PhD Defence Notice: "Privacy-Preserving and Regulation-Enabled Mechanisms for Blockchain-based Financial Services" by Liang Xue

Tuesday, August 30, 2022 10:00 am - 10:00 am EDT (GMT -04:00)

Candidate: Liang Xue

Title: Privacy-Preserving and Regulation-Enabled Mechanisms for Blockchain-based Financial Services

Date: August 30, 2022

Time: 10:00 am

Place: REMOTE

Supervisor(s): Shen, Sherman - Lin, Xiaodong (Adjunct)

Abstract:

With the success of cryptocurrencies such as Bitcoin, blockchain technology has attracted extensive attention from both academia and industry. As a distributed ledger technology, blockchain provides decentralization and immutability, and can build trust among multiple parties. Owning to these unique characteristics, blockchain has become an innovative approach to secure and reliable record-keeping and transaction execution, and has the potential to revolutionize the financial industry and drive economic change on a global scale. For example, it can streamline banking and lending services, enable decentralized trading, and facilitate cross-border payment transactions. Although blockchain is expected to create a new paradigm for the financial industry, transactions stored on the blockchain are shared among the nodes in the blockchain network, which may contain sensitive information of users, such as the identities of senders and receivers, and the contents of transactions. Thus, privacy preservation should be achieved when applying blockchain to different financial services. Many privacy-preserving mechanisms have been proposed to guarantee identity privacy and data confidentiality for blockchain-based transactions. However, the strong degree of privacy may create new regulatory concerns. First, in privacy-preserving mortgage lending, there exists double mortgage fraud, by which a borrower can use the same asset as collateral to obtain multiple loans from different financial institutions. Second, in decentralized data trading, data buyers may refuse to pay funds to data sellers after obtaining data, and data sellers may send fake data to data buyers. Verifying data availability and retrievability without viewing data before payment for fair trading is a challenging issue. Moreover, the identity privacy of data sellers should be preserved during the trading. Third, in privacy-preserving blockchain-based payment systems, the identities of the payer, payee, and transferred amount are protected. Nevertheless, the anonymity of transactions can be exploited for illegal activities, such as money laundering. Thus, considering the strict regulatory requirements of the financial industry, such as limiting the amount of cryptocurrency transferred over a period of time, privacy preservation and regulation should be balanced in blockchain-based financial services. In this thesis, we focus on three major blockchain-based financial services to concentrate on how to solve the dilemma between privacy protection and strict regulatory requirements at various phases in the fund flow, which are lending, trading, and payment. Firstly, the thesis investigates the borrower privacy and double-mortgage regulation issues in mortgage lending, and proposes a blockchain-based privacy-preserving and accountable mortgage data management scheme. In the scheme, the mortgage data of borrowers can be shared on the blockchain to detect the double-mortgage fraud without revealing the identity of borrowers. But financial institutions can still uncover the identity of a dishonest borrower if he/she pledges the same asset for multiple mortgages, which is achieved by integrating cryptographic tools such as verifiable secret sharing, zero-knowledge proof, and ElGamal encryption. A mortgage request contains a share of identity information of the borrower and the ownership certificate of an asset. By utilizing ElGamal encryption and verifiable secret sharing, the borrower can prove that its identity information is indeed included in the mortgage request and can be used to reconstruct its identity when double-mortgage behavior is detected. Secondly, the thesis investigates the identity privacy and trading-misbehavior regulation in blockchain-based data trading. Blockchain can build trust between data buyers and data sellers. To resolve the fairness issue of demonstrating data availability and retrievability without leaking data while preserving identity privacy of data sellers, we propose a blockchain-based fair data trading protocol with privacy preservation, where a data buyer can declare data requirements and acceptable issuers of data, and a data seller can conduct privacy-preserving and fine-grained data selling. We first define the fairness and privacy demands for both parties. By incorporating anonymous attribute-based credentials, structure-preserving signatures, and zero-knowledge proofs, data can be traded in part while data authenticity is guaranteed and data issuers are hidden. A smart contract is utilized to realize atomic transactions. Security proof is provided to demonstrate that the scheme can achieve privacy preservation and fairness for the participants. Thirdly, the thesis investigates the transaction privacy and anti-money laundering regulation issues in distributed anonymous payment (DAP) systems. To solve the conflict between privacy and regulation, we propose a novel DAP scheme that supports regulatory compliance and enforcement. We first introduce regulators into the system, who define regulatory policies, including limiting the total amount of cryptocurrency one can transfer and the frequency of transactions one can conduct in a time period. The policies are enforced through commitments and non-interactive zero-knowledge proofs for compostable statements. By this, users can prove that transactions are valid and comply with regulations. We use both Zero-knowledge Succinct Non-Interactive Arguments of Knowledge (Zk-SNARKs) and sigma protocols to generate the zero-knowledge proofs for regulation compliance. A tracing mechanism is designed in the scheme to allow regulators to recover the real identities of users when suspicious transactions are detected. To sum up, privacy preservation and regulatory compliance are critical issues that need to be resolved in blockchain-based financial services. The thesis proposes effective privacy preserving and regulation-enabled solutions in blockchain-based lending, data trading, and anonymous payment. The results from the thesis may shed light on future research on blockchain-based systems where privacy preservation and regulation are required.