Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Mitigating Collusion in Proofs of Liabilities

Malcom Mohamed, Ghassan Karame

Abstract

Cryptocurrency exchanges use proofs of liabilities (PoLs) to prove to their customers their liabilities committed on-chain, thereby enhancing their trust in the service. Unfortunately, a close examination of currently deployed and academic PoLs reveals significant shortcomings in their designs. For instance, existing schemes cannot resist realistic attack scenarios in which the provider colludes with an existing user. In this paper, we propose a new model, dubbed permissioned PoL, that addresses this gap by not requiring cooperation from users to detect a dishonest provider's potential misbehavior. At the core of our proposal lies a novel primitive, which we call Permissioned Vector Commitment (PVC), to ensure that a committed vector only contains values that users have explicitly signed. We provide an efficient PVC and PoL construction that carefully combines homomorphic properties of KZG commitments and BLS-based signatures. Our prototype implementation shows that, despite the stronger security, our proposal also improves server performance (by up to $10\times$) compared to prior PoLs.

Mitigating Collusion in Proofs of Liabilities

Abstract

Cryptocurrency exchanges use proofs of liabilities (PoLs) to prove to their customers their liabilities committed on-chain, thereby enhancing their trust in the service. Unfortunately, a close examination of currently deployed and academic PoLs reveals significant shortcomings in their designs. For instance, existing schemes cannot resist realistic attack scenarios in which the provider colludes with an existing user. In this paper, we propose a new model, dubbed permissioned PoL, that addresses this gap by not requiring cooperation from users to detect a dishonest provider's potential misbehavior. At the core of our proposal lies a novel primitive, which we call Permissioned Vector Commitment (PVC), to ensure that a committed vector only contains values that users have explicitly signed. We provide an efficient PVC and PoL construction that carefully combines homomorphic properties of KZG commitments and BLS-based signatures. Our prototype implementation shows that, despite the stronger security, our proposal also improves server performance (by up to ) compared to prior PoLs.
Paper Structure (30 sections, 5 theorems, 17 equations, 9 figures, 1 table)

This paper contains 30 sections, 5 theorems, 17 equations, 9 figures, 1 table.

Table of Contents

  1. Introduction
  2. Proofs of Liabilities
  3. System Model
  4. Existing Schemes
  5. Limitations
  6. Towards a New Model
  7. Permissioned Vector Commitment
  8. Overview
  9. Definitions
  10. Preliminaries & New Building Blocks
  11. Conventions
  12. KZG Vector Commitments
  13. Quotient Proofs
  14. APK Proofs
  15. Lookup Tree
  16. ...and 15 more sections

Key Result

Proposition 1

If ${\texttt{VerifyKeys}}(S, E, S', \varphi)=1$, $S'$ is append-only from $S$.

Figures (9)

  • Figure 1: OTB attack, undetectable by prior PoLs. Meanwhile, Alice is risk-free.
  • Figure 2: Executed USDT-denominated trades per hour on Binance between 2 January 2025 and 22 January 2025 binanceData.
  • Figure 3: High-level prim workflow. (1) Users make requests within an epoch. (2) At the end of the epoch, the provider publishes new commitments with publicly verifiable proofs. (3) The users who made requests confirm their updates' inclusion.
  • Figure 4: Example of our method to prove that $s(\omega^i)=0$ for all $i$ with $\alpha(i) \in [\alpha(k),n-1]$ for $n=8,k=n/2$.
  • Figure 5: Verifying that $s+s_E$ is an append-only update. Here, $k_0,{} \dots,{} k_{\log(n)-1}$ and $c_0,\dots,c_{\log(n)-1}$ are the bits of $k$ and $c$.
  • ...and 4 more figures

Theorems & Definitions (10)

  • Remark 1: Minimum required checks
  • Definition 1: prim
  • Definition 2: Data Security
  • Definition 3: Data Privacy
  • Proposition 1
  • Proposition 2
  • Proposition 3
  • Proposition 4: Data Security
  • Proposition 5: Data Privacy
  • Remark 2: Sharding