Skip to main content
Springer Nature Link
Log in

Practical Witness-Key-Agreement for Blockchain-Based Dark Pools Financial Trading

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12675))

Included in the following conference series:

  • 1557 Accesses

Abstract

We introduce a new cryptographic scheme, Witness Key Agreement (WKA), that allows a party to securely agree on a secret key with a counter party holding publicly committed information only if the counter party also owns a secret witness in a desired (arithmetic) relation with the committed information.

Our motivating applications are over-the-counter (OTC) markets and dark pools, popular trading mechanisms. In such pools investors wish to communicate only to trading partners whose transaction conditions and asset holdings satisfy some constraints. The investor must establish a secure, authenticated channel with eligible traders where the latter committed information matches a desired relation. At the same time traders should be able to show eligibility while keeping their financial information secret.

We construct a WKA scheme for languages of statements proven in the designated-verifier Succinct Zero-Knowledge Non-Interactive Argument of Knowledge Proof System (zk-SNARK). We illustrate the practical feasibility of our construction with some arithmetic circuits of practical interest by using data from US$ denominated corporate securities traded on Bloomberg Tradebook.

This research was conducted during the author’s visit to the University of Waterloo.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    WKA does not intend to hide whether the Prover/Verifier established communication as they are completely anonymous.

  2. 2.

    One can argue that there could be DDOS attacks where an attacker can post either malformed offers, or correctly formed ones but they have no intention of filling, to the blockchain. In the first case, as the Verifier only needs to forge the last proof element F (1) while the Prover has to compute the full proof (4(m âˆ’ l + 3n)) as shown in Table 3, such an attack will require tremendous effort from the Prover but not so much from the Verifier. In the second case, unfortunately we cannot solve this as it exists even in the centralized system. A trader/investor can post an offer, and cancel it before it is filled or immediately in the next round. However, at the point the offer was posted, the exchange cannot know whether the offer will be canceled or not.

  3. 3.

    In the concrete construction by Groth [24] (see also Fig. 3), \(k = 3\) and the proof matrix \(\boldsymbol{\varPi }\) is represented as the coefficients of the linear functions.

  4. 4.

    The concrete example of this observation can be seen in Fig. 3 in Sect. 6. The first two elements A and B (Eq. (7) and (8)) uniquely define C (Eq. (9)) and they can be fed into the proof forging formula (Eq. (11)) to get the 3rd element C which should be the same for either party.

  5. 5.

    This property formally guarantees that given a valid ciphertext \(\boldsymbol{\pi }\) by an adversary, it is possible to efficiently extract the corresponding affine function \((\boldsymbol{\varPi },\boldsymbol{\pi }_0)\) that explains \(\boldsymbol{\pi }\). Such property is important for Knowledge Soundness of WKA.

  6. 6.

    Users are advised to run the shared secret through a hash function modelled as a random oracle before using it as a key for any other cryptosystem.

  7. 7.

    Such an assumption can be relaxed by asking a TTP to generate the CRS (such as Bloomberg itself). Using a TTP for bootstrapping security protocols have been considered in literature, see for example HAWK [29]. This is a much weaker trust assumption than managing orders themselves because the generation of the CRS requires only the relation R and the public key for the encryption. Therefore such a TTP is only trusted to do the computation correctly. Without the private key, the TTP cannot learn additional information.

  8. 8.

    Benchmarked in 2015. As such, it provides a lower bound to our WKA performance.

  9. 9.

    https://ethstats.net/.

  10. 10.

    In our protocol, the blockchain is the actual bottleneck. Looking at Table 4, the runtime of each step (including setups) is less than the block time of the fastest permissionless blockchain (Ethereum roughly generates a block every 15 s). Hence evaluating the interfaces of our scheme with the blockchain is equivalent to evaluating the blockchain itself. We should add that the current blockchain technologies is not adequate yet for high speed dark pools. Our major concern and main evaluation focus therefore is our scheme’s crypto overhead.

References

  1. Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Software Eng. 22(1), 6–15 (1996)

    Article  Google Scholar 

  2. Abdolmaleki, B., Baghery, K., Lipmaa, H., Zając, M.: A subversion-resistant SNARK. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_1

    Chapter  Google Scholar 

  3. Abusalah, H., Fuchsbauer, G., Pietrzak, K.: Offline witness encryption. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 285–303. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_16

    Chapter  Google Scholar 

  4. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  MATH  Google Scholar 

  5. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84. IEEE (1992)

    Google Scholar 

  6. Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_18

    Chapter  Google Scholar 

  7. Bloomberg: Tradebook Bloomberg Professional Services (2019). https://www.bloomberg.com/professional/solution/tradebook/. Accessed 01 May 2019

  8. Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191. ACM (2017)

    Google Scholar 

  9. Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential authenticated identification and key exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_14

    Chapter  Google Scholar 

  10. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 2001 IEEE International Conference on Cluster Computing, pp. 136–145. IEEE (2001)

    Google Scholar 

  11. Cartlidge, J., Smart, N.P., Talibi Alaoui, Y.: MPC joins the dark side. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 148–159 (2019)

    Google Scholar 

  12. Chaum, D., Crépeau, C., Damgard, I.: Multiparty unconditionally secure protocols. In: The Twentieth ACM Symposium on Theory of Computing, pp. 11–19. ACM (1988)

    Google Scholar 

  13. Derler, D., Slamanig, D.: Practical witness encryption for algebraic languages or how to encrypt under Groth-Sahai proofs. Des. Codes Crypt. 86(11), 2525–2547 (2018)

    Article  MathSciNet  Google Scholar 

  14. Dhungel, P., Steiner, M., Rimac, I., Hilt, V., Ross, K.W.: Waiting for anonymity: Understanding delays in the tor overlay. In: 2010 IEEE Tenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–4. IEEE (2010)

    Google Scholar 

  15. Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11

    Chapter  Google Scholar 

  16. Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_1

    Chapter  Google Scholar 

  17. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016)

    Article  MathSciNet  Google Scholar 

  18. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: 45th ACM Symposium on Theory of Computing, pp. 467–476. ACM (2013)

    Google Scholar 

  19. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37

    Chapter  Google Scholar 

  20. Gentry, C., Lewko, A., Waters, B.: Witness encryption from instance independent assumptions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 426–443. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_24

    Chapter  Google Scholar 

  21. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: 43rd ACM Symposium on Theory of Computing, pp. 99–108. ACM (2011)

    Google Scholar 

  22. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991)

    Article  MathSciNet  Google Scholar 

  23. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  24. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  25. Groth, J., Maller, M.: Snarky signatures: minimal signatures of knowledge from simulation-extractable SNARKs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 581–612. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_20

    Chapter  Google Scholar 

  26. Ben Hamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Efficient UC-secure authenticated key-exchange for algebraic languages. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 272–291. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_18

    Chapter  MATH  Google Scholar 

  27. Hazay, C., Scholl, P., Soria-Vazquez, E.: Low cost constant round MPC combining BMR and oblivious transfer. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 598–628. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_21

    Chapter  Google Scholar 

  28. Jost, C., Lam, H., Maximov, A., Smeets, B.J.: Encryption Performance Improvements of the Paillier Cryptosystem. IACR Cryptology ePrint Archive 2015, 864 (2015)

    Google Scholar 

  29. Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839–858. IEEE (2016)

    Google Scholar 

  30. Kosba, A.E., et al.: How to Use SNARKs in Universally Composable Protocols. IACR Cryptology ePrint Archive 2015, 1093 (2015)

    Google Scholar 

  31. Markham, J.W.: Manipulation of commodity futures prices-the unprosecutable crime. Yale J. Regul. 8, 281 (1991)

    Google Scholar 

  32. Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J.: The seconomics (security-economics) vulnerabilities of decentralized autonomous organizations. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds.) Security Protocols 2017. LNCS, vol. 10476, pp. 171–179. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71075-4_19

    Chapter  Google Scholar 

  33. Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J.: FuturesMEX: secure, distributed futures market exchange. In: 2018 IEEE Symposium on Security and Privacy, pp. 335–353. IEEE (2018)

    Google Scholar 

  34. Ngo, C.N., Massacci, F., Kerschbaum, F., Williams, J.: Practical Witness-Key-Agreement for Blockchain-based Dark Pools Financial Trading. IFCA Archive, 2021 (2021). https://fc21.ifca.ai/papers/113.pdf. Accessed 26 Mar 2021

  35. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16

    Chapter  Google Scholar 

  36. Sasson, E.B., et al.: ZeroCash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)

    Google Scholar 

  37. SCIPR Lab: libsnark: a C++ library for zkSNARK proofs (2019). https://github.com/scipr-lab/libsnark. Accessed 01 May 2019

  38. TheVerge: Data glitch sets tech company stock prices at USD 123.47. https://www.theverge.com/2017/7/3/15917950/nasdaq-nyse-stock-market-data-error. Accessed 01 May 2019

Download references

Acknowledgements

We thank Ian Goldberg, Ivan Visconti, and the anonymous reviewers for their many insightful comments and suggestions. Chan Nam Ngo and Fabio Massacci were partly supported by the European Commission under the H2020 Programme Grant Agreement No. 830929 (CyberSec4Europe). Florian Kerschbaum was supported by NSERC grants RGPIN-05849, CRDPJ-531191, IRC537591, and the Royal Bank of Canada.

Author information

Authors and Affiliations

  1. University of Trento, Trento, Italy

    Chan Nam Ngo & Fabio Massacci

  2. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Fabio Massacci

  3. University of Waterloo, Waterloo, Canada

    Florian Kerschbaum

  4. Durham Business School, Durham, UK

    Julian Williams

Authors
  1. Chan Nam Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Kerschbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julian Williams
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chan Nam Ngo .

Editor information

Editors and Affiliations

  1. University of Illinois at Urbana-Champaign, Urbana, IL, USA

    Nikita Borisov

  2. KU Leuven, Leuven, Belgium

    Claudia Diaz

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ngo, C.N., Massacci, F., Kerschbaum, F., Williams, J. (2021). Practical Witness-Key-Agreement for Blockchain-Based Dark Pools Financial Trading. In: Borisov, N., Diaz, C. (eds) Financial Cryptography and Data Security. FC 2021. Lecture Notes in Computer Science(), vol 12675. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64331-0_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-64331-0_30

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-64330-3

  • Online ISBN: 978-3-662-64331-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics