Sunday, February 14, 2016

Cryptocurrencies: addressing the problem of solvency

A cryptocurrency (or crypto currency) is a medium of exchange using cryptography to secure the transactions and to control the creation of new units.
(taken from Wikipedia)

The first decentralized cryptocurrency, bitcoin, was created in 2009 by Satoshi Nakamoto, a bogus name behind which the developer (or the group of developers) hides his identity. Despite many efforts to discover the real identity of Mr. Nakamoto (e.g. by analysing his perfect British English, his coding style, and even tracing the timestamps for his on line activities to recover the time zone he lives in), nothing is known for sure and the particulars of the creator(s) of bitcoin remain a mystery.

Three of the main concepts related to Bitcoin are addresses, keys and wallets:

 - an address is an identifier of 26-35 alphanumeric characters, beginning with the number 1 or 3, that represents a possible destination for a bitcoin payment. Unlike a common postal or e-mail address, a bitcoin address is designed to be used exactly once only. While it is technically possible to use it more than once, this can harm one's privacy and even that of other users

- bitcoin is based on public-key encryption: the secret key is used to sign transactions (and thus spend bitcoins), while the public one is used to verify these transactions. A bitcoin address is simply a 160-bit hash of the public key

- a wallet is a file that contains a collection of private keys

Among the many interesting features of this cryptocurrency, the bitcoin system is completely peer-to-peer, meaning that users can perform transactions directly, without any intermediary (like a bank). Transactions are verified by network nodes and recorded in a public distributed ledger, called block chain. Besides being exchanged thanks to transactions,  new bitcoins can be generated through mining:

Mining is the process of adding transaction records to bitcoin's public ledger of past transactions. This ledger [...] serves to confirm transactions to the rest of the network as having taken place. Bitcoin nodes use the block chain to distinguish legitimate bitcoin transactions from attempts to re-spend coins that have already been spent elsewhere.
Mining is intentionally designed to be resource-intensive and difficult so that the number of blocks found each day by miners remains steady. [...]
 The primary purpose of mining is to allow bitcoin nodes to reach a secure, tamper-resistant consensus. Mining is also the mechanism used to introduce bitcoins into the system: miners are paid any transaction fees as well as a "subsidy" of newly created coins. This both serves the purpose of disseminating new coins in a decentralized manner as well as motivating people to provide security for the system.
(taken from bitcoin wiki)

The use of bitcoin as a mean to pay for goods and services keeps on growing but, because of its untraceability, it is also used by criminals (e.g. for payments in black markets on the darknet): for this reason, several governments are starting to take actions in order to regulate virtual currencies.

Managing cryptographic keys can be difficult for many users, so they usually prefer to keep their money with online exchanges, which can then provide a simple user experience similar to online banking. Anyway, things can still go terribly bad! The story of Mt. Gox may be quite enlightening: this bitcoin exchange was created in 2010 and within three years it was already handling 70% of all bitcoin transactions. In 2014 it was announced that the equivalent of US$450M was "missing", likely stolen, and that the theft had gone undetected for years.
This event should suggest a very simple thing: it is important for the users to be able to verify that the exchange still holds their money. For this purpose it is possible to use the proofs of solvency.
Improving upon previous works (e.g. [1]), Bonneau et al. [2] proposed Provisions, a proof of solvency which is able to (1) reveal nothing about customer holdings, (2) keep the value of the exchange's total holdings secret, (3) maintain unlinkability between an exchange and its Bitcoin addresses and (4) avoid collusions between different exchanges.

Citing from [2], "a proof of solvency consists of two components. In the first, the proof of liabilities, the exchange commits to the total quantity of bitcoin it owes to all of its users. In the second, the proof of assets, the exchange commits to the total value of bitcoin it has signing authority over. If the latter committed value is greater than or equal to the former, the exchange is considered solvent".

Provisions consists of three main protocols:

1. proof of assets --- the exchange commits to its total assets and proves in zero-knowledge that the sum of balances held by the public keys it owns (i.e. those for which it knows the secret key) is equal to the committed value

2. proof of liabilities --- the exchange publishes a commitment to each user's account balance, then homomorphically sums the committed values and produces a commitment to the total liabilities. The exchange enables each user to privately verify that the commitment to his balance is correct

3. proof of solvency --- the exchange homomorphically computes a commitment to the difference of the assets and liabilities (thanks to the result of the first two protocols) and then proves in zero-knowledge that it is a commitment to zero

A final remark on the benefits introduced by proofs of solvency: it is certainly useful for the users to be able to periodically verify that an exchange still holds their money, but this does not solve all the problems, as the risk of a catastrophic loss always remains. Moreover, the simple fact that the exchange holds the bitcoins (i.e. the money) does not guarantee that it will return it when asked to do so! For instance, one could imagine a situation in which a mysterious party accepts to give the exchange its secret key(s), so that it can demonstrate it owns a certain amount of money and "pass" the proof of solvency. Nevertheless, this does not guarantee that the money will be really available for withdrawing or spending. Anyway, this has probably to be considered an intrinsic danger of such systems, as it is impossible to prove one's intention. In [2] they sketch a possible way to mitigate this kind of issue: an exchange could send a customer's money to an address redeemable by either the exchange or the user. This way, the user would have a "window" to redeem the money, if he wants. Of course, such a strategy would be rather impractical for obvious reasons.

In conclusion, while many people might still be scared of using cryptocurrencies (because of the complex mechanism they are based on and, possibly, because of their intrinsically intangible nature) steps are being taken to make the system more secure and "tempting" for the masses.

[1] Z. Wilcox. Proving your bitcoin reserves, Feb. 2014
[2] G. G. Dagher, B. Bünz, J. Bonneau, J. Clark, D. Boneh. Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges, Oct. 2015

No comments:

Post a Comment