Why would ‘zero knowledge’ ever be a good thing? Surely it’s better to know things than not? This was my reaction when I first heard some unfortunate soul first try to explain the basis of Zero Knowledge technology to me (Ivan Goldensohn, thank you). Anyway, thankfully, I heard what he had to say, and that conversation sowed the seeds for the next year of building and developing technology that has the potential to change the way derivatives are traded and cleared.
What do we mean when talking about Zero Knowledge Computing?
[Data scientists and cryptography experts, please forgive my inferior finance-y mind and my somewhat ‘Zero Knowledge Computations for toddlers’ level explanation]
Essentially, the above term is properly encompassed by the more accurate phrase ‘computation over encrypted data’, and we will be sharing insights provided by some of the experts in this field, including Enigma (one of our partners). It allows me to do calculations on data, without ever seeing it. Crazy huh? But then, why should my scummy landlord get piles of hugely sensitive and private data when all he really ought to be able to get is a guarantee that I am who I say I am and that I can afford to live there? We could, instead, run calculations on my private data, but not ever reveal that private data, keeping his grubby hands off my social security number and pay slips. (Bit harsh, my landlord’s quite nice, but you get my point).
Let’s say I’m Google, and I’m sitting on a huge pool of user data that’s private, and I’m not allowed to look at that. To Google, that’s like looking at big pile of money that I can’t touch. But what if I could get aggregate data from that pool of data, without revealing any private data? So, for example, I wouldn’t be able to see who went to France last year, but I’d be able to find out how many people visited. So, that way I wouldn’t be invading your privacy and sending you ads of baguettes the two weeks after you left France, but instead be able to provide useful data to travel companies, restaurants, airlines etc.
So, clearly we have applications for this technology/alchemy if we could get it to work in a practical way. For finance, it has the scope to transform a lot of (very expensive) intermediation that is usually required for that sole purpose — to make it easy for people to transact and move money around, without opening up the kimono so everyone can measure you up.
The Tech
Researchers at MIT first started developing the concept of a zero-knowledge proof in the 1980s. But it has evolved and grown significantly, and there are a number of ways now to do computations on encrypted data, all with different trade-offs and flaws. Here we look at all the main methods of computing on encrypted data:
Homomorphic Encryption
Homomorphic Encryption is an encryption scheme which allows computations to be performed on encrypted data without corrupting their features or format. It’s actually been around for a long time (since 1982) but with serious limitations on capabilities and efficiency. In 2009, Craig Gentry came up with Full Homomorphic Encryption (FHE), and the capabilities part of the Homomorphic Encryption problem was solved for. Now we can perform any type of operation, an unlimited number of times on encrypted data.
Now for efficiency — advances in FHE have been accelerated by the likes of Microsoft and IBM, and new methods to improve efficiency are making FHE faster and more scalable. However, FHE still isn’t at a speed required for trading-related applications. At Credora (formerly X-Margin), we need to be able to process encrypted data at a speed that allows us to keep up with sharp movements in the market, so sadly this won’t do.
Secure Multi-Party Computation (MPC)
Let’s think about the problem we are trying to solve again — We need to send private data to some supercomputer or central third party for it to do certain computations, without ever allowing my private data to be compromised in any way. So, that doesn’t exist in the real world, and our previous attempt (FHE) isn’t quick enough yet. MPC is the distributed world’s answer to this problem.
We create a network of ‘untrusted’ nodes (either decentralized or delegated nodes), and send them encrypted, meaningless parts of the data — never the full picture. The most common form of MPC uses secret sharing to put together the encrypted data. Secret sharing essentially involves reconstructing the output which is only possible when at least a certain number of parts are put back together. Provided the nodes do not collude, MPC gives the benefits of FHE, but can do so at a greater speed than FHE.
Whilst MPC is constantly improving its speeds with innovation and various preprocessing techniques to lower computational burden, the speed and scalability of it as a solution is still a work in progress (see this article). However, there are some excellent firms working in this space who we are working with, and have finessed a combination of these techniques to make a practical and faster solution.
Trusted Execution Environments (TEE)
TEEs are the hardware solution to this privacy problem. TEEs are secure pieces of hardware designed to protect the data from leaking outside the hardware itself. TEEs generally use Intel’s Software Guard Extensions (SGX), a set of processor instructions and features for creating a secure enclave in which code can be executed without scrutiny or interference from any other software — not even the operating system nor hypervisor can look in. The key assumption here is that the TEE has not been compromised, and careful steps need to be taken to a) ensure that no hardware is manipulated by external sources, b) no private data is leaked by the TEE. The upshot of TEE is that its significantly faster than MPC and FHE, and is able to process data at impressive speeds and at scale.
Zero Knowledge Proofs (ZKPs)
Most people, when they hear the words ‘Zero Knowledge Computations’ or ‘Zero Knowledge Clearing’ immediately ask me ‘you mean like zero knowledge proofs, right?’. It’s a fair question, and the answer is almost always ‘Sure, sort of. But not really’. Zero Knowledge Computations are to Zero Knowledge Proofs what Sherpas are to sherpas - all Sherpas aren’t sherpas, but almost all sherpas are Sherpas.
ZKPs are a type of secure computation that focus on binary outputs that prove or disprove statements. ZKPs allows some prover to prove something to the verifier without revealing any further information. E.g. authentication — prove my identity by proving that I have some key that only I would have, but prove it without actually revealing the key. Whilst sharing similarities with MPC (both use multiple parties, both are used for privacy preservation), ZKPs have a different, much narrower use case. In fact, ZKP is used internally within nodes doing broader MPC, and MPC is used to facilitate ZKPs. One popular example is zk-SNARKs — used for creating a private cryptocurrency that can encrypt transactional entries into a ledger, whilst ensuring that no double spend occurs.
“Zero-knowledge is probably the most useful technology we’ve got, and we’ve barely begun to use it,” Johns Hopkins’ cryptographer, Matthew Green says. “There’s a lot more that we can probably figure out to do with it, but at the moment we’re just groping around.”
Well, one of those use cases is clearing within financial markets.
Zero Knowledge Cross Margin
The problem
One of the major pain points faced by trading firms, especially derivatives trading firms, is that they trade across multiple venues and have to post collateral at each place, resulting in an average of 3–4 times the collateral required. This is a multi-billion (if not trillion) dollar problem. Moreover, for cryptocurrency derivatives, there’s custody risk at each venue you trade at. In traditional finance, we simply get one of the bigger firms to sit in the middle for every trade (as a central counterparty). They provide cross-margin (capital reduction across offsetting positions) to users, and must ensure on a daily basis that the users have posted enough money with them for the current position. Whilst holding no real position themselves, that daily re-evaluation means they have credit risk with every user to make sure the users aren’t now over-extending.
‘What’s wrong with this?’, I hear you ask.
Well, outside of it being expensive and inefficient, it tends to work if the participants are very credit-worthy, and the central counterparty is extremely trustworthy themselves. Moreover, the markets this can facilitate must be big enough to make it worth their while to sit in the middle as a central counterparty, and the risk models used must be approved by the central counterparty as they need to be comfortable with the risk they allow their users to take.
The Solution
Credora is a distributed cross margining solution — a way to cross-margin and settle across multiple trading venues using zero knowledge technology, avoiding the need for a central counterparty. So we:
- Are magnitudes cheaper to run
- Don’t need a central counterparty — all trades can remain bilateral, but where you are all giving each other cross-margin, knowing you’re all good for it, without needing to know why or how.
- Are able to monitor margin usage on a second by second basis, meaning no need for credit risk
- Are able to scale across any asset class, as our low cost model allows us to charge a fraction of other centralized clearing firms profitably
- Allow users to use any risk methodology that both sides of the trade are comfortable with (because, remember, we aren’t the central counterparty, we are allowing users to get capital relief with each other but in a zero knowledge way)
- Allow users to use a compatible custodian or bank so they can be sure their funds are safe
How do we do this?
First, every partner trading venue that our users trade at encrypts their position, and then sends this encrypted position to us. We then use a mixture of the above methods (MPC and TEE). We send this encrypted data to a group of TEEs in a network of delegated nodes (our own proprietary, ultra-fast network). The TEEs then run all the different risk calculations, and send the margin requirement back to the user, verifying across nodes that the output is correct. The output is the ‘margin required’ for every user — this amount is then locked away with the custodian to ensure enough funds are always callable within Credora.
Essentially we replicate all the functions a central clearer may do, but do so without requiring to be your counterparty, and then send instructions to your custodian for settlement and locking away funds, instead of actually holding the funds ourselves. So to summarize, with ZK technology, Credora allows traders to:
- Get capital efficiency across venues (OTC or exchanges)
- Avoid having a central counterparty they need to trust
- Keep their funds in a custodian or compatible bank of their choice
We recently finished our proof of concept, where we clear live cash-settled OTC derivatives on cryptocurrencies i.e. your funds sit with your chosen custodian but Credora allows portfolio margin across multiple counterparties, clearing and settling funds automatically. We are working hard to have an MVP by November.
We also released an API for derivatives mark-to-markets thats free to use, which OTC derivatives traders can use to be able to value their bespoke options and forwards book 24/7 (Thanks to Deribit for the solid foundational data).
We believe that solving for clearing can help this nascent but developing market grow even faster. Zero Knowledge technology can help do this, removing the need for inefficient intermediaries, and transforming the derivatives clearing industry in general.
If you’d like to learn more about Credora, give us feedback, or be part of our project, please contact us at darshan@credora.io