How Exchanges Can Be Free of Risk

in cryptocurrencies •  2 years ago 

aaaaa.jpg

Crypto marketplaces such as FTX have caused huge losses to users because of the lack of full custody coverage. These issues stem from the way current electronic markets were simply designed as copies of open outcry and paper-based markets – and also, ironically, from the fact that all the major crypto markets were built in a centralized manner.

We have recently been reminded that markets, as heavily as we rely on them, are far from ideal in practice. For one thing, settlement risk of major equities markets is increasingly capable of taking down the global economy. This is because of the growing number of traders occasionally using social media to in effect collude, such as with GameStop.
For another, cryptocurrency marketplaces such as FTX have caused huge losses to users because of the lack of full custody coverage. These issues stem from the way current electronic markets were simply designed as copies of open outcry and paper-based markets – and, also, ironically, from the fact that all the major crypto markets were built in an unprecedentedly centralized manner.
Even a commitment to full coverage is, of course, not enough to address custody risk – those running an exchange can easily abscond with its assets. And even if both settlement and custody risk are solved, information asymmetry remains a problem. Access to tremendously valuable information about trades and traders is available exclusively to those who operate all types of markets today. Somewhat akin to consumer data in Web2 versus Web3, this data has huge potential for a variety of clandestine market manipulations. There is currently no way to prove the negative, that such information is not being exploited to the detriment of traders and markets overall.

David Chaum, a pioneer in cryptography and in privacy preserving and secure voting technologies, is the creator and founder of the xx network. In 1995 his company, DigiCash, created and deployed eCash, the first digital currency, which used Chaum's breakthrough blind-signature protocol. This essay is part of CoinDesk's Crypto 2023 series.
A market mechanism I’ll introduce below solves these problems. It has no custody risk or settlement risk, and trader information is available only to the respective traders themselves.
The underlying type of market here is generally referred to as a “call market.” Such periodic auction markets are, for instance, used today in Nasdaq’s opening and closing periods. Traders place what should be sealed transaction requests during these trading periods. Only after the period ends are the requests, in effect, unsealed, a single price calculated from the requests and the trades that should clear at that price consummated.
To keep trader information from the exchange operator in the solution here, the market clearing price is calculated by a so-called multiparty computation (MPC). This term was coined by me to describe what are now increasingly often-deployed cryptographic techniques. These allow multiple encrypted inputs to be converted to a cleartext output by an agreed algorithm. The “computation” is in effect performed by the cryptographic protocol itself such that no party can decrypt the encrypted inputs posted, but all parties can be certain that the cleartext output was computed correctly from exactly those inputs.
Although most equities and traditional commodities today are not primarily represented on blockchains, a few are, such as by the Swiss exchange Sixth. In this system, however, to address settlement and custody risk all assets traded are held on blockchains. For instance, when the pair being traded is bitcoin against dollars, bitcoin is, of course, already on a blockchain and dollars would be on a dollar stablecoin blockchain. As part of the process of submitting a bid or ask, the asset is transferred to a wallet on the native blockchain of that asset. But such wallets are created to be under joint custody of the exchange and the trader – so-called “multisig” wallets. Their value can only be transferred out by cooperation of those two entities.
Read more: 10 Predictions for the Future of Crypto in 2023
Once the multiparty computation reveals the market clearing price as mentioned above, some of the multisig wallets will trade and the rest will be refunded. Bids above the clearing price, as well as asks below the clearing price, trade at the clearing price in a typical call market; non-traded bids and asks result in the assets in the associated multisig wallet being refunded to the trader who placed them there. Such refunds are easy to achieve: The exchange operator simply reveals its keys for all multisigs for which a zero-knowledge proof, provided by a given trader, shows that the particular price that was cryptographically committed to by that trader does not make the cutoff. (To ensure that the numbers of buyers and sellers that will trade are equal, different cutoffs can be provided for buy- and sell-side.) The keys issued by the exchange are useless to anyone except the trader in question, who then uses them to regain control of the asset they committed.

A simple way to accomplish the swap of those assets remaining locked in the multisig wallets is based on fixed lots on one side of the asset pair: for instance, one bitcoin against a variable number of dollars. (Larger trades could be made more efficient by multiple parallel markets, each for fixed lots such as two, four, eight and 16 bitcoin, but using the same clearing price; however, I’ll ignore this elaboration in what follows.) An amount of value initially moved to the multisig wallets on the variable-amount side by traders functions as a minimum “commitment fee.” Once the clearing price is established by MPC, traders on the variable-amount side transfer additional value to their respective multisig wallets so as to fund the exact amount required by the swap.
Finally, the MPC randomly pairs off all remaining counterparties, each pair comprising one trader on the bid side and one on the ask side. This then allows each pair to bilaterally complete an “atomic swap” protocol, in which settlement occurs directly as part of the trade. Such a swap is the only way the parties can unlock the value they placed in the multisig wallet. As I noted earlier, it results in the party on one side of the trade taking custody of what was the multisig wallet of their counterparty on the other side of the trade. What I’ve called “Liquifinity” is an atomic-swap technology that cryptographically secures against either party walking away before they give their counterparty the keys for the multisig to be transferred and thereby complete the swap. So parties that placed a bid for a price above the clearing price consummate a trade with randomly-selected counterparties that committed to an ask below the clearing price. No third party ever has custody, meaning no custody risk. And the trade is “atomic” – settlement coincident with the trade – meaning no settlement risk.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!