Paper 2023/122

SoK: Privacy-Enhancing Technologies in Finance

Carsten Baum, Technical University of Denmark
James Hsin-yu Chiang, Technical University of Denmark
Bernardo David, IT University of Copenhagen
Tore Kasper Frederiksen, Zama
Abstract

Recent years have seen the emergence of practical advanced cryptographic tools that not only protect data privacy and authenticity, but also allow for jointly processing data from different institutions without sacrificing privacy. The ability to do so has enabled implementations a number of traditional and decentralized financial applications that would have required sacrificing privacy or trusting a third party. The main catalyst of this revolution was the advent of decentralized cryptocurrencies that use public ledgers to register financial transactions, which must be verifiable by any third party, while keeping sensitive data private. Zero Knowledge (ZK) proofs rose to prominence as a solution to this challenge, allowing for the owner of sensitive data (e.g. the identities of users involved in an operation) to convince a third party verifier that a certain operation has been correctly executed without revealing said data. It quickly became clear that performing arbitrary computation on private data from multiple sources by means of secure Multiparty Computation (MPC) and related techniques allows for more powerful financial applications, also in traditional finance. In this SoK, we categorize the main traditional and decentralized financial applications that can benefit from state-of-the-art Privacy-Enhancing Technologies (PETs) and identify design patterns commonly used when applying PETs in the context of these applications. In particular, we consider the following classes of applications: 1. Identity Management, KYC & AML; and 2. Markets & Settlement; 3. Legal; and 4. Digital Asset Custody. We examine how ZK proofs, MPC and related PETs have been used to tackle the main security challenges in each of these applications. Moreover, we provide an assessment of the technological readiness of each PET in the context of different financial applications according to the availability of: theoretical feasibility results, preliminary benchmarks (in scientific papers) or benchmarks achieving real-world performance (in commercially deployed solutions). Finally, we propose future applications of PETs as Fintech solutions to currently unsolved issues. While we systematize financial applications of PETs at large, we focus mainly on those applications that require privacy preserving computation on data from multiple parties.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
privacy enhancing technologymultiparty computationzero-knowledgefinanceblockchainweb3
Contact author(s)
cabau @ dtu dk
jachiang @ ucla edu
bernardo @ bmdavid com
jot2re @ gmail com
History
2023-06-16: revised
2023-02-02: received
See all versions
Short URL
https://ia.cr/2023/122
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/122,
      author = {Carsten Baum and James Hsin-yu Chiang and Bernardo David and Tore Kasper Frederiksen},
      title = {{SoK}: Privacy-Enhancing Technologies in Finance},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/122},
      year = {2023},
      url = {https://eprint.iacr.org/2023/122}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.