SoK: Privacy-Enhancing Technologies in Finance

Carsten Baum; James Hsin Yu Chiang; Bernardo David; Tore Kasper Frederiksen

doi:10.4230/LIPIcs.AFT.2023.12

SoK: Privacy-Enhancing Technologies in Finance

Carsten Baum, James Hsin Yu Chiang, Bernardo David, Tore Kasper Frederiksen

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

80 Downloads (Orbit)

Abstract

Recent years have seen the emergence of practical advanced cryptographic tools that not only protect data privacy and authenticity, but also allow for jointly processing data from different institutions without sacrificing privacy. The ability to do so has enabled implementations of a number of traditional and decentralized financial applications that would have required sacrificing privacy or trusting a third party. The main catalyst of this revolution was the advent of decentralized cryptocurrencies that use public ledgers to register financial transactions, which must be verifiable by any third party, while keeping sensitive data private. Zero Knowledge (ZK) proofs rose to prominence as a solution to this challenge, allowing for the owner of sensitive data (e.g. the identities of users involved in an operation) to convince a third party verifier that a certain operation has been correctly executed without revealing said data. It quickly became clear that performing arbitrary computation on private data from multiple sources by means of secure Multiparty Computation (MPC) and related techniques allows for more powerful financial applications, also in traditional finance. In this SoK, we categorize the main traditional and decentralized financial applications that can benefit from state-of-the-art Privacy-Enhancing Technologies (PETs) and identify design patterns commonly used when applying PETs in the context of these applications. In particular, we consider the following classes of applications: 1. Identity Management, KYC & AML; 2. Markets & Settlement; 3. Legal; and 4. Digital Asset Custody. We examine how ZK proofs, MPC and related PETs have been used to tackle the main security challenges in each of these applications. Moreover, we provide an assessment of the technological readiness of each PET in the context of different financial applications according to the availability of: theoretical feasibility results, preliminary benchmarks (in scientific papers) or benchmarks achieving real-world performance (in commercially deployed solutions). Finally, we propose future applications of PETs as Fintech solutions to currently unsolved issues. While we systematize financial applications of PETs at large, we focus mainly on those applications that require privacy preserving computation on data from multiple parties.

Original language	English
Title of host publication	Proceedings of 5^th Conference on Advances in Financial Technologies
Publisher	Schloss Dagstuhl-Leibniz-Zentrum fuer Informati
Publication date	2023
Pages	12:1–12:30
DOIs	https://doi.org/10.4230/LIPIcs.AFT.2023.12
Publication status	Published - 2023
Event	5^th Conference on Advances in Financial Technologies - Princeton University, Princeton, United States Duration: 23 Oct 2023 → 25 Oct 2023 https://aftconf.github.io/aft23/index.html

Conference

Conference	5^th Conference on Advances in Financial Technologies
Location	Princeton University
Country/Territory	United States
City	Princeton
Period	23/10/2023 → 25/10/2023
Internet address	https://aftconf.github.io/aft23/index.html

Series	Leibniz International Proceedings in Informatics, LIPIcs
Volume	282
ISSN	1868-8969

Keywords

Anti-money laundering
DeFi
FHE
MPC
PETs
identity management

Access to Document

10.4230/LIPIcs.AFT.2023.12

FulltextFinal published version, 902 KB

OpenUrl availability

Full text

Cite this

@inproceedings{f766f534637f4745a796b777cf5bf0f4,

title = "SoK: Privacy-Enhancing Technologies in Finance",

abstract = "Recent years have seen the emergence of practical advanced cryptographic tools that not only protect data privacy and authenticity, but also allow for jointly processing data from different institutions without sacrificing privacy. The ability to do so has enabled implementations of a number of traditional and decentralized financial applications that would have required sacrificing privacy or trusting a third party. The main catalyst of this revolution was the advent of decentralized cryptocurrencies that use public ledgers to register financial transactions, which must be verifiable by any third party, while keeping sensitive data private. Zero Knowledge (ZK) proofs rose to prominence as a solution to this challenge, allowing for the owner of sensitive data (e.g. the identities of users involved in an operation) to convince a third party verifier that a certain operation has been correctly executed without revealing said data. It quickly became clear that performing arbitrary computation on private data from multiple sources by means of secure Multiparty Computation (MPC) and related techniques allows for more powerful financial applications, also in traditional finance. In this SoK, we categorize the main traditional and decentralized financial applications that can benefit from state-of-the-art Privacy-Enhancing Technologies (PETs) and identify design patterns commonly used when applying PETs in the context of these applications. In particular, we consider the following classes of applications: 1. Identity Management, KYC & AML; 2. Markets & Settlement; 3. Legal; and 4. Digital Asset Custody. We examine how ZK proofs, MPC and related PETs have been used to tackle the main security challenges in each of these applications. Moreover, we provide an assessment of the technological readiness of each PET in the context of different financial applications according to the availability of: theoretical feasibility results, preliminary benchmarks (in scientific papers) or benchmarks achieving real-world performance (in commercially deployed solutions). Finally, we propose future applications of PETs as Fintech solutions to currently unsolved issues. While we systematize financial applications of PETs at large, we focus mainly on those applications that require privacy preserving computation on data from multiple parties.",

keywords = "Anti-money laundering, DeFi, FHE, MPC, PETs, identity management",

author = "Carsten Baum and Chiang, {James Hsin Yu} and Bernardo David and Frederiksen, {Tore Kasper}",

year = "2023",

doi = "10.4230/LIPIcs.AFT.2023.12",

language = "English",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl-Leibniz-Zentrum fuer Informati",

pages = " 12:1–12:30",

booktitle = "Proceedings of 5th Conference on Advances in Financial Technologies",

note = "5<sup>th</sup> Conference on Advances in Financial Technologies, AFT 2023 ; Conference date: 23-10-2023 Through 25-10-2023",

url = "https://aftconf.github.io/aft23/index.html",

}

Baum, C, Chiang, JHY, David, B & Frederiksen, TK 2023, SoK: Privacy-Enhancing Technologies in Finance. in Proceedings of 5^th Conference on Advances in Financial Technologies. Schloss Dagstuhl-Leibniz-Zentrum fuer Informati, Leibniz International Proceedings in Informatics, LIPIcs, vol. 282, pp. 12:1–12:30, 5^th Conference on Advances in Financial Technologies, Princeton, New Jersey, United States, 23/10/2023. https://doi.org/10.4230/LIPIcs.AFT.2023.12

SoK: Privacy-Enhancing Technologies in Finance. / Baum, Carsten; Chiang, James Hsin Yu; David, Bernardo et al.
Proceedings of 5^th Conference on Advances in Financial Technologies. Schloss Dagstuhl-Leibniz-Zentrum fuer Informati, 2023. p. 12:1–12:30 (Leibniz International Proceedings in Informatics, LIPIcs, Vol. 282).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - SoK: Privacy-Enhancing Technologies in Finance

AU - Baum, Carsten

AU - Chiang, James Hsin Yu

AU - David, Bernardo

AU - Frederiksen, Tore Kasper

PY - 2023

Y1 - 2023

N2 - Recent years have seen the emergence of practical advanced cryptographic tools that not only protect data privacy and authenticity, but also allow for jointly processing data from different institutions without sacrificing privacy. The ability to do so has enabled implementations of a number of traditional and decentralized financial applications that would have required sacrificing privacy or trusting a third party. The main catalyst of this revolution was the advent of decentralized cryptocurrencies that use public ledgers to register financial transactions, which must be verifiable by any third party, while keeping sensitive data private. Zero Knowledge (ZK) proofs rose to prominence as a solution to this challenge, allowing for the owner of sensitive data (e.g. the identities of users involved in an operation) to convince a third party verifier that a certain operation has been correctly executed without revealing said data. It quickly became clear that performing arbitrary computation on private data from multiple sources by means of secure Multiparty Computation (MPC) and related techniques allows for more powerful financial applications, also in traditional finance. In this SoK, we categorize the main traditional and decentralized financial applications that can benefit from state-of-the-art Privacy-Enhancing Technologies (PETs) and identify design patterns commonly used when applying PETs in the context of these applications. In particular, we consider the following classes of applications: 1. Identity Management, KYC & AML; 2. Markets & Settlement; 3. Legal; and 4. Digital Asset Custody. We examine how ZK proofs, MPC and related PETs have been used to tackle the main security challenges in each of these applications. Moreover, we provide an assessment of the technological readiness of each PET in the context of different financial applications according to the availability of: theoretical feasibility results, preliminary benchmarks (in scientific papers) or benchmarks achieving real-world performance (in commercially deployed solutions). Finally, we propose future applications of PETs as Fintech solutions to currently unsolved issues. While we systematize financial applications of PETs at large, we focus mainly on those applications that require privacy preserving computation on data from multiple parties.

AB - Recent years have seen the emergence of practical advanced cryptographic tools that not only protect data privacy and authenticity, but also allow for jointly processing data from different institutions without sacrificing privacy. The ability to do so has enabled implementations of a number of traditional and decentralized financial applications that would have required sacrificing privacy or trusting a third party. The main catalyst of this revolution was the advent of decentralized cryptocurrencies that use public ledgers to register financial transactions, which must be verifiable by any third party, while keeping sensitive data private. Zero Knowledge (ZK) proofs rose to prominence as a solution to this challenge, allowing for the owner of sensitive data (e.g. the identities of users involved in an operation) to convince a third party verifier that a certain operation has been correctly executed without revealing said data. It quickly became clear that performing arbitrary computation on private data from multiple sources by means of secure Multiparty Computation (MPC) and related techniques allows for more powerful financial applications, also in traditional finance. In this SoK, we categorize the main traditional and decentralized financial applications that can benefit from state-of-the-art Privacy-Enhancing Technologies (PETs) and identify design patterns commonly used when applying PETs in the context of these applications. In particular, we consider the following classes of applications: 1. Identity Management, KYC & AML; 2. Markets & Settlement; 3. Legal; and 4. Digital Asset Custody. We examine how ZK proofs, MPC and related PETs have been used to tackle the main security challenges in each of these applications. Moreover, we provide an assessment of the technological readiness of each PET in the context of different financial applications according to the availability of: theoretical feasibility results, preliminary benchmarks (in scientific papers) or benchmarks achieving real-world performance (in commercially deployed solutions). Finally, we propose future applications of PETs as Fintech solutions to currently unsolved issues. While we systematize financial applications of PETs at large, we focus mainly on those applications that require privacy preserving computation on data from multiple parties.

KW - Anti-money laundering

KW - DeFi

KW - FHE

KW - MPC

KW - PETs

KW - identity management

U2 - 10.4230/LIPIcs.AFT.2023.12

DO - 10.4230/LIPIcs.AFT.2023.12

M3 - Article in proceedings

T3 - Leibniz International Proceedings in Informatics, LIPIcs

SP - 12:1–12:30

BT - Proceedings of 5th Conference on Advances in Financial Technologies

PB - Schloss Dagstuhl-Leibniz-Zentrum fuer Informati

T2 - 5<sup>th</sup> Conference on Advances in Financial Technologies

Y2 - 23 October 2023 through 25 October 2023

ER -

SoK: Privacy-Enhancing Technologies in Finance

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this