Mitigating Collusion in Proofs of Liabilities
This addresses a security gap in cryptocurrency exchange trust mechanisms, offering a novel solution to prevent collusion attacks.
The paper tackles the problem of collusion attacks in proofs of liabilities (PoLs) for cryptocurrency exchanges by proposing a permissioned PoL model that does not require user cooperation to detect dishonest providers, resulting in up to 10x server performance improvement compared to prior schemes.
Cryptocurrency exchanges use proofs of liabilities (PoLs) to prove to their customers their liabilities committed on-chain, thereby enhancing their trust in the service. Unfortunately, a close examination of currently deployed and academic PoLs reveals significant shortcomings in their designs. For instance, existing schemes cannot resist realistic attack scenarios in which the provider colludes with an existing user. In this paper, we propose a new model, dubbed permissioned PoL, that addresses this gap by not requiring cooperation from users to detect a dishonest provider's potential misbehavior. At the core of our proposal lies a novel primitive, which we call Permissioned Vector Commitment (PVC), to ensure that a committed vector only contains values that users have explicitly signed. We provide an efficient PVC and PoL construction that carefully combines homomorphic properties of KZG commitments and BLS-based signatures. Our prototype implementation shows that, despite the stronger security, our proposal also improves server performance (by up to $10\times$) compared to prior PoLs.