key: cord-0623236-1h7e0ma4 authors: Pandey, Mayank; Agarwal, Rachit; Shukla, Sandeep Kumar; Verma, Nishchal Kumar title: Reputation-based PoS for the Restriction of Illicit Activities on Blockchain: Algorand Usecase date: 2021-12-21 journal: nan DOI: nan sha: 48bad638c32bcabddc4c0d9daf48994ad4cd848c doc_id: 623236 cord_uid: 1h7e0ma4 In cryptocurrency-based permissionless blockchain networks, the decentralized structure enables any user to join and operate across different regions. The criminal entities exploit it by using cryptocurrency transactions on the blockchain to facilitate activities such as money laundering, gambling, and ransomware attacks. In recent times, different machine learning-based techniques can detect such criminal elements based on blockchain transaction data. However, there is no provision within the blockchain to deal with such elements. We propose a reputation-based methodology for response to the users detected carrying out the aforementioned illicit activities. We select Algorand blockchain to implement our methodology by incorporating it within the consensus protocol. The theoretical results obtained prove the restriction and exclusion of criminal elements through block proposal rejection and attenuation of the voting power as a validator for such entities. Further, we analyze the efficacy of our method and show that it puts no additional strain on the communication resources. Digital payments saw an exponential rise in 2020 due to COVID-19 and work-from-home culture. This also saw a rise in cryptocurrency-based transactions with market capitalization tripling in 2021 [32] . Such a rise in adoption and demand not only saw the prices of various cryptocurrencies rise but also saw an increase in illicit activities [10] . Illicit activities are performed mainly due to the exploitation of the vulnerabilities in the blockchain infrastructure (hardware/software) [3] . For example, in the case of Ethereum, the DAO hack exploited Reentrancy vulnerability [23] where DAO lost $70 Million. In a recent Poly network attack, the attacker exploited the multi-sig vulnerability to siphon-off $600 Million [56] . Apart from the aforementioned types of attacks, attackers also target cryptocurrency users through social engineering techniques. Additionally, some of the users use cryptocurrency to facilitate different illicit activities such as gambling and money laundering. In terms of impact, there was a 311% rise in ransomware activity (a social engineering-based attack) that caused $20 Billion loss alone in 2020 [10] . Activities such as terrorist financing, darknet marketplaces, and financing of child abuse material are also prominent in cryptocurrency-based blockchains. Thus, a question we ask is how can we restrict such illicit activities in cryptocurrency-based blockchain? There are many machine learning (ML) based techniques that have been proposed to detect suspicious accounts are not only based on the transaction history (behavior based) [4, 38, 2, 11] but also utilise the meta-data information attached to the address [49] . Further, services such as Chainalysis 1 perform a dynamic exploration of the blockchain through use of proprietary ML algorithms. Such services and ML-based approaches are not integrated with the blockchain infrastructure. They operate outside the blockchain and have characteristics such as using the transaction history, being paid, dependent on ground-truth information, and are computationally expensive. Moreover, few approaches define reputation of user in the blockchain network using various mechanisms that although are behavior oriented but are either communication expensive [34] , maintain a side chain [5] , or biased [26] . Within the blockchain network, another set of approaches exist that design and modify consensus algorithm to limit illicit activities. For example, in Ethereum [57] , slashing is proposed to confiscate validating user's stake in case the user is involved in any malicious activity (such as signing two proposed blocks at the same time and validating double-spending transactions). However, the definition of illicit activities for these algorithms is limited to the activities that attempt to disrupt the functioning of the blockchain network by exploiting vulnerabilities in the blockchain system. For illicit activities such as money laundering and other social engineering based attacks such as phishing, there are no countermeasures except for Anti-Money Laundering (AML) regulations outside the scope of blockchain. There is no inbuilt mechanism in the blockchain to limit criminals from exploiting cryptocurrency-based blockchains for their illicit gains. Even if a certain user practices/shows illicit behavior, it takes a lot of time for the Law Enforcing Agencies (LEAs) to capture him [30] , sometimes which never happens due to pseudonymity in the blockchain networks. Thus, justifying the need for regulation in the cryptocurrency-based blockchains for the users involved in illicit activities. The gap present defines our objective as to propose a mechanism for regulating malicious entities within the framework of blockchain. In this work, we provide a mechanism to deal with the user accounts involved in illicit activities in the consensus process and conduct a theoretical feasibility study for the same. For our purpose, we select the Proof of Stake (PoS) consensus algorithm as implemented in Algorand [12] . Our choice is based on the following facts. It provides the deterministic finality of the block immediately after the end of each block consensus round as its PoS algorithm combines with the byzantine fault tolerance (BFT). The creators of Algorand claim to solve the blockchain trilemma [31] of decentralization, security, and scalability. The features pertaining to the proposer/validator selection process and data encryption claim the Algorand blockchain to be most resilient against the adversarial attacks on the network among the existing permissionless blockchains. Even though Algorand claims limiting illicit activities, it has no inbuilt provision against the users engaged in social engineering-based illicit activities. We thus propose modifications to Algorand's PoS consensus algorithm and perform a theoretical analysis of our method. Our method integrates the result of a state-of-the-art ML model (that identifies the probability of being suspicious, equivalent to the 1 -reputation score) [4] with Algorand's consensus algorithm. In Algorand, to achieve consensus, each node performs several steps (cf. Appendix A). In the first step, a node depending on certain criteria, forms and proposes a block. This block is then validated by other nodes (called validators, selected based on certain criteria) in multiple steps powered by a verifiable random function (VRF). We parameterize the received output of the VRF with the reputation score to make the decision on accepting or rejecting a block proposal. The votes of the validators are changed in accordance with their respective reputation score. This process happens at each node with no additional communication of any extra information. Each user makes a decision based on the reputation scores unilaterally and then the cumulative effect of all such decisions leads to the outcome of consensus round. Our methodology restricts the criminal entities and, in the process, freezes their accounts in a way that no transactions from such entities will get approved by an honest validator. We explain our proposed method in detail in section 4. Note that our method is applicable to other cryptocurrency-based blockchains as well but with suitable modifications according to the consensus process used. Our approach is different from slashing. In our method, there is no loss of cryptocurrency. Instead, there is a temporary loss of voting power based on the behavior. Also, note that we do not focus on detecting the vulnerabilities in the system but instead focus on restricting illicit activities that are either socially motivated, exploit vulnerabilities, or use cryptocurrency as a tool to facilitate the illicit activities. In summary, our contributions are: • State-of-the-Art Analysis: We identify the gaps within the different consensus algorithms with respect to the handling of users carrying out illicit activities. • Reputation score based Consensus method : We propose an algorithm for associating reputation to each user and use it to enhance resilience against criminal activities in PoS consensus-based blockchain networks. • Feasibility Analysis: We incorporate our method with the Algorand blockchain network consensus process and theoretically analyze the same in terms of parameters such as communication hop, time, space and overhead. The remaining part of the manuscript is organized as follows. Section 2 provides a brief overview of the background of relevant blockchain functionalities and threats to the network. Section 3 lists out the related work with respect to detection of illicit users and proposed reputation models followed by the motivation for our proposed methodology. In section 4, we provide the proposed methodology for Algorand blockchain in detail along with the derived theoretical results. In section 6, we analyze the proposed methodology with respect to communication and space parameters to show the effect on the Algorand consensus protocol functioning. Finally, in section 7, we conclude along with a discussion into the future prospects for our proposed approach. In this section, we focus on the consensus process in permissionless blockchain networks. In a permissionless blockchain network, every node has the opportunity to perform a transaction, propose a block of transactions or verify and validate the same. The communication in all permissionless blockchains' consensus protocols is the variant of the same in Byzantine Fault Tolerance (BFT) consensus process [21] . However, for cryptocurrency-based permissionless blockchains, the functioning of the BFT protocol is modified. There are several consensus protocols such as Proof of Work (PoW), and Proof of Stake (PoS), which are examples of such variations. Here, we only discuss the major consensus protocols that are adopted especially by the cryptocurrency-based blockchain and provide an overview of different threats and illicit activities that have happened in such cryptocurrency-based blockchain. For the detailed study of the same, in [6] , the authors survey different consensus protocols used in different blockchains. They highlight the performance and scalability issues in different protocols and emphasize the need to mitigate these issues for enabling widespread adoption. For the scope of our paper, we provide a brief overview. Blockchain technology uses consensus mechanism for reaching the decision over the induction of new blocks into the chain. There are five stages of engagement between the blockchain network users during the consensus process [60] . These are proposing block, information transmission, validating the block components, finalizing the block, and providing the incentive. The primary objective of a consensus procedure is to accept or reject the transactions happening between the users of the blockchain network. The decision of selection/rejection must get agreed upon by the majority of validating users present in the network. It is only after the majority validation, the block with the specific transactions gets added to the chain. The majority condition is defined to take into account the presence of malicious nodes. The blockchain networks operate on the assumption that the majority of nodes are honest (51% for PoW, 2 3 for BFT based consensus). BFT consensus [21] is referred to as the consensus protocol, which is resilient against network crash in the presence of faulty and malicious nodes. For a BFT consensus protocol to work, at least 2 3 of the total number of nodes in the given network must be honest, non-faulty, and agree on the same output to reach consensus. The BFT consensus provides output with deterministic finality. BFT by structure demands multiple rounds of message communication between all the nodes to reach a consensus. Due to the extensive communication requirement, a decentralized network using BFT based consensus is not scalable. Some permissionless blockchain networks also implement Hybrid versions of BFT, such as PoW-BFT for Byzcoin 2 and BFT based PoS for Algorand. In PoW, a miner, to propose a block of transactions solves a mathematical problem to identify a suitable random value known as the nonce. Once a user identifies the nonce for its proposed block, it transmits the proposed block information to every other node in the network for verification and subsequently validation. When the proposed block gets validated by the majority of the network participants, it gets added to the blockchain. The creator of the proposed block is credited with a reward. The only known way to do mining is guessing the suitable nonce value through the brute force method. It provides a fair chance in proportion with computing resources for every participating node to add the new block into blockchain successfully. Since its conception, the Bitcoin blockchain network has expanded considerably in terms of both network participants and transactions volume. However, it has some drawbacks, such as the high requirement of computational power and energy resources for mining. Also, except for the work of participants successful in forming the block, the rest of the mining work is complete wastage as it does not generates any useful output or utility. At present, Bitcoin blockchain network is no longer decentralized due to the domination of mining pools and specialized mining equipment. All the factors mentioned above prompted the research to find resource and energy-efficient consensus protocols. In PoS consensus protocol, the probability of getting credited with the block formation is proportional to the amount of cryptocurrency staked for the consensus procedure. PoS is resource-efficient in comparison to PoW due to low computational requirements. The biggest proponent of PoS is the Ethereum blockchain, which is transitioning from its original PoW based consensus. However, PoS has shortcomings specific to the stake-based methodology. The most significant limitation is its favor to the highest stakeholders. The users with high stakes in the network can propose multiple blocks, also referred to as the "nothing-at-stake" problem. There are different variants of PoS, such as hybrid PoW/PoS, Delegated Proof of Stake (DPoS), and committeebased PoS. Table 1 lists the advantages and limitations associated with such methods. The hybrid version of PoS/PoW works by adjusting a user's PoW threshold using its cryptocurrency stake in the network. In DPoS, the nodes not having enough amount of cryptocurrency can participate in the validation process by taking part in the selection of committees amongst the aspiring committee groups. In committee-based PoS, the block validating committee for upcoming consensus rounds is selected using a pseudo-random number generator. The output of the generator depends on the stakes of the nodes. Each selected committee has a leader who proposes the block. The proposed block has to be validated by the majority of remaining members of the same committee. However, in committee-based PoS, a malicious node can carry out denial of service (DoS) attacks on the committee members and leaders to disrupt the network. Therefore, it is imperative that the honest nodes possess more than 50% of cryptocurrency (66% in case of BFT-PoS consensus methods). In the aforementioned consensus methods, the block finality is probabilistic. The transactions in a block get confirmed after a sufficient number of new blocks get added after it into the chain. A combination of PoS with byzantine fault-tolerant (BFT) consensus is used like in Algorand [12] to make block finality deterministic, i.e., transactions finalized as soon as the block gets added. In BFT based PoS, block proposing is done based on the users' stake while the rest of the procedure is followed through BFT based communication. There are other consensus algorithms that have been used in several other permissionless blockchains to remove the disadvantages posed by PoW and PoS. For example, Proof of Retrievability (PoR) [33] consensus algorithm. It is also referred to as Proof of Space. Instead of computational resources requirements like PoW, here, a user's chances of block formation are in proportion with the amount of local space available committed to the network as stake. It is used in Permacoin cryptocurrency blockchain [42] . A consensus protocol called Ripple [50] is used in XRP cryptocurrency. However, in Ripple, the validating nodes and client nodes are predefined. Each validator has a list of trusted validators known as unique node list (UNL). The validating votes are collected for each transaction from the UNL peers before inducting them into the block. Further, at least 80% yes votes are required for the transactions to go through validation. Apart from the aforementioned consensus protocols, there is a separate class of consensus protocols for blockchains where the ledger is modeled as a directed acyclic graph (DAG). These blockchains either have blocks as vertices in the DAG or have transactions as vertices in the DAG. In block-based DAG, each block is hash linked to multiple parent blocks instead of just a single one as in the case of traditional blockchains such as Bitcoin and Ethereum. The selection of parent blocks for the same is a significant issue for every new block. Unlike serially linked blockchains, multiple blocks get added at different points, and therefore, the problem of conflicting transactions may arise. There are two consensus protocols proposed based on block-based DAG ledger, PHANTOM [54] and SPECTRE [53] . Both follow PoW based block proposal and validation. The transaction-based DAG blockchain is adopted through its consensus protocol Tangle [48] . The tangle protocol is used by IOTA, a cryptocurrency-based distributed ledger designed for IoT devices. In IOTA, a node can add a new transaction after verifying at least two existing transactions and attaching its transaction to these two. The attachment is made by including the hash values of the selected transactions for validation and solving the PoW puzzle to broadcast along with the transaction. Since cryptocurrency is involved, the malicious entities can carry out feature-based exploitation of IOTA. The IOTA tangle provides protection against Denial of service and spam attacks, but not against social engineering based attacks. In this subsection, we discussed the different blockchain consensus methodologies which are widely adopted in practice. Each of these methods has their own set of strengths and shortcomings. A brief overview of the same is given in Table 1 . One major shortcoming that engulfs all the blockchain consensus algorithms is the limitation in dealing with the malicious users that exploit the features (decentralization and pseudonymity) of the blockchain technology. Among the cryptocurrency-based permissionless blockchains, no provision exists to deal with the users doing transactions attached to criminal activities except Ripple. The Ripple blockchain has worked towards restricting money laundering on its network [19] . Two major categories cause the threats to the credibility of a blockchain network; exploitation of vulnerabilities present and exploitation of blockchain features. The attackers exploit the vulnerabilities present to disrupt the functioning of blockchain network [40] . The presence of vulnerabilities prompts the attacks such as 51% attacks, Sybil attacks, double spending, accessing the user's private keys, and exposing user identities [16] . These attacks pose harm to the network credibility by causing damage to the users such as reversal of transactions, invalidation of transactions, and user account tampering. There are a number of measures applied to prevent such attacks [24] . These measures include actions such as the release of timely patches by the developer community to mitigate the threats to the network and testing applications enabling transactions using various tools [3] . Another category of threat is the threat to the blockchain ecosystem due to social engineering. The malicious entities exploit the permissionless blockchain features such as decentralization, pseudonymity, and no jurisdiction to carry out activities such as money laundering, gambling, phishing, and ransomware attacks. The two most prominent illicit activities are ransomware transactions [36] and money laundering [22] . A ransomware transaction is initiated by the victim on-demand to decrypt the files on his system that an attacker encrypted. Some ransomware used by attackers include Wannacry [13] and CTB-Locker [59] . Note that ransomware is not a direct threat to the functioning of blockchain networks. However, blockchain unwittingly aids the cyber-criminal to carry out the malicious activity of extortion by providing pseudonymity. Due to the features of blockchain, it is relatively difficult for the LEAs to arrest criminals if they are outside their jurisdiction. Also, it is not easy to link blockchain users to their real-world identities without applying Know Your Customer (KYC) procedure at some cryptocurrency exchange. In money laundering, criminals sometimes perform mixing or transfer cryptocurrency having large money trails [39] . Apart from these, illegal betting or gambling [15] is also prevalent in blockchains. Besides above mentioned illicit activities, Silk Road (now defunct) [14] was an online marketplace that exploited cryptocurrency functionalities. Within a short span of time after its creation, the silk road became a popular hub for payments for drugs trading, buying selling stolen and smuggled goods, and even contract killing. The case of the silk road was in a major way responsible for linking Bitcoin as a facilitator for criminal activities among the general populace. In the case of the silk road marketplace, the USA government successfully shut down the website as its founder was an American citizen himself. However, this has not prevented the opening of similar other services. Therefore, the identification of the users carrying out illicit activities is not enough. There is a need to implement additional functionality within the blockchain to prevent such users from exploiting blockchain functionalities. selection, learning, and analysis process is done off the chain after extracting the data from the blockchain. Several approaches use ML methods over cryptocurrency transaction data to detect illicit entities in cryptocurrencybased blockchains. In [27] and [61] , the authors apply supervised ML algorithms on the Bitcoin transaction data to identify the addresses linked to illicit activities such as gambling, ransomware, and illegal online marketplace. They obtain the categorized data about the illicit as well as benign activities from Chainalysis. For the data received but kept in the unidentified category, both apply different supervised ML methods, out of which gradient boosting provides the most accurate results. The features used are derived from the transaction date, amount, category of either party (sender/receiver) if defined, and transactions done with either of the predefined categories. In [45] and [46] , the authors used the K-Means clustering algorithm for the detection of malicious users for Bitcoin transaction data. Here, the the two Bitcoin transaction data generated graphs use the clustering technique. One graph has user addresses as nodes, while the other has transactions as nodes. They train the algorithm using features such as in/out degree, unique in/out degree, average in/out transaction value, user activity duration, and user balance. The model is trained to detect potential anomalous users. The results provide detection of two out of 30 addresses in the test data. In [41] , the authors performed active learning on Bitcoin transaction data to detect money laundering. The authors assumed to have limited ground truth about the transaction data. Active learning is applied to data clustered through unsupervised learning. The results obtained have performance similar to that of the supervised ML model with fully labeled data. The benchmark results in aforementioned case were obtained from [58] . In [58] , the authors contributed to the elliptic data set, claimed as the largest labeled Bitcoin transactions data set till their submission. For the prediction of illicit transactions, the Random Forest method performed best among the used supervised ML models. In [47] , the authors proposed a system that uses ML to automate the signing process of transactions as well as detection of anomaly transactions. If a transaction is detected as anomalous, the initiator of the transaction has to sign a transaction manually. In [44] , the authors proposed a supervised ML-based fraud detection methodology for the transactions in the Ethereum blockchain. The features used in the method include average gas price, average gas limit, number of transactions, the value of transactions, and unique incoming/outgoing transactions. Among supervised ML algorithms, the authors found the Random Forest model to produce the best results. Besides these, there have been several ML-based methodologies that use features extracted from underlying temporal graphs to detect malicious accounts on Ethereum blockchain [4] . Here, the authors introduced the concept of bursty behavior and change in the neighborhood as features. These new features are used in addition to the features already used in other state-of-the-art methodologies. The combining of temporal graph properties and supervised ML lead to the identification of previously undetected suspicious user accounts. In [4] , the authors also survey different state-of-theart approaches used within this frame. Based on their analysis, they propose time-variant probability scores following a sliding data window. Our reputation-based consensus method uses this feature for reputation values. A user's illicit behavior leads to its banishing from the consensus process for a predefined period. It locks a malicious user's account for the same period and provides an opportunity to LEAs for u=initiating action. In [39] , the authors detect illicit activities such as gambling, phishing, and money laundering through the identification of patterns in cyclic money transfer. Besides research-based methodologies, several companies, such as Chainalysis [7] offer services to the LEAs by analyzing the transaction data of several cryptocurrency-based blockchains. The previous section presents ML-based techniques that are used to identify if any address is involved in illicit activity. However, these techniques are usually off-chain and not integrated within the blockchain infrastructure. Besides changing the consensus mechanism to incorporate a level of security (in the case of PoS, e.g., slashing), there are several reputation and trust models proposed to limit exploitation of blockchain vulnerabilities and infrastructure. In [34] , the authors propose a trust model based blockchain for the miners operating in the mining pool. The objective is to have a fair distribution of the reward in the pool and identification of malicious miners. In another work [26] , the authors propose a trust model for sharding-based blockchain networks with an objective to prevent malicious nodes from becoming shard leaders. The model computes opinion-based trust and by design works against the illicit users attempting to disrupt the blockchain. The proposed model aggregates local neighborhood opinions to compute trust values, which are often biased. In addition, the computation of these values followed by their propagation for decision-making process warrants additional network communication resources. It has a significant effect on network performance. Additionally, several methodologies integrate the user reputation in the blockchain consensus process with an aim to prevent illicit activities in blockchains. In [1] , the authors proposed a permissionless proof of reputation consensus process. The entry for a user aspiring to join is based on a referral by an existing miner. Any new miner has to provide user wallet identity to the present network of miners and the vetting process is essential for its admission into the network. In [18] , the authors proposed a reputation scheme in which randomly selected judges monitor the node behavior and update the respective reputation score accordingly. Here the judge does not monitor the context or the purpose of the transaction rather monitors the blockchain network proceedings. To limit illicit activities, here also, a new user has to be attested by at least one existing miner. A separate transaction is generated and broadcasted for this purpose. In [29] , the authors propose a reputation-based blockchain system with sharding. The reputation, in this case, is also associated with user (including validators) conduct (illicit conduct such as approving double-spending) within the blockchain network. Additionally, the proposed system has double-chain architecture (separate chains for transaction and reputation). The validator's reputation is decided based on transactions it approves. The shard leader finalizes the correctness of the transactions and subsequently the shard validators get their scores. In [20] , the authors propose a "semi-decentralized" Delegated Proof of Reputation (DPoR) consensus based on DPoS. In this case, the user reputation score comprises of three factors; stake, personal resource utilization and transaction activity. In [5] , the authors proposed a feedback-based reputation system for blockchain networks. Their system works by having a side-chain for the reputation values and having additional communication between the users to derive normalized reputation. In [51] , the authors proposed a reputation mechanism for a sharded blockchain structure with the objective to include only honest transactions. Here honest transactions refer to the ones that are not due to exploitation of any vulnerabilities present in the blockchain. Also, the miners are predecided for each shard and not randomly selected for each consensus round. The shard leaders are the users with the highest reputation score in their respective shards. In [62] , the authors proposed RepuCoin, a PoW backed reputation-based blockchain that is resilient against 51% attack. The proposed structure has two types of blocks in the blockchain, keyblock for leader selection and microblock for transaction recording. The miner reputation score is based on its behavior over whether it commits transactions in accordance with the existing blockchain ledger. In [63] , the authors proposed a Proof of Reputation based method where a node's reputation is based on its participation, stake, and transaction activity. The reputation value is time-variant and computed through stake and total holding time. The top 20% of reputed users have most of the power concentrated amongst themselves. Table 2 summarizes different reputation/trust models proposed for blockchain networks. However, the aforementioned reputation-based blockchain systems have some key drawbacks. Most of them require a separate side-chain for functioning. The separate chain warrants the need for additional communication resources, which slowdowns the network performance for a large blockchain. At the same time, some proposed systems assign jury members to identify and record the behavior of the miner/validator. The functioning of jury again incurs communication resources. Also, some of the proposed systems require new users to be vetted by the existing users. Thus, making the chain pseudo-centralized, loss of anonymity, and favoritism. Finally, the state-of-the-art methods mainly focus on assigning a reputation score to the user based on the behavior that is limited to disrupting the blockchain network's functioning. They provide no comments on how we can reduce activities such as gambling or ransomware. This motivates us to answer the question the way in which the set of reputation values are used and integrated into the blockchain network, to reduce the aforementioned activities. In Algorand [12] the consensus process follows the steps of byzantine agreement while giving the nodes the chance to participate in proportion to the stake they hold in the network. Algorand blockchain claims to solve the blockchain trilemma of decentralization, security, and scalability [31] . It provides deterministic block finality, and in terms of block finality time, it has quite significant results among the permissionless blockchains [60] . The features pertaining to the proposer/validator selection process and data encryption claim the Algorand blockchain to be most resilient against the adversarial attacks on the network among the existing permissionless blockchains. However, it has no inbuilt provision against the users engaged in illicit activities. Therefore, we incorporate and theoretically analyze our method in the Algorand blockchain consensus protocol. As we proceed, we describe our proposed methodology in detail. Set of users selected to propose block in step (r, 1) V r,s Set of users selected as validators for step (r, s) (s > 1) |V r,1 | Number of user accounts selected to propose block in step (r, 1) |V r,s | Number of user accounts selected as validators for step (r, s) (s > 1) S r−1 ni Stake (Algos) of user account n i in blockchain after finalization of (r − 1) th block S r−1 Total Algos available for consensus participation in round r − 1 in algorand v r,s number of validator votes for step (r, s) in r th consensus round where s > 1 Q r Seed value created in r th consensus round, used as input for VRF in (r + 1) th consensus round. Hash value output of a string X SIG i (H(X)) Value H(X) signed using private key of n i sk r,s i Ephemeral private key generated by n i for participation in step (r, s) of r th consensus round pk r,s i Ephemeral public key generated by n i for participation in step (r, s) of r th consensus round P AY r i Set of transactions proposed by proposer n i for r th consensus round Φ Null transaction data B r i Block proposed by n i for r th consensus round B r Block finalised after r th consensus round n l r User credited with successful proposing of B r φ r Empty block representation for r th consensus round hashlen Number of bits in hash value output H(X) (r, s) Step number s for r th consensus round Head(B r ) Header of finalised r th block T H Threshold number of stake units for output finalisation in each consensus step (> 66%) σ r,s Reputation score of n j computed by n i p x th Threshold reputation value by n x for other users to separate malicious and benign users L j,i r (s + 1) Loss in votes for (r, s) validator n i as computed by (r, s + 1) validator n j . V i r (s + 1) Effective validator votes from (r, s) computed by (r, s + 1) validator n i . brief explanation for the same is given in Appendix A. We follow the notation convention of Algorand [12] with our modifications wherever required. The list of notations is summarized in Table 3 . We start with the assumption that the consensus round is taking place for the r th block. In the first step, (r, 1), for consensus round of r th block, (B r m ) is proposed by a node nm ∈ N where N is set of all the users (accounts) in Algorand. The node nm is selected as the proposer if Θ r,1 m < Θ r,1 x ∀x, m ∈ N, x = m. Here Θ r,1 x represents normalized decimal value of the credentials of nx for 1st step. More details about the proposal selection used by Algorand's consensus process is explained in Appendix A. Note that, for nx ∈ N , in our case x represents the identity of nx in N . Therefore, henceforth we use both nx ∈ N and x ∈ N to represent the users, based on the appropriateness of either at the required place. In our manuscript, both represent the same status. Once the proposed blocks are broadcast into the network, the step (r, 2) of the consensus process starts. For steps (r, 2) and onward, the users selected as validators have two options. One is to accept the block B r m as the valid addition to the blockchain, while the other option is to vote for an empty block. Our proposed restricting methodology first identifies whether a proposer or a validator is benign or malicious. There are a number of quantified user assessment techniques such as opinion-based or applying ML algorithms on previous blockchain transaction data described in section 3. Our focus is to use the quantified values in a way so as to prevent illicit activities' transactions from getting added into the blockchain. Our methodology is based on a set of time-variant reputation values computed by each node, based on an agreed-upon ML model for computing the same. The reputation index is also termed as reputation score list, given as sLx = [p x,1 p x,2 , · · · , p x,|N | ] stored by nx ∈ N . Here p x,y ∈ [0, 1] is the reputation value assigned by nx to ny, while nx, ny ∈ N . As an example of computation methodology for such values, in [4] , the authors propose time-variant reputation scores (related to a user being malicious/benign). Here, their approach extract features from the transactions done by each user for each day and clusters the users. If a user shows behavioral similarity with known malicious users, the user gets tagged as a suspect. Over time the proposed model computes the probability of being malicious for the considered duration. The outcome of the model is same as the reputation score for our case. Note that lower the value of p j,i , the more suspicious/malicious ni is as perceived by nj. In our methodology, every user in the network is equipped with its own module to compute such reputation scores for all the users. Our method does not put any additional burden to the blockchain network communication because the input for the model is the transactions that are already replicated at each node. Such computation can be done separately from the blockchain consensus process. With respect to Algorand blockchain, we assume that the users compute the required values based on previous transaction data before the start of step (r, 1). Note that the reputation scores for at least t time instances remain the same for our current approach. During these t time instances, there can be many consensus rounds. During (r, 1), suppose a proposer nm proposes a block B r m with best credentials. For step (r, 1), if nm is a benign proposer, it will avoid the transactions from the users having the low reputation values in the list sLm. In such a case, the proposed block B r m will get added into the blockchain. For the case when nm is malicious, the response of subsequent steps ((r, 2) and beyond) validators is discussed below. In step (r, 2), if the block proposer, as well as the validator, are benign, the validator accepts B r m and votes in its favor. If the block proposer is benign while the validator is malicious, the validator might vote for an empty block or B r m depending on its personal objectives. For the scenario where the block proposer is malicious while the validator is benign, the validator will vote for an empty block if the validator is aware that the proposer is malicious. For the case where both the proposer and the validator are malicious, the validator decision can go either way, depending upon its personal objectives. Note that, when a particular validator is malicious, its votes will be reduced by the other validators in the subsequent validation steps. More formally, in step (r, 2) for r th block consensus round, suppose a validator has the identity n r,2 x , ∀x ∈ Vr,2 ⊂ N , where Vr,s is the set of users selected as validators in step (r, s) for s > 1 and s ∈ N. Let n r,2 x = nj, ∀nj ∈ Vr,2 ⊂ N with its reputation scores list given as sLj = [p j,1 p j,2 · · · p j,|N | ]. In step (r, 2) nj receives {Head(B r i ), σ r,1 i } from ni ∈ Vr,1 (a block proposer) after step (r, 1) and evaluates the normalised decimal value Θ r,1 i of σ r,1 i . Note that here σ r,1 i is the credential of ni as a proposer. Using the values Θ r,1 i and sLj, nj selects ni as the lead block proposer for x p j,x for ∀nx ∈ Vr,1 ⊂ N with ni = nx. Here Vr,1 is set of users selected as block proposer in step (r,1). As we mentioned earlier, our focus is on the malicious behaviour that does not attack the network directly but gradually erodes its credibility by carrying out illegal activities through malicious transactions. By use of the above methodology, the honest validators can replace a malicious proposer with an honest one without the need to push an empty block. Suppose a user nm has exhibited malicious behavior previously by engaging in illegal activities using blockchain network transactions. For step (r, 1), nm sends block proposal with P AY r m consisting of suspicious transactions. In step (r, 2) the selected validator nj, which considers nm as malicious, evaluates the proposals received and the result of the evaluation is Θ r,1 m < Θ r,1 x with ∀x ∈ N and m = x. In such a case, nj has to either accept the proposal of nm as the latter has not broken any consensus rules or vote for an empty block. The other validators in (r, 2) may or may not share the same viewpoint about nj on nm. To resolve this potential conflict of views, a Figure 1 summarizes our modifications to the Algorand consensus process (cf. Appendix A) and shows the parts where the reputation score list sLx∀x ∈ N is applied. The reputation score list is used by the validators evaluating the block proposal as well as the ones evaluating previous validation step votes. We evaluate the impact due to our applied changes on the original Algorand consensus protocol in the form of theoretical results in the next section. With the provision of reputation values list sLj for nj, a malicious proposer can be replaced by an honest proposer if there is sufficient difference in their probabilities as shown below. Suppose there are two proposers ni and nm in step (r, 1). The user ni is termed as honest while nm is termed as malicious by other nodes. This means for a third node nj, p j,i > p j,m . If Θ r,1 m < Θ r,1 i , then the block proposed by nm will have preference over the one proposed by ni. The inequality condition can be written as in equation 1 with the condition ∀δx,y ∈ + , where x = y and x, y ∈ N . A validator nj in step (r, 2) can vote for the proposal of ni instead of nm if the condition in equation 2 satisfies for p j,i , p j,m ∈ sLj. Rearranging equation 2 and from equation 1, we get the expression as defined in equation 3. i.e., if nj perceives ni to be more honest than nm by at least a factor of Lemma 5.1. In the Algorand blockchain network with the provision of reputation values list, if an honest user and a malicious user are competing to propose their block, the validator nj ∈ N having reputation values list sLj will vote for the honest user's block if their perceived reputation of honest user is greater than that of the malicious user by atleast the multiple of compensation factor between the honest and malicious user. Corollary 1. In step (r, 1), the proposer ni is selected at step (r, 2) by the validator nj, if the condition p j,i ∈ (Cx,ip j,x , 1], ∀x ∈ Vr,1 ⊂ N is satisfied. Since there are multiple rounds of validation, it is imperative to consider the reputation of validators as well. For steps beyond (r, 2), validators take into account the reputation score of the user selected as a previous step validator while considering its vote. To understand the impact of reputation score on the validator votes, we analyze the interactions between the validators of two consecutive validation steps. Here, step (r, s + 1) validators Vr,s+1, validate the message and count the votes for validators Vr,s in step (r, s). Let nj ∈ Vr,s and n k ∈ Vr,s+1 where nj, n k ∈ N . Here, n k computes p k,j × Λ r,s j , where Λ r,s j is a normalized decimal value of the credentials of nj obtained from the voting message from step (r, s). Let Λ r,s k,j = p k,j × Λ r,s j . By definition, Λ r,s k,j is the perceived normalised decimal value of σ r,s j for s > 1 as per sL k of n k . In Algorand consensus, L r,j v represents the range for Λ r,s j in order for nj to have v number of votes as a validator in step (r, s) (c.f. Appendix A). With the use of sL k , n k computes the number of votes assigned to nj based on the range (defined by Algorand consensus protocol) in which Λ r,s k,j is present. Since p k,j ∈ [0, 1], we get Λ r,s k,j ≤ Λ r,s j . Suppose the perceived value Λ r,s k,j ∈ Υ r,j k,v where Υ r,j k,v is the range perceived by n k for nj based on p k,j ∈ sL k . Here Υ r,j k,v is given in the equation 5 where P r j,v is probability of nj getting selected and having v number of votes in the validator group in step (r, s). Note that the range Υ r,j k,v either reduces the votes or does not change the number of validator votes. Supposes it reduces the validator votes from v to w for the step (r, s). The range for Υ r,j w without applying sL k can be written as shown in the equation 6. With sL k , there is a difference between the actual votes and the effective votes. The loss of votes for a validator nj is directly proportional to the loss in the normalised value of its credentials from step (r, s). Assume Υ r,j w,min = w v =0 P r j,v and Υ r,j w,max = w+1 v =0 P r j,v . Thus, we have equation 7. Υ r,j w = Υ r,j w,min , Υ r,j w,max The vote attenuation (L k,j r (s + 1)) in the above case is v − w. Along the similar lines, the attenuation in the value of validator nj's VRF output for step (r, s) in step (r, s + 1) can be expressed as the equation 8. The total attenuation from step (r, s) counted by n k in step (r, s + 1) will be the sum of vote attenuation for all the (r, s) validators and are expressed as L k r (s + 1) in equation 9. Similarly, the total attenuation in the VRF output value as perceived by n k based on sL k is being given in the equation 10 . The loss in the votes is directly proportional to the loss in VRF output value. Since the values Λ r,s x with ∀x ∈ Vr,s ⊂ N are generated by the validators in step (r, s), the step (r, s + 1) validator n k has no role in it. From the perspective of n k in step (r, s + 1), the loss in the votes is directly proportional to the perceived reputation values from the list sL k . In terms of reputation score, we have equation 11. L k,x r (s + 1) = κ r,s Here, κ r,s x is computed from the credential value associated with validator nx from step (r, s). The validator n k ∈ Vr,s+1 has no role in its computation. Note that from above, we have κ r,s x = v and p k,x κ r,s x = w. Overall, the effective votes from step (r, s) perceived by n k are given by equation 12. Let the total number of validator votes in step (r, s) be vr,s for s > 1. Note that vr,s = x∈Vr,s κ r,s x . The attenuation in the votes as perceived by n k for step (r, s) validators is being given in equation 13 . To carry out the validation process for step (r, s), it is imperative to have sufficient number of validators, thereby leading to the sufficient number of validator votes. For the set of validators Vr,s+1 ⊂ N in step (r, s + 1), the expected vote attenuation in step (r, s + 1) from (r, s) validators is given by the equation 14 . x∈Vr,s p y,x κ r,s x |Vr,s+1| To compensate for the votes lost, the number of validators for the next round (r + 1) could be increased by the factor given in equation 14 for subsequent block rounds. The compensation for the lost votes is applied in the subsequent rounds as given in equation 15 . vr+1,s = vr,s + E(Lr(s + 1)) The use of reputation value model not only changes the effective votes, but also amplifies the ratio of honest to malicious votes. Originally, the Algorand blockchain operates with an assumption that there are at least 2 3 honest proposers for step (r, 1) and validators for subsequent steps in each round. Hence, there are twice as many Algos (cryptocurrency of Algorand) from honest users at stake than that with malicious users for each step (r, s) of round r of block formation. With the addition of sL k , the effective number of votes changes as shown previously. We now show the effective honest and malicious votes from the perspective of validator n k ∈ Vr,s+1 for votes of validators in step (r, s). The segregation of honest and malicious (r, s) validators within Vr,s is done by n k ∈ Vr,s+1 with an assumption that their behaviour is reflected in sL k . The malicious and honest users are separated by selecting a threshold value p k th ∈ [0, 1] such that p k,x > p k th for Based on Algorand's 2 3 honest nodes assumption and p k th , we sort all the reputation scores. Since the highest reputation value in a malicious validator set is less than the lowest reputation value of an honest validator set, the loss in the votes for the malicous validator set will be more than the same in the honest validator set. The relation between the losses can be derived using equations 18 and 19 as equation 21 . Since the loss in votes is less in the case of honest validators set, the effective number of votes will relatively increase for the same against the malicious validator set. Therefore, the relation between the effective votes of honest and malicious validators for step (r, s) is given as equation 22 . Alternatively, the above relation is written as equation 23. Let ∆L k r (s + 1) = 2L k,M r (s + 1) − L k,H r (s + 1). Here ∆L k r (s + 1) ≥ 0 is the parameter notifying the difference in the loss of validator votes for honest and malicious set. From above, the increase in the effective votes of honest validators in step (r, s) with respect to that of the malicious validators from the perspective of validator n k ∈ Vr,s+1 is given in the equation 24. The ratio of honest to malicious validator votes is henceforth given by the equation 25 . Note that is the relative difference in the loss of votes with respect to the malicious validator votes as perceived by n k ∈ Vr,s+1. Let the aforementioned term be represented asL k r (s + 1). The expression in the equation 25 leads us to the formation of Lemma 5.2. Lemma 5.2. In the Algorand blockchain with the provision of reputation values list, the ratio of honest to malicious validator votes of step (r, s) for the formation of r th block increases by the valueL k r (s+1) above the originally assumed factor of 2 as evaluated by a step (r, s + 1) validator n k ∈ Vr,s+1 using its reputation values list. On average (expected value) of relative difference in the loss of votes with respect to the malicious validator votes as perceived in step s + 1 is given by E(Lr(s + 1)) = x∈V r,s+1L x r (s+1) |V r,s+1 | . This led us to formulate corollary 2 from the Lemma 5.2. In the Algorand blockchain with the provision of reputation values list, the expected ratio of honest to malicious validator votes of step (r, s) for the formation of r th block increases by the value E(Lr(s + 1)) above the originally assumed factor of 2 as perceived in step (r, s + 1) for s > 1. The improvement in the ratio of honest to total validator votes is beneficial in the case when the original ratio falls below 2 3 . As given in corollary 2, the Algorand blockchain can tolerate a drop of E(Lr(s + 1)) from the ratio of 2 for honest to malicious votes. For such an amount of drop, it can be compensated and reached to the required honest majority. Again, the Algorand blockchain assumes that there are 2 3 honest users/cryptocurrency-units selected in each step of the consensus round, including block proposal and validation. Hence, while proposing the block in step (r, 1), the probability of a malicious proposer getting selected as the highest priority proposer is 1 3 . One way in which a malicious proposer can harm the blockchain is by proposing a block consisting of transactions associated with malicious activities. Suppose in step (r, 2), a set of validators nj ∈ Vr,2 ⊂ N are selected to asses step (r, 1) block proposals from ni ∈ Vr,1 ⊂ N . In step (r, 2), if an honest validator receives this proposed block from a malicious proposer (ni) with lowest Θ r,1 i , he has two choices, either vote for the same or to propagate the vote for an empty block. In the absence of a defined mechanism to identify the malicious proposer, an honest validator may well be unaware and go with the first choice out of the aforementioned ones. In case the validator is aware, it will push for the empty block as there is no mechanism defined to identify the second-best credential among the block proposers. Let the probability that nj votes for empty block (φ r ) be β r j,φ ∈ [0, 1], while the same for voting ni's block proposal be β r j,i ∈ [0, 1]. We now discuss the scenarios with validators when the block proposer is malevolent and pushing malicious transactions without and with reputation values list. 1. nj ∈ Vr,2 is honest and aware that ni ∈ Vr,1 is malicious: In the case without reputation values list, β r j,φ >> β r j,i with β r j,φ + β r j,i = 1. Note that, for the block by an honest proposer n k ∈ Vr,1 where Θ r,1 i < Θ r,1 k , we have β r j,k = 0. For the case where nj has the reputation values list sLj, nj will have the value p j,i related to ni. To derive the condition for nj not selecting empty block, we introduce the concept of pseudo-sublists. A pseudo-sublist, for a step (r, 2) validator nj is sL r,2 j ⊂ sLj and consists p j,x where x ∈ Vr,1. In line with the Algorand's assumption of 2 3 honest proposers and 1 3 malicious proposers, p j th is chosen so as to divide sL r,2 j into the same. For ni ∈ V M r,1 ⊂ Vr,1 and n k ∈ V H r,1 ⊂ Vr,1, we have p j,k > p j th ≥ p j,i derived from equations 16 and 17. Now, the validator nj will not vote for an empty block if the most qualified block proposer is honest. From Lemma 5.1, we know that block proposal of n k will be chosen over that of ni by nj if p j,k > C i,k p j,i . The condition to obtain β r j,φ = 0 and β r j,i = 0 with absolute surety is p j,k > C i,k p j th where ni is a malicious proposer as perceived by nj, i.e., p j,i ≤ p j th with the highest proposer credentials (least Θ r,1 value). The aforementioned outcome can be summarised in the Corollary 3. Corollary 3. In the Algorand blockchain, an honest and aware validator, when provided with a reputation values list, will reject an empty block with absolute surety, if there is an honest proposer present with it's perceived reputation value greater than the product of threshold reputation value and relative compensation factor relative to malicious proposer with highest credentials. 2. nj is honest but unaware that ni is malicious and thinks ni is honest: Without the reputation values list, if the validator nj is honest but unaware of the ni being malicious, it will most likely vote for the ni's block proposal. However, for an honest but unaware validator nj without reputation values list, β r j,φ << β r j,i with β r j,φ + β r j,i = 1. Also, for a proposed block of honest proposer n k ∈ v1 with Θ r,1 i < Θ r,1 k , we have β r j,k = 0. With the reputation values list sLj, the behavior of nj will be the same as the case of being honest and aware. However, the role of the reputation values list now is to prevent nj majorly from voting for a malicious proposer's block. The condition to obtain β r j,φ = 0 and β r j,i = 0 will be same as in previous case and can be summarised in Corollary 4. Corollary 4. In the Algorand blockchain, an honest but unaware validator, when provided with a reputation values list, will reject a malicious proposer's block with absolute surety, if there is an honest proposer present with it's perceived reputation value greater than the product of threshold reputation value and relative compensation factor relative to malicious proposer with highest credentials. In this section, we discussed the cases where the validator is honest, which is equivalent to the assumption that they operate according to the blockchain consensus methodology. For the cases where the validators are themselves malicious, their response to malicious proposers depends on the factor of whether they are operating individually or in a group. Since their behavior is not in accordance with the following of everything according to blockchain consensus methodology, the question of using a reputation values list does not arise for them. The objective of the reputation values list is to strengthen the power of honest users in the network and provide them with the tool to prevent malicious transactions from getting included in the blockchain. The malicious users do not consider the reputation values while making decisions as either proposers or validators. Therefore, one cannot say with absolute surety whether a malicious validator will reject a malicious proposer's block, reject an empty block or select either of both. The validator nj in step (r, 2) follows the condition in equation 2 to assess the block proposals from step (r, 1). Now, if a malicious user is set to become the proposer with best suited credentials, it can be replaced by an honest user's block by nj if the condition in Lemma 5.1 is satisfied. Now, in step (r, 1), if ni is a malicious proposer while n k is an honest proposer, then the block of n k must be accepted by more than 2 3 of step (r, 2) validators (money units) based on Lemma 5.1 in order for it to move towards getting finalised. We evaluate our methodology over the parameters such as completeness, soundness, communication hop, and extra steps in communication. In [12] , authors provide the analysis of the Algorand blockchain network consensus mechanism with respect to proof of the aforementioned properties. As we proceed, we check whether the use of the reputation scores list violates any of the proved properties of the Algorand blockchain network. If that is not the case, then the modified consensus mechanism also upholds all the original properties. According to Theorem 1 in [12] , there are 4 properties which hold with "overwhelming probability" for each consensus round r ≥ 0. Property 1 states that "all honest users agree on the same block B r , and all payments in B r are valid" [12] . In the case where the honest users have the reputation values list, the values in the list get generated from the blockchain transactions data, which is the same across the network. Also, the reputation values are generated and updated at regular intervals based on previous data, and their generation is not linked to the communication in block consensus rounds. All the honest users follow the methodology according to equation 2 and agree on the same block. The property 2 of Theorem 1 in [12] states that if the consensus leader n l r is honest, then the generated block B r is known to the honest users in a predefined time interval. Here, the consensus leader refers to the block proposer n l r in step (r, 1) such that Θ r,1 l r < Θ r,1 x for l r , x ∈ N . It also specifies the amount of time by which the finalized block B r will be known to the first honest user for the cases when payment set P AY r is empty and non-empty. The proposed modification does not involve any change in the communication procedure. The changes in the decisionmaking method, as shown in equation 2 is done at each user's end only. Also, there is no change proposed in the rules regarding the finalization of a block. Therefore, the property 2 also upholds under the proposed modifications. The property 3 discusses about the time taken in block finalization when n l r is malicious. Under the proposed modifications, if n l r is declared malicious by the reputation values list, its proposal gets rejected if there is an honest proposer satisfying the condition in Lemma 5.1 as evaluated by the honest users. If not, then the process takes place as in the original Algorand blockchain network. Since the evaluation is done at the user's end and not within the communication, the block finalisation happens within the predefined time interval only. The property 4 of Theorem 1 in [12] states that the probability of n l r being honest is where h is the ratio of honest user Algos at stake in the network. From Lemma 5.2, we know that the ratio of honest to malicious user money units increases for the consensus steps involving block validation if the reputation values list is used for evaluation. Therefore, the value of p h also increases in such a case. In conclusion, all the 4 properties of Theorem 1 in [12] uphold even with the proposed modifications in the consensus procedure using the reputation values list. The process to compute the reputation values list is done at the user's end without attachment to the consensus process. When a user participates as either a proposer or a validator, the reputation values are already available pre-computed. While using these values, the evaluation process for selecting a block and counting the votes remain same. Therefore, there is no change in the time taken during the consensus procedure. According to the completeness lemma in [12] , if the properties 1 − 3 in Theorem 1 hold for consensus rounds {0, 1, · · · , r − 1}, then properties 1 and 2 hold for consensus round r, when the consensus leader n l r is honest. As we have discussed above, the use of the reputation values list does not have any effect on the upholding of either of the aforementioned properties. Hence the completeness will uphold for the modified consensus procedure also. According to the soundness lemma in [12] , if the properties 1−3 in Theorem 1 hold for consensus rounds {0, 1, · · · , r − 1}, then properties 1 and 3 hold for consensus round r, when the consensus leader n l r is malicious. In the case of n l r being malicious, its proposal will be replaced by an honest users' proposal if it satisfies the condition defined in Lemma 5.1 as evaluated by the honest users. Even if that is not the case, the consensus process will happen according to the original methodology. Therefore, the soundness of the network will remain intact even with the proposed modifications. The use of a machine learning algorithm to calculate reputation values warrants some additional space at an individual user's end. However, as mentioned earlier, the process is not tied up to the communication part of the consensus mechanism and will not result in the addition of any overhead in communication. Our proposed methodology involves evaluation on the users' end only; the communication data will remain the same as in the original Algorand blockchain network. Therefore, there will be no change in the communication hop. In this paper, we propose a reputation-based methodology for applying the reputation values in the Algorand blockchain to restrict illicit activities by criminals who are using the platform. Our reputation method is based on the behavior of an account in terms of transactions. It assigns a reputation score ∈ [0, 1] to each account where the level of honesty increases from 0 to 1. For obtaining the reputation scores through transaction data, different ML models are used. A time-variant reputation score based on the ML model operating through sliding window input data is ideal input for our proposed methodology. As observed in related work on ML models, a 24 hour window for updating scores is sufficient to provide insight into the overall network behavior. Also, it was observed in the related work that there is not much deviation in the user behavior observed in the bitcoin and Ethereum blockchain. It provides us with a starting point in terms of the choice of ML model to provide input for our methodology. The identification of reputation score leverages the distributed nature of the blockchain technology, where each account can identify the reputation score for all the accounts. Thus it aids in identifying suspects operating within the blockchain ecosystem. Our method involves minor changes in the consensus protocol at the user end. Locally, in the original consensus protocol, all user accounts evaluate at their end and identify whether that particular account is a proposer, validator, or both. We do not change the communicated messages; rather we modify the evaluation for being a proposer, a validator, or both. The other steps in the consensus protocol remain the same as before. The reputation score plays a major part in identification of the proposer/validator. Our methodology involves eliminating blocks proposed by suspicious accounts and reducing the validation votes for the suspicious validators. Also, our method, although designed for user behaviour based reputation, can also accommodate the adversarial attacks within the reputation score. Overall, our methodology aims to enhance the decision-making process, have maximum possible impact, and cause minimum possible disruption at the communication level. However, our proposed methodology is not without certain limitations. The output of the reputation score is obtained by applying the pre-decided ML algorithm on the transaction data present on the respective blockchain. Although the input data and the features used are the same, there is a chance of variation in the output across different users running algorithm at their end. Therefore, the selection of a proper ML algorithm with rigorous cross-platform testing is a way to avoid the scenario mentioned above and its effects such as exclusion of benign users and selection of empty block due to divided opinion. Additionally, the users have to run the ML algorithm at their end. Although it does not burden communication resources, the user has to perform additional computational tasks out of network for decision-making according to the proposed methodology. Our approach is achievable for other blockchain networks as well, with the mechanism tuned to the respective consensus methodologies. Ethereum blockchain network is transitioning from PoW to PoS consensus [28] . The transition is supposed to be through enabling the use of Casper [9] , a hybrid PoW/PoS protocol. Here, the PoS is applied to finalize the blocks after a fixed number of blocks are mined through PoW. This change aims to reduce the chances of illicit activities such as invalidating the blocks, forming a parallel chain, and disrupting the communication by forfeiting the deposit of the validators. However, still, there is no provision to stop social-engineering based illicit activities such as Phishing, money laundering, Gambling. Applying the reputation model based on transaction data paves the way for identifying the entities using blockchain for the aforementioned illicit activities. The identification helps in curtailing the power of the proposer and validator accounts involved in such social-engineering based illicit activities within the blockchain network. For complete PoW based blockchain networks such as Bitcoin, our reputation model can play an advisory role to prevent transactions from illicit entities from getting recognized. Since mining a single block is computationally expensive, an honest miner would not risk its block getting rejected by including the transactions from illicit entities. Since the scores get updated with the latest behavior playing a more significant role, the reputation scores can effectively freeze a malicious user account and give the law enforcement agencies enough time to catch up with the same. Similarly, our reputation score based regulation is also relevant for the directed acyclic graph (DAG) based blockchain such as IOTA Tangle [52] . In Tangle, a new transaction selects previous transactions based on Markov Chain Monte Carlo algorithms [25] to verify and join the DAG. By using our reputation scores, the selection procedure can give a transaction a reputation score based on the user behavior. An honest user wants to operate according to the blockchain network rules and associate with fellow honest users. It also wants to play its part in keeping the blockchain network free from illicit entities. Hence, the reputation score can be used by the new transaction to select those transactions to join with which are done by the honest users. Further, in extended proof of stake such as delegated proof of stake (DPoS) used in Cosmos [37] our methodology is also applicable. In DPoS, the non-validators can delegate their cryptocurrency to validators for a share in block fees. The users in DPoS based blockchain can use the reputation score model to identify the validators suitable for delegating their cryptocurrency stake. Therefore, the concept of restricting illicit activities from exploiting blockchain infrastructure is also applicable in this case. Note that here we provide the theoretical proof for Algorand while a strong case for other blockchains to incorporate our proposal. This paper aims to provide a theoretical foundation and do the feasibility analysis of the regulation on the blockchain network against criminal entities. The idea behind the conception of blockchain technology was the establishment of a self-regulated decentralized system. Our proposed methodology provides the means to move further towards achieving the same goal. A blockchain user, when equipped with the reputation score, can make the decision on whether to carry out the transaction with the user perceived as malicious based on reputation score values. For a consensus round, a potential block proposer has the choice to include the transactions it perceived as honest. Therefore, an illicit activity related transaction will remain in pending state and eventually expire after end of its validity period. It will promote honest behavior across the blockchain network. In the discussion of the proposed methodology and its analysis, we show that there is no effect on the communication pattern and data, thereby no additional strain on the network resources. The theoretical results obtained demonstrate that an honest validating committee member can prevent an identified criminal entity from proposing the block on the Algorand blockchain. In addition, exploiting the blockchain transactions for illicit activities restricts the respective user's role as a validator. Overall, we conclude that the proposed consensus-based regulation methodology is feasible enough to be integrated within the blockchain ecosystem. validation in the consensus process (explained next). The cutoff number for majority validation is also predefined in the network and is referred to as TH . The components of non-empty B r i are given in equation 29, where Head(B r i ) = {r, SIGi(Q r−1 ), H(B r−1 )} is the header of the proposed block. Here, P AY r i is the set of transactions to be included in r th block as proposed by ni, while H(B r−1 ) is the hash value of the previous block. After forming B r i , ni propagates its block proposal in the form of message, m r,1 i , along with a lightweight message {Head(B r i ), σ r,1 i } confirming its selection in (r, 1) round. The lightweight message propagates across the network and reaches other users faster than m r,1 i . It makes the evaluation of the block proposal faster. The message m r,1 i contains {B r i , SIGi(H(B r i )), σ r,1 i } (full block data and its credentials). To get selected as the block proposer, ni has to satisfy the condition Θ r,1 i < Ψ r,1 . Here Ψ r,1 is a predefined threshold value for selection in first round. For s > 1, the user credential generated are σ r,s i = SIGj(r, s, Q r−1 ) for nj ∈ N . If nj gets selected as validator in step (r, s) for s > 1, then nj ∈ Vr,s. Here SIGj(r, s, Q r−1 ) is the encrypted value of the string (r, s, Q r−1 ) signed using nj's private key (sk r,s j ) from its ephemeral public-private key pair {pk r,s j , sk r,s j }. The hash value of the credential σ r,s j is used by nj in round (r, s) to check for two outcomes, whether it is selected and if selected, how many votes as validator it got assigned for (r, s) step. Let nj have the stake S r−1 j till (r − 1) th block, with total network stake being S r−1 . Note that the record of the stake is verified by blockchain data. Let the set of users to be selected as validators in step (r, s) be defined by Vr,s. In such case, the probability for selection of an individual money unit as validator in (r, s) step for s > 1 is given as P r j = S r−1 j S r−1 . Therefore, the probability of nj getting selected and having v number of votes in the validator group in step (r, s) for s > 1 is given in equation 30 . We also have S r−1 j v=0 P r j,v = 1. Now, the range [0, 1] is divided into S r−1 j + 1 sub-ranges. The length of v th sub-range for nj, denoted by Υ r,j v is given in equation 31. The resultant block is finalised in subsequent steps based on the number of b r,s a values with 1 value means advocating empty block and 0 value means voting for non-empty block. Ideally, in step (r, 5) the block r is finalised. However, if that is not the case there are further steps defined to carry out consensus process through coin-flip based protocol till the network has at least tH confirmed votes of either of the values 1 or 0. Permissionless proof-of-reputation-x: A hybrid reputation-based consensus algorithm for permissionless blockchains Detecting malicious accounts showing adversarial behavior in permissionless blockchains Vulnerability and transaction behavior based detection of malicious smart contracts Detecting malicious accounts in permissionless blockchains using temporal graph properties Proof-of-reputation: An alternative consensus mechanism for blockchain systems Sok: Consensus in the age of blockchains What is Chainalysis -the cryptocurrency crime detector? Casper the friendly finality gadget. arXiv Towards malicious account identification in bitcoin Algorand: A secure and efficient distributed ledger Automated behavioral analysis of malware: A case study of wannacry ransomware Traveling the silk road: A measurement analysis of a large anonymous online marketplace Betting on bitcoin: Does gambling volume on the blockchain explain bitcoin price changes? A survey of blockchain from security perspective Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain Blockchain reputation-based consensus: A scalable and resilient mechanism for distributed mistrusting applications Ripple deal could make xrp cryptocurrency compliant with fatf anti-money-laundering rules Delegated proof of reputation: A novel blockchain consensus Byzantine fault tolerance, from theory to reality Cryptocurrency in the system of money laundering Reentrancy vulnerability identification in ethereum smart contracts A survey on privacy protection in blockchain system Practical markov chain monte carlo Trust model to minimize the influence of malicious attacks in sharding based blockchain networks Breaking bad: De-anonymising entity types on the bitcoin blockchain using supervised machine learning Ethereum's big switch: The new roadmap to proof-of-stake Repchain: A reputation-based secure, fast, and high incentive blockchain system via sharding Cost of a data breach report 2021 The blockchain trilemma International Monetary Funds. Global financial stability report Pors: Proofs of retrievability for large files Poolcoin: Toward a distributed trust model for miners' reputation management in blockchain Enhancing bitcoin security and performance with strong consistency via collective signing Do crypto-currencies fuel ransomware? IT Professional Cosmos whitepaper, 2019. Online; accessed 01 Understanding money trails of suspicious activities in the permission-less blockchain Understanding money trails of suspicious activities in a cryptocurrency-based blockchain A survey on the security of blockchain systems Machine learning methods to detect money laundering in the bitcoin blockchain in the presence of label scarcity. arXiv Permacoin: Repurposing bitcoin work for data preservation Bitcoin: A peer-to-peer electronic cash system Detecting fraudulent accounts on blockchain: A supervised approach Anomaly detection in bitcoin network using unsupervised learning methods Anomaly detection in the bitcoin system-a network perspective. arXiv A machine learning-based method for automated blockchain transaction signing including personalized anomaly detection The tangle Identifying malicious accounts in blockchains using domain names and associated temporal properties. arXiv The ripple protocol consensus algorithm Porf: Proof-of-reputation-based consensus scheme for fair transaction ordering Iota tangle: A cryptocurrency to communicate internetof-things data Spectre: a fast and scalable cryptocurrency protocol PHANTOM and GHOSTDAG: A scalable generalization of nakamoto consensus. IACR Cryptology ePrint Archive Ppcoin: Peer-to-peer crypto-currency with proof-of-stake Slashing penalties explained in 2 minutes (ethereum 2.0) Anti-money laundering in bitcoin: Experimenting with graph convolutional networks for financial forensics A novel method for recovery from crypto ransomware infections A survey of distributed consensus protocols for blockchain networks Regulating cryptocurrencies: A supervised machine learning approach to de-anonymizing the bitcoin blockchain Repucoin: Your reputation is your power Proof of reputation: A reputation-based consensus protocol for blockchain based systems In Algorand [12] , the consensus process follows a hybrid PoS-BFT mechanism. As we proceed, we describe the process steps leading to block formation and addition into the blockchain. Our assumption is that the current blockchain already contains r − 1 blocks, where r ≥ 3 and r ∈ N. Therefore, the consensus process is taking place for r th block. The notations used are based on [12] . In Algorand, the users in the blockchain network are in the set N with the stake of user ni ∈ N till (r − 1) th block given as S r−1 n i . The consensus steps for r th block formation round are termed as (r, s), where s ∈ N and represents the step number.Step (r, 1) is the block proposal step, where the selected nodes create and propagate a block into the network. To propose the r th block, an essential component is a seed Q r−1 defined using equation 26.Here, φ r−1 represents empty (r − 1) th block, which is the case when none of the proposed blocks is able to secure required consensus for round r − 1. Also, the term H(SIGi(Z)) is defined as the hash value of the quantity Z after being digitally signed by user ni using its private key, sk r,1 i , generated for the same purpose. An empty block is defined as in equation 27 where Φ represents 'NULL' transaction data.In equation 26, the value of Q r−1 in case of B r−1 being non-empty is calculated by the node l r−1 . Here l r−1 ∈ N is the successful proposer credited with addition of confirmed block B r−1 at round r − 1. The value of Q r−1 is determined with the finalisation of block B r−1 . In the process of formation of B r , Q r−1 is used to determine the proposers and the validators for B r . For participating in consensus process for r th block, a node ni computes hash value H(SIGi(r, s, Q r−1 )) in each step (r, s) for s > 1. The hash value calculation for s = 1 is done while considering the user's stake in the network.The selection procedure for the proposers and validators is known as cryptographic sortition. In step (r, 1), each node (user account) ni ∈ N computes its credential σ r,1 i , and checks the output against a predefined threshold. The procedure for consensus is effectively byzantine agreement combined with the proof of stake. To incorporate the advantage based on the stake in the network, for step (r, 1), each unit of Algorand cryptocurrency is treated as an individual sub-user attached to the user holding it. Therefore, the more a user's stake is, the more it has sub-users, and the better its chances are of getting selected as a block proposer. The credential which ni ∈ N generates for step (r, 1) and propagates in case of getting selected as proposer is given in equation 28. The proposer ni ∈ Vr,1 selects σ r,1For step (r, 1), the hash value of the credential is converted into decimal and then normalised using division by 2 hashlen , where hashlen is the length of the output hash σ r,1 i for ni. Let the normalised decimal value of σ r,1 i be Θ r,1 i . To consider the stake for ni in step (r, 1), the hash value to compute will be H(SIGi(r, 1, K, Q r−1 )), where K ∈ [1, S r−1 n i ] represents the K th sub-user alias of ni. If ni gets selected in (r, 1) as a proposer, it forms a block B r i to propagate it to its peers in the blockchain network. Here, B r i is the proposed block by ni which can get confirmed as B r after successfully getting majority (31) In the consensus process, the assumption is that at least 2 3 of the stake is with honest users. The threshold for confirming the validation result in each step (r, s) of round r for s > 1 is tH = 2|Vr,s| 3 + 1. Let the normalised decimal value of σ r,s j for s > 1 be Λ r,s j . In order for nj to get selected and have v number of votes as validator in step (r, s) of round r for s > 1, the condition Λ r,s j ∈ Υ r,j v is to be fulfilled. In each round, the validators send their decision signed with their private key from their public-private ephemeral key set. Each node destroys its private key just after one time use.The propagated messages m r,1 i and {Head(B r i ), σ r,1 i } for ni ∈ Vr,1 initiate the beginning of step (r, 2). As per the followed convention, the set of validators for the round (r, 2) are given by Vr,2. In (r, 2), the validator nj ∈ Vr,2 waits for a predetermined time period, then checks the different hash values received from the users in Vr,1. After the predetermined time period (network parameter), the validator nj checks all the credential values received by the selected nodes in (r, 1) and finds the σ r,1 i , such that the normalized decimal value of its hash value, Θ r,1 is not valid, nj ∈ Vr,2 propagates the vote for the empty block. The subsequent steps have two components, graded consensus followed by binary consensus. In the step (r, 3), a new set of users n k ∈ Vr,3 accumulate the messages from Vr,2 and evaluate the messages m r,2 j received from nj ∈ Vr,2 value to decide on which block to include. In step (r, 3), the validator n k with k ∈ Vr,3 (set of validators in (r, 3)) propagates the message m r,3 x = {SIG k (vm r,3 k ), σ r,3 k } into the network. The structure of vm r,3 k is same as that of vm r,2 j . The choice for vm r,3x is between a hash of non-empty block proposed in (r, 1) validated by atleast tH messages from (r, 2) or the hash of an empty block as default message after a predefined time period.The step (r, 4) and the subsequent rounds are binary consensus procedure, in which the decision is taken to select either the valid block or an empty block. In (r, 4), the validator na with a ∈ Vr,4 (set of validators in (r, 4)) accumulates the messages from Vr,3. The decision making is made binary by introducing two additional variables, g r,4 a and b r,4 a for na ∈ Vr,4. After evaluating all the valid messages among m r,3 j for all n k ∈ Vr,3, na ∈ Vr,4 in has four choices. If there are at least tH valid messages advocating a non-empty block, then g r,4 a = 2 and b r,4 a = 0. For