorphic encryption.

  • Finally, the buyers utilize the results of the computation to obtain .

This protocol is essential to the platform as it provides a secure method for computing ratings for sellers, without revealing buying histories, both of which are critical for buyers. Further, it validates the assumptions made in the analysis presented in the next chapter. The details of this protocol are presented in Chapter 5.

The Rating System

We now define the exact formulation of the ratings that are computed by the regulation protocol. As mentioned earlier, if an oracle were to compute these ratings, she would simply consider the fraction of sales made by the seller which are rated high, giving more weight to recent rounds. We attempt to replicate these ratings in a decentralized fashion. The public perception of a seller , calculated by the regulation protocol, is the discounted average of the fraction of sales made by which were given a high feedback, using random parameters. The data taken from each round is whether a seller has made a sale in that round, and if so, what fraction of the sales were reported to be of high-quality. The data from round , in the current round has weight . Thus, the most recent round has weight 1, the one before that has weight and so on. Rounds in which no sales were made have weight 0. The weighted average of this data is the rating of the seller. The public perception vector is computed in round as follows:


where is the fraction of sales made by seller in round that got a feedback of being high-quality, and is the indicator function whether seller made any sales in round . If seller has not made any sale till round then . The value of is chosen uniformly at random from the interval in each round. This interval is agreed upon by all the buyers, prior to the commencement of trading on the market. This is done to prevent sellers from deciphering the exact feedback given for them. As the value of used for all sellers is the same, there is no partisanship. Henceforth, we use the terms ‘public perception’ of a seller and his ‘rating’ interchangeably.

3.4 Conclusion

A platform where enterprise buyers jointly compute the rating or reputation of the sellers is not without constraints. The aggregation of the feedback must preserve the anonymity of the feedback given by each agent, at the same time incentivize these agents to be honest in their feedback. The details of the monitoring protocol which will be deployed are covered in Chapter 5. The interactions between buyers and sellers are further modeled as a repeated game. The outcome of these interactions under various pricing rules is studied in the following chapter.

4.1 Strategic Form Games and Nash Equilibrium

Game theory is a study of interactions between strategic agents that are rational and selfish. Agents or players know the game and act to maximize their own payoff or utility. We first define Strategic Form Games and Nash Equilibria. Definitions in this section are taken from [31].

Definition 4.1.1.

A strategic form game is a tuple where

  • is a finite set of players

  • are the strategy sets of the players

  • for are mappings called the utility functions or payoff functions

Strategic form games assume that all players act simultaneously, with no knowledge of what strategy other players are going to choose. We give the example of a well known strategic form game called Prisoner’s Dilemma in Table 4.1. The game captures a setting where two prisoners, Anita and Bharat, are suspected of having committed a crime and are being interrogated in separate rooms. Each of them has the option of confessing or not confessing. If neither confesses, they both get minimal punishment of each. If only one confesses, then that person does not get punished, and the other gets the entire punishment for the crime . If both confess, the punishment is divided amongst the two and each get .

Confess Not Confess


Confess -5,-5 0,-10
Not Confess -10,0 -1,-1
Table 4.1: The Prisoner’s Dilemma

Clearly, the socially optimal outcome would be when neither of them confess. However, it is easy to check that whether Anita confesses or not, Bharat will be better off confessing and vice versa. Thus, the outcome of this game, when played by rational and selfish agents, is having both of them confess. This is because Anita’s best response to Bharat confessing is to confess herself. A strategy profile where the strategy chosen by each player is also their best response to all the other players’ chosen strategies is called a Nash Equilibrium.

Definition 4.1.2 (Pure Strategy Nash Equilibrium).

A strategy profile is said to be a pure strategy Nash equilibrium of the game if

Thus in the Prisoner’s Dilemma game, is a Pure Strategy Nash Equilibrium (PSNE). A strategic form game need not have exactly one PSNE. Given below are two different strategic form games, one with two PSNE and one with none.



B 2,1 0,0
S 0,0 1,2
Table 4.2: Bach or Stravinsky

This game, called Bach or Stravinsky, captures a setting where two friends need to simultaneously decide whether to attend a performance by Bach or one by Stravinsky without consulting the other person. While Chitra prefers Bach to Stravinsky, Dhruv prefers Stravinsky to Bach, but neither enjoy going alone. As a result, if Chitra were to know where Dhruv is going, irrespective of which of the two strategies David chooses, she would do the same, and vice versa. Consequently, this game has two PSNE, namely and . We now study a commonly played game called Matching Pennies. Two players, Vandana and Kishor choose a side each. If both choose the same side, Alex wins, otherwise Sara wins. This game is denoted as a strategic form game in Table 4.3.



H 1,-1 -1,1
T -1,1 -1,-1
Table 4.3: Matching Pennies

It is easy to see that this game does not have a PSNE. If both choose the same side of the coin, Vandana will want to change her choice. If they don’t Kishor will want to change. However, if Kishor and Vandana were to choose a probability distribution with which to choose a side, and then leave the actual choice to the toss of a private coin, the choice of probability distribution would indicate a

Mixed Strategy.

Definition 4.1.3 (Mixed Strategy).

Given a player i with the set of pure strategies , a mixed strategy of player is a probability distribution over . That is, assigns to each pure strategy , a probability such that .

Each pure strategy of a player is also a degenerate mixed strategy. The set of all probability distributions on is denoted as , and is often called the mixed extension of . Thus,

A Nash Equilibrium can be defined using mixed strategies as follows:

Definition 4.1.4 (Mixed Strategy Nash Equilibrium).

A mixed strategy profile is said to be a mixed strategy Nash Equilibrium of the strategic form game , if

All of the aforementioned games have Mixed Strategy Nash Equilibria (MSNE). For the Matching Pennies game, is the MSNE. In fact, Nash has proven that every finite strategic form game has a MSNE.

Theorem 4.1.1 (Nash [33]).

Every finite strategic form game has at least one mixed strategy Nash equilibrium

4.2 Extensive Form Games and Subgame Perfect Equilibrium

Strategic form games assume that players move simultaneously, with no knowledge of the other players’ choices. However, a large class of games, such as chess, do not belong to this paradigm and are actually played sequentially, and players may or may not be able to observe the choice made by other players when it is their turn play their own strategy. Extensive form games provide a framework to capture such games. The definitions in this section have been taken from [31].

Definition 4.2.1 (Extensive Form Games).

An extensive form game consists of a tuple where

  • is a finite set of players.

  • for is the set of action available to player (action set of ).

  • is the set of all terminal histories where a terminal history is a path of actions from the root to a terminal node such that it is not a proper subhistory (including the empty history ) of all terminal histories.

  • is a player function that associates each player subhistory to a certain player.

  • for is the set of all information sets of player .

  • for gives the utility of player corresponding to each terminal history.

Choosing a strategy in an extensive form game doesn’t seem the same as choosing one in a strategic form game. At different stages in the game, different actions may be possible. Given an information set , let be the set of all actions possible to player in the information set . A strategy is formally defined as follows

Definition 4.2.2 (Strategy).

A strategy of player is a mapping such that .

Thus, a strategy maps every possible information set to an action. The strategies chosen by all the players in the game determine the outcome of the game.

Definition 4.2.3 (Outcome).

Given an extensive form game and a strategy profile in the game, the outcome resulting from the terminal history corresponding to the strategy profile is called the outcome of and is denoted by .

An example of an extensive form game is given in Figure 4.1, called the Entry game. A challenger must decide whether or not to enter a new industry and accordingly challenge the incumbent, who’s already present in the industry. If the challenger does not choose to enter, then the challenger and incumbent get a utility of 1 and 2 respectively. If the challenger does enter, the incumbent must choose to either fight her or accommodate her. If he chooses to fight her then both get a payoff of else, the challenger gets a payoff of and the incumbent a payoff of .

Figure 4.1: Entry Game
Definition 4.2.4 (Subgame).

Given an extensive form game and a non-terminal history , the subgame following is the part of the game that remains after the history has occurred.

A pure strategy Nash equilibrium for extensive form games is defined as follows:

Definition 4.2.5.

(Pure Strategy Nash Equilibrium (PSNE)) Given an extensive form game , a strategy profile is called a pure strategy Nash Equilibrium if ,

Essentially, a pure strategy Nash equilibrium checks that each player’s chosen strategy is optimal given the strategy chosen by other players, at the start of the game. It only takes into account the terminal history that actually occurs as a result of the strategy profile, and does not consider other subgames. If we were to do so, we would be considering a different notion of equilibrium called Subgame Perfect Equilibrium (SGPE).

Definition 4.2.6.

(Subgame Perfect Equilibrium) Given an extensive form game , a strategy profile is an SGPE if ,

where denotes the outcome corresponding to the history in the strategy profile .

Clearly, a PSNE is also a SGPE. The PSNE of the Entry Game are (Stay Out, Fight) and (Enter, Accommodate). However, the only SGPE of this game is (Enter, Accommodate).

4.3 Repeated Games

As seen earlier, in the Prisoner’s Dilemma game, as the agents try to maximize their own payoff, they end up reaching an outcome that is not pareto optimal. As there is nothing to deter them from making the selfish (and rational) choice of confessing, they choose to do so. A strategic form game does not capture the consequences of the decision and does not facilitate a ”threat of punishment”. To do so we study repeated games. The definitions in this section have been adapted from [34].

Definition 4.3.1 (Repeated Game).

Let be a strategic form game. The -period repeated game of G for the discounting factor is the extensive game with perfect information and simultaneous moves where

  • is the set of players.

  • the set of terminal histories is the set of sequences of action profiles in .

  • assigns the set of all players to every history for every value .

  • the set of actions available to player after any history is .

  • each player evaluates each terminal history according to the discounted sum .

The infinitely repeated game of for the discount factor differs only in that the set of terminal histories is the set of infinite sequences and the utility to each player to the terminal history is the discounted sum . In a repeated game, if a player does not cooperate in one round, they may have to face some punishment by the other players in future rounds. In the example of Prisoner’s Dilemma, it is beneficial for both the players, if neither of them confess. Irrespective of what strategy a player chooses, they will be worse of if the other player decides to confess. Thus, the players can mutually agree not to confess and that if one of the players confesses in a round, then the other will confess as punishment in future rounds. Typically, three types of punishment strategies in repeated games are studied:

  • Grim Trigger: Under grim trigger strategies, if one player does not cooperate in one round, then all other player will punish the defecting player in all future rounds.

  • Tit for Tat: Under tit for tat, if a player does not cooperate in a round, then she will be punished in the next round.

  • Limited Punishment: Under limited punishment, if a player does not cooperate in a round, then she will be punished by the other players for the next rounds, where is finite and fixed.

It can be shown that for the repeated game for Prisoner’s Dilemma, following Grim Trigger/Tit for Tat/Limited Punishment form Nash equilibrium. In the presence of such punishment strategies, whether cooperating actually becomes a Nash equilibrium depends on the discounting factor of the players. The discounting factor of the agents is an indicator of their patience. It determines whether agents will choose a short term profit by defecting, or choose to get consistent gains over a long period of time by cooperating in equilibrium.

Theorem 4.3.1.

A repeated game of the strategic form game will always have a Nash equilibrium


From 4.1.1 we know that every strategic form game has a Nash equilibrium. Clearly, the Nash equilibrium of will also be a Nash equilibrium of the repeated game of . Thus, a repeated game of the strategic form game will always have a Nash equilibrium. ∎

Determining the subgame perfect equilibrium of a repeated game is a relatively simpler matter than doing so for general extensive games.

Definition 4.3.2 (One Deviation Property [34]).

No player can increase her payoff by changing her action at the start of any subgame in which she is the first mover, given the other players’ strategies and the rest of her own strategy.

This property is used to determine whether a strategy profile is a subgame perfect equilibrium for the given repeated game.

Theorem 4.3.2 (Subgame Perfect Equilibria in Repeated Games, [34]).

A strategy profile in a repeated game with a discount factor less than 1 is a subgame perfect equilibrium if and only if it satisfies the one deviation property.

In our analysis, for a given pricing model and punishment model, we determine the subgame perfect equilibria.


When cooperation doesn’t take place in a repeated game framework, a punishment aspect naturally comes up. In the model at hand, sellers cooperate by providing good quality products, and buyers do so by giving honest feedback. Our framework punishes buyers by means of the monitoring protocol and the smart contract deployed. Every infraction by a buyer, detected by the monitoring protocol (described in the next chapter), is penalized by a fee, which is the sum of the geometric progression with the first term as the maximum utility a buyer may receive in one round and the common ratio equal to with being a positive quantity close to , agreed upon by all the agents in the market prior to its commencement. The fee is chosen in this manner to try to ensure that for providing dishonest feedback, the buyer will incur a loss greater than any utility she can receive from further purchasing on the market. We also ensure that our protocol does not detect dishonesty when the buyer has given honest feedback, thus removing any individual rationality issues. Hence, in our framework, sellers do not actively punish the buyers, and we do not discuss any punishment strategies for sellers. The regulation protocols ensure that buyers will be honest. Buyers, on the other hand, can follow various punishment strategies, in order to penalize sellers for providing bad quality goods. To this effect, we study traditional punishment strategies, like tit for tat, which are implemented on an individual level by buyers for having received poor quality in some recent round. We also study punishment at a market-wide level as well, where a seller is punished by all buyers in the market, if his public rating drops below a threshold value. Additionally, we assume that all buyers follow the same punishment strategy. The next section analyzes this model under different pricing rules and punishment strategies.

4.4 Analysis of Homogeneous Pricing

This is the simplest pricing model. Each seller sells her product at price . In this model, buyers value a high-quality product at and a low-quality product at . Thus, the payoff matrix of the buyer and seller from one single transaction becomes:

Table 4.4: Payoff Matrix for Homogeneous Pricing With

This pricing rule and the rule for selecting a seller discussed in the previous chapter, ensure that:

  • As long as a seller continues to provide high quality to all his buyers, he will not lose any buyers. The reason is that under homogeneous pricing, the price does not change, so the selection of a seller reduces to selecting a seller who will give the highest quality.

  • If all other sellers have only given poor quality, hence have , a seller giving high-quality even once will be preferred henceforth, whenever he is not being punished.

We find that these hold for both the punishment models discussed below.

Punishment Model: Local Punishment

In this model, we analyze traditionally studied punishment strategies of grim trigger, tit for tat and limited punishment. Under these strategies, a buyer will punish a seller who has given her low quality products by giving a bad feedback in that round and blacklisting for some rounds. The duration of the blacklisting is determined by the type of strategy chosen. Punishment is given to a seller in round by buyer b, only if . If all sellers have been blacklisted by a buyer in a round, the buyer will not make any purchase. Thus, in our model, a buyer will choose the seller who maximizes her expected utility, and is not being punished in that round. Thus, henceforth the strategy chosen by buyers to select the seller in a given round will not be explicitly considered, rather it will be considered as something that naturally follows from the punishment model, the quality received in previous interactions and the ratings.

4.4.1 Grim Trigger Strategies

Under this punishment strategy, on receiving poor quality, a buyer blacklists the seller for all future rounds. Thus, irrespective of the rating of other sellers, if a seller does not cooperate with a buyer once, the buyer will not return to the seller. For a seller to choose to cooperate with a seller, the utility of the seller for cooperating must be more than that for not cooperating. Let denote the strategy that a seller gives out only high quality products to all the buyers. Thus, his utility from is the sum of the geometric progression with the first term as and common ratio , which is . The utility from not cooperating is alone, as the buyer does not return in future rounds. Thus, will follow if

If then, by simply adding to both sides, . Thus, a seller has no incentive to delay giving low-quality. This leads us to the following theorem:

Theorem 4.4.1.

Under grim trigger strategies, if , then a seller will follow , else will give only poor quality.

4.4.2 Tit for Tat Strategies

Under these strategies, blacklisting is for exactly one round. If all sellers are following , then after the first round a seller will neither gain nor lose a buyer. After the first round, the value of . To check if this is a subgame perfect equilibrium, we need only check if a single deviation for a seller will benefit them. Assuming all buyers are honest, if a seller gives a low-quality product to a buyer , will punish . As the feedback is honest, buyer will report and will lose all their customers in the next round. In the next round where does not blacklist , as the value of will have dipped, does not ever return to . Thus, if at round , has customers, then by giving only a low-quality product in this round, the seller will lose all the customers in the next round, nonetheless. Thus, seller will give out all the customers low-quality products. Hence, seller will deviate from if:

It is easy to see that high quality offerings are driven by (a) the ratio and (b) competition. Even if two sellers have , the same reasoning will compel them to follow in equilibrium. For a seller , if , there is no reason to delay giving poor quality, and hence will follow . This leads us to the following theorem:

Theorem 4.4.2.

If , for at least two of the sellers, then the subgame perfect equilibrium for these sellers is to follow and the others sellers to follow .

We now consider when would low-quality be a subgame perfect equilibrium. If all sellers follow , then and initially buyers cycle through all sellers, till , after which each buyer randomly selects a seller in each round. Thus, a single deviation by seller to will result in all buyers buying from sellers in every round they are not punishing . Thus, for all sellers playing to be a subgame perfect equilibrium, we need that for all sellers:

Thus, for to be a subgame perfect equilibrium, the only condition is:

In this condition, is not only an equilibrium strategy but also a dominant strategy. The sellers have no motivation to give even a single high-quality product, even if it means that they will get all the buyers henceforth. Hence, any seller, for whom , is a dominant strategy. Therefore, we have the following theorem:

Theorem 4.4.3.

If , for a seller, then is a dominant strategy.

We now study the case when neither nor can be a subgame perfect equilibrium.

Theorem 4.4.4.

There is no pure strategy Nash equilibrium possible for homogeneous pricing other than and .


Let us consider the setting where

If for all sellers, is the same, then they will follow the same strategy in equilibrium. The analysis for this case generalizes to there being at least two sellers having the highest value of . It is easy to see that as these sellers are the most patient, all the buyers will be buying from these sellers, and the other sellers will be playing . Consider, that there is no punishment. Thus, when all sellers are playing the same strategy, then buyers never switch from one seller to another. Having implies that the strategy followed cannot have only high-quality offerings, and if implies that only low-quality will not be sustained.

Necessary Conditions for Equilibrium

Let be the periodic strategy where for rounds the seller gives high-quality then gives low-quality for one round and so on. To sustain as an equilibrium strategy there must be no incentive deviate from either or thus, to sustain this we need to ensure that there is no incentive to deviate from . The incentive to deviate from will be maximum after having given in the previous round. The utility at this point from a single buyer is:

On deviating, will lose all his buyers. Thus, if deviates, he will give all buyers low-quality. Consequently, his utility from a single buyer on deviating is . Thus, to ensure that there is no incentive to deviate from , we need

On simplifying we get


We also need to ensure that there is no incentive to deviate from . The utility on giving is

On deviating from for even one of his current customers, all buyers, who did not receive in this round will buy from in the next round. This incentive will be maximum when has only one buyer. Thus, we analyze this case. On deviating from , the utility will be

Thus, to ensure that there is no incentive to deviate from we need:

On simplifying we get


This can be rewritten as



Infeasibility of Equilibrium Conditions

Hence, to have as an equilibrium strategy, we need




Thus we have shown that the denominator in the LHS of 4.5 will always be strictly greater than the denominator of the RHS. Now we consider the difference between the numerator of the RHS and that of the LHS of 4.5

Now, as , this value will always be greater than 0. Thus, we have that the numerator in the LHS of 4.5 will always be strictly less than the numerator of the RHS. As a result, 4.5 will never be satisfied. To reduce the incentive to deviate from , we need a higher ratio, and to reduce the incentive to deviate from we need a lower ratio. Consequently, will never be a subgame perfect equilibrium, for any value of .

Considering Other Strategies

Here we have considered a setting, without punishment. Having punishment of any form will only increase the incentive to deviate from , and decrease the incentive to deviate from . Thus, even with punishment, will never be a subgame perfect equilibrium, for any value of . Increasing the number of low-quality given, will simply increase the incentive to deviate from . Let us now consider a setting where the highest value of is achieved by exactly one seller, say . Let play strategy , with , such that is more than what the other sellers can sustain. Thus, the best response of all the other sellers is to play . But the best response of to all other sellers playing is to reduce the amount of high-quality. In this case the best response of the seller with the second highest value of , call this seller , would be to start giving so as to have ’s customers switch to , forcing to increase the amount of high-quality back to . Thus, there is no pure strategy equilibrium in this case. Hence, there is no pure strategy subgame perfect equilibrium when:

∎ Along with the characterization of pure strategy subgame perfect equilibria, we also infer that competition and profit margin are major driving factors in the quality offered by sellers. If at least sellers have and exactly one seller has the highest ratio, then this seller has a monopoly, and will follow the strategy that maximizes his utility. This strategy also ensures that all buyers in the market return to him, whenever they are not punishing him. This case is neither particularly interesting nor practical. We now study the effect of increasing the duration of blacklisting.

4.4.3 Limited Punishment Strategies

In limited punishment, punishment is given by buyer for receiving low-quality from a seller for rounds. This implies, that the buyer will give low feedback in that very round and for the next rounds, the buyer will blacklist seller .

Theorem 4.4.5.

If , for at least two of the sellers, then the subgame perfect equilibrium for these sellers is to follow and the others sellers to follow .


Similar to tit for tat, the utility from playing in any given round is . On deviating, the seller will lose all his customers. Hence, the utility on deviating is . Thus, for to be a subgame perfect equilibrium strategy for , we need

When at least two sellers have , then all other sellers will play . ∎

We now characterize when giving low quality will be a SGPE.

Theorem 4.4.6.

If , for all sellers, then all sellers playing is a subgame perfect equilibrium.


All sellers following and all buyers giving honest feedback will be a subgame perfect equilibrium if:

Theorem 4.4.7.

If , for a seller, then is a dominant strategy.


The sellers have no motivation to give even a single high-quality product, even if it means that they will get all the buyers henceforth. Hence, any seller, for whom , is a dominant strategy. ∎

From Theorem 4.4.4, we have that there can be no other pure strategy SGPE. Clearly, increasing the duration of the blacklisting reduces the incentive to provide low-quality, even in the case of monopolies, where at least sellers have . This analysis completes the characterization of subgame perfect equilibria under typical punishment strategies for repeated games. We now explore punishment strategies implemented market-wide.

4.4.4 Punishment Model: Threshold Punishment

In this punishment model, punishment is no longer given for every infraction, by a single buyer. Rather, the market as a whole blacklists a seller if their public perception falls below a threshold value for

rounds. The reason for exploring this model is, that in the pure strategy equilibria in the local punishment model, a single infraction , despite having given consistent high-quality earlier, necessitated that the buyer switch to another seller, even though the other seller is behaving identically. This is not very practical. The selection of the seller is still on the basis of maximization of expected utility, based on their own estimated likelihood of getting a high-quality product. A seller is blacklisted only if the value of

is less than the specified threshold. A blacklisted seller is reintroduced to the market after rounds with the threshold value as his rating. For homogeneous pricing, we set the threshold value as that below which the expected utility would be negative. Thus, the threshold for homogeneous pricing is . Analysis similar to that of the always punish model helps us find the subgame perfect equilibria.

Theorem 4.4.8.

If , for at least two of the sellers, then the subgame perfect equilibrium for these sellers is to follow and the others sellers to follow .


Similar to local punishment, the utility from playing in any given round is .On deviating, the seller will lose all his customers. Hence, the utility on deviating is . Thus, for to be a subgame perfect equilibrium strategy for , we need

When at least two sellers have , then all other sellers will play . ∎

Theorem 4.4.9.

If , for a seller, then is a dominant strategy.


All sellers following and all buyers giving honest feedback will be a subgame perfect equilibrium if:

From Theorem 4.4.4 we have that there is no other SGPE. Let us now compare the bounds established by limited punishment and threshold punishment to find which model disincentivizes low quality better.

Theorem 4.4.10.

Threshold Punishment model disincenitvizes low-quality offerings better than Local Punishment.


For threshold punishment we need