Private BitTorrent trackers enforce upload-to-download ratios to prevent free-riding, but suffer from three critical weaknesses: reputation cannot move between trackers, centralized servers create single points of failure, and upload statistics are self-reported and unverifiable. When a tracker shuts down, users lose their contribution history and cannot prove their standing to new communities. We address these problems by storing reputation in smart contracts and replacing self-reports with cryptographic attestations. Peers sign receipts for received pieces; the tracker aggregates them via BLS signatures and updates reputation. If a tracker is unavailable, peers fall back to an authenticated distributed hash table (DHT): stored reputation acts as a public key infrastructure (PKI), preserving access control without the tracker. Reputation is portable across tracker failures through single-hop migration in factory-deployed contracts. We also address the privacy implications of publishing public keys and reputations tied to private trackers on a public ledger: we propose ephemeral session keys to prevent linking peer identities, zero-knowledge membership proofs for anonymous DHT participation, and confidential reputation using homomorphic commitments. We formalize the security requirements, prove four security properties under standard cryptographic assumptions, and evaluate a prototype. Measurements show that transfer receipts add less than 5\% end-to-end overhead with typical piece sizes. To minimize signing overhead, we adopt a hybrid signature scheme: ECDSA signs individual piece receipts at transfer time for low per-operation latency, while BLS serves as the overarching scheme, enabling compact aggregation of many receipts into a single proof at report time. This design reduces client-side signing cost by an order of magnitude compared to using BLS throughout.

翻译：私有BitTorrent追踪器通过强制上传下载比率来防止搭便车行为，但存在三个关键缺陷：声誉无法在追踪器间迁移、中心化服务器造成单点故障、上传统计依赖自我报告且不可验证。当追踪器关闭时，用户会丢失其贡献历史记录，无法向新社区证明自身信誉。我们通过将声誉存储于智能合约，并用密码学认证替代自我报告来解决这些问题。对等节点为接收的数据块签署收据；追踪器通过BLS签名聚合这些收据并更新声誉数据。若追踪器不可用，对等节点将回退至认证分布式哈希表（DHT）：存储的声誉作为公钥基础设施（PKI），在无需追踪器的情况下维持访问控制。通过工厂部署合约中的单跳迁移机制，声誉可在追踪器故障时跨系统转移。我们还处理了将绑定私有追踪器的公钥与声誉发布至公开账本的隐私问题：提出使用临时会话密钥防止对等身份关联、采用零知识成员证明实现匿名DHT参与、通过同态承诺实现保密声誉。我们形式化定义了安全需求，在标准密码学假设下证明了四个安全属性，并对原型系统进行了评估。实测表明，传输收据在典型数据块尺寸下产生的端到端开销低于5%。为最小化签名开销，我们采用混合签名方案：传输时使用ECDSA为单个数据块收据签名以实现低单次操作延迟，同时以BLS作为整体性方案，在报告时将多个收据紧凑聚合为单一证明。与全程使用BLS的方案相比，本设计将客户端签名开销降低一个数量级。