See also our section on Security Economics.
In the IEEE Symposium on Security and Privacy (2018), one of the top tier security conferences, we presented our work in futures exchange decentralization.
Futures exchange is the operator of a futures market which consists of traders who bid and ask for futures contracts — standardized promises to buy or sell an underlying asset that are made today and to be fulfilled in a future date. To make sure the traders can meet the promises the exchange requires them to deposit some initial money into their cash reserve.
An exchange has three main functions: (1) Price discovery that allows traders to post/cancel limit orders to form the anonymous order book where only price and volume are publicly visible but not the identity of the traders that post the orders; (2) Transaction management in which the exchange processes the market orders for actual transactions; and (3) Risk management where the exchange constantly monitors the short positions' trading account to make sure they can meet their promises regarding the new market price.
As of today, all the exchanges are centralized, e.g. the Chicago Mercantile Exchange which is among the largest exchanges in the world. To replicate the functionality of an exchange in a distributed system is not a trivial task. It is easy to see that first one needs to maintain the market integrity along side with solving the consensus problem as other previous secure distributed systems, e.g. Bitcoin. It is however less obvious to notice the challenges that are specific to futures market. including account confidentiality, trader anonymity. The non-monotonic behavior of the futures market in which honest actions can invalidate past security evidences is also a novel challenge. Finally, for a decentralized exchange to be viable one must maintain the proportional burden property to alleviate the effort required by the retail and institutional traders in the presence of the high frequency traders.
We design a hybrid solution and opt to use as much standard crypto building blocks as possible including public ledger, anonymous communication network, commitment scheme, zero-knowledge proof system, Merkle tree and generic MPC.
To overcome the denial-of-service attack where the adversary aborts the protocol, we make the abort costly. In particular we employ the penalty strategy of Hawk (S&P 16) in which the initial cash reserve is locked and only released after the final Mark To Market phase. The aborting party is prevented to join the final phase hence he will lose the deposit — the ultimate possible financial penalty.
Using the Lean Hog futures data in the first quarter of 2017 obtained from the CME, we demonstrate that our hybrid solution is able to maintain proportional burden in which the crypto overhead for the retail traders are close to zero while the full MPC solution yields magnitude of orders higher burden for them. Our optimized implementation is also practical enough to fit most of the Lean Hog trading days into only 1 or 2 days of computation. Further optimizations are possible, such as zk-proofs generation parallelization.
Traditionally, security and economics functionalities in IT fnancial services and protocols (FinTech) have been perceived as separate objectives. In our new paper in SPW 2017 We argue that keeping them separate is a bad idea for FinTech Decentralized Autonomous Organizations (DAOs). In fact, security and economics are one for DAOs: we show that the failure of a security property, e.g. anonymity, can destroy a DAOs because economic attacks can be tailgated to security attacks. This is illustrated by the examples of TheDAO (built on the Ethereum platform) and the DAOed version of a Futures Exchange. We claim that security and economics vulnerabilities, which we named seconomics vulnerabilities, are indeed new beasts to be reckoned with.
Our observation is that, in a normal case, monetary losses come indirectly from security vulnerabilities. When your computer gets infected with a malware you don't immediately lose your money. Only when the hacker finds very complicated ways to monetize your assets then you suffer from the loss. In other words,
However, it is different for Decentralised Autonomous Organisation (DAO) in which the organisation is basically a software running whose information populated on a distributed ledger platform and whose rules are all implemented with the smart contracts (e.g. TheDAO on the Ethereum network).
|Our first claim, which follows the DAO definition, is that||(A)||code = company|
|And typically organisations are vectors for contracts and financial transactions (Tirole)||(B)||company = monetary transactions|
|Then, from (A) and (B), it follows immediately that||(C)||code = monetary transactions|
|As a result in this case money loss comes directly from a security vulnerability, i.e.||security vulnerability = monetary loss|
Then we would certainly wonder “When we face a loss in a DAO, can we undo the damages?” Unfortunately, the answer is that there is no possible technical fix for the DAO, as the thing that happened is the balkanization of the Ethereum network.
In conclusion, for financial technology protocols, we always have to consider this kind of security economics vulnerabilities in which besides preserving the integrity or some other security properties we also need to consider the economics aspect of the application that we are trying to build because, for example, in TheDAO's case, any kind of ex-post fix is impossible (as we can see from the Ethereum network fork into the original Ethereum and the classic Etherum).