Biblio

In traditional virtual asset trading market, several risks, e.g. scams, cheating users, and market reach, have been pushed to users (sellers/buyers). Users need to decide who to trust; otherwise, no business. This fact impedes the growth of virtual asset trading market. In the past few years, several virtual asset marketplaces have embraced blockchain and smart contract technology to alleviate such risks, while trying to address privacy and scalability issues. To attain both speed and non-repudiation property for all transactions, existing blockchain-based exchange systems still cannot fully accomplish. In real-life trading, users use traditional contract to provide non-repudiation to achieve accountability in all committed transactions, so-called thorough non-repudiation. This is essential when dispute happens. To achieve similar thorough non-repudiation as well as privacy and scalability, we propose PEX, Privacy-preserved, multi-tier EXchange framework for cross platform virtual assets trading. PEX creates a smart contract for each virtual asset trading request. The key to address the challenges is to devise two-level distributed ledgers with two different types of quorums where one is for public knowledge in a global ledger and the other is for confidential information in a private ledger. A private quorum is formed to process individual smart contract and record the transactions in a private distributed ledger in order to maintain privacy. Smart contract execution checkpoints will be continuously written in a global ledger to strengthen thorough non-repudiation. PEX smart contract can be executed in parallel to promote scalability. PEX is also equipped with our reputation-based network to track contribution and discourage malicious behavior nodes or users, building healthy virtual asset ecosystem.

Establishing a digital identity plays a vital part in the digital era. It is crucial to authenticate and identify the users in order to perform online transactions securely. For example, internet banking applications normally require a user to present a digital identity, e.g., username and password, to allow users to perform online transactions. However, the username-password approach has several downsides, e.g., susceptible to the brute-force attack. Public key binding using Certificate Authority (CA) is another common alternative to provide digital identity. Yet, the public key approach has a serious drawback: all CAs in the browser/OS' CA list are treated equally, and consequently, all trusts on the certificates could be invalidated by compromising only a single root CA's private key. We propose a Real Digital Identity based approach, or RDI, on decentralized PKI scheme. The core idea relies on a combination of well-known parties (e.g., a bank, a government agency) to certify the identity, instead of relying on a single CA. These parties, collectively known as Trusted Source Certificate Authorities (TSCA), formed a network of CAs. The generated certificates are stored in the blockchain controlled by smart contract. RDI creates a digital identity that can be trusted based on the TSCAs' challenge/response and it is also robust against a single point of trust attack on traditional CAs.