An Evaluation of Cryptocurrency Payment Channel Networks and Their Privacy Implications
AAn Evaluation of Cryptocurrency Payment ChannelNetworks and Their Privacy Implications
Enes Erdin ∗ , Suat Mercan † , and Kemal Akkaya †∗ Department of Computer Science, University of Central Arkansas, Conway, AR 72035, USAEmail: { eerdin } @uca.edu † Dept. of Elec. and Comp. Engineering, Florida International University, Miami, FL 33174Email: { smercan,kakkaya } @fiu.edu Abstract —Cryptocurrencies redefined how money can bestored and transferred among users. However, independent ofthe amount being sent, public blockchain-based cryptocurrenciessuffer from high transaction waiting times and fees. Thesedrawbacks hinder the wide use of cryptocurrencies by masses.To address these challenges, payment channel network concept istouted as the most viable solution to be used for micro-payments.The idea is exchanging the ownership of money by keeping thestate of the accounts locally. The users inform the blockchainrarely, which decreases the load on the blockchain. Specifically,payment channel networks can provide transaction approvals inseconds by charging a nominal fee proportional to the paymentamount. Such attraction on payment channel networks inspiredmany recent studies which focus on how to design them andallocate channels such that the transactions will be secure andefficient. However, as payment channel networks are emergingand reaching large number of users, privacy issues are becomingmore relevant that raise concerns about exposing not onlyindividual habits but also businesses’ revenues. In this paper, wefirst propose a categorization of the existing payment networksformed on top of blockchain-backed cryptocurrencies. Afterdiscussing several emerging attacks on user/business privacy inthese payment channel networks, we qualitatively evaluate thembased on a number of privacy metrics that relate to our case.Based on the discussions on the strengths and weaknesses ofthe approaches, we offer possible directions for research for thefuture of privacy based payment channel networks.
Index Terms —Blockchain, Bitcoin, Lightning Network, Rout-ing Protocols, Payment Channel Network
I. I
NTRODUCTION
There are many modern money exchange systems such aspaper checks, credit/debit cards, automated clearing house(ACH) payments, bank transfers, or digital cash which areowned and regulated by financial institutions. Nevertheless,in the evolving world of trade, the movement of money isstill going through changes. The last decade witnessed theintroduction of
Bitcoin [1], a new paradigm-shifting innovationwhere the users control their own money without needinga trusted third party. In this model, the users are governingthe system by coming to a consensus for controlling thetransfer and the ownership of the money. Following the successof Bitcoin, new cryptocurrencies that offer new capabilitieswere introduced based on the idea of consensus-based accountmanagement [2], [3].In the following years, the initial success of cryptocurrencieswas hindered due to practical issues related its daily use. Basically, it was a very limited system in terms of scalabilityand its wide usage in simple daily transactions was quiteimpossible due to long waiting times, high disproportionaltransaction fees, and low throughput.Among many solutions payment channel idea arose asa well-accepted one for solving mentioned problems. Theidea is based on establishing off-chain links between partiesso that many of the transactions would not be written tothe blockchain each time. The payment channel idea laterevolved towards the establishment of payment channel net-works (PCN), where among many participants and channelsthe participants pay by using others as relays, essentiallyforming a connected network. This is in essence a
Layer-2 network application running on top of a cryptocurrency,which covers
Layer-1 services. A perfect example to PCNs isLightning Network (LN) [4] which uses Bitcoin and reachedto many users in a very short amount of time. Raiden [5],based on Ethereum, is another example for a successful PCN.The emergence of PCNs led to several research challenges.In particular, security of the off-chain payments is very im-portant as users can lose money or liability can be denied.In addition, efficiency of payment routing within the PCNwith large number of users is tackled. Such efforts pavedthe way for introducing many new PCNs in addition to LN.These PCNs rely on various cryptocurrencies and carry severalnew features. As these newly proposed PCNs become moreprominent there will be a heavy user and business involvementwhich will raise issues regarding their privacy just as the userprivacy on Internet. The difference is that on many cases,Internet privacy could be regulated but this will not be thecase for PCNs as their very idea is based on decentralization.For instance, a user will naturally want to stay anonymous tothe rest of the network while a business would like to keep itsrevenue private against its competitors.Therefore, in this paper, we investigate this very emergingissue and provide an analysis of current PCNs along withtheir privacy implications. We first categorize the PCNs in thelight of common network architectures and blockchain types.We then define user and business privacy within the contextof PCNs, and discuss possible attacks on the privacy of theparticipants. Specifically, we came up with novel privacy risksspecific to PCNs. Utilizing these attack scenarios, we latersurvey and evaluate thoroughly the existing PCNs in terms a r X i v : . [ c s . CR ] F e b f their privacy capabilities based on certain metrics. Thisis a novel qualitative evaluation to be able to compare whateach PCN is offering in terms of its privacy features. Finally,we offer potential future research issues that can be furtherinvestigated in the context of PCN privacy. Our work not onlyis the first to increase awareness regarding the privacy issuesin the emerging realm of PCNs but also will help practitionerson selecting the best PCN for their needs.The paper is organized as follows: Section II gives an intro-ductory background. Next, Section III categorizes the PCNsin the light of common network architectures and blockchaintypes. In Section IV we define the user and business privacy,discuss possible attacks on the privacy of the participants in thePCNs, and present an evaluation of state-of-the-art solutionsfor what they offer in terms of privacy. Section V offersdirections about the future research on privacy in PCNs andSection VI concludes the paper.II. B ACKGROUND
A. Blockchain
Blockchain is the underlying technology in cryptocurrency,that brings a new distributed database which is a public, trans-parent, persistent, and append-only ledger co-hosted by theparticipants. With various cryptographically verifiable meth-ods, called
Proof-of-X (PoX), each participant in the networkholds the power of moderation of the blockchain [6]. Asan example, Bitcoin and Ethereum, which jointly hold 75%of total market capitalization in the cryptocurrency world,utilize proof-of-work (PoW) mechanism where a participanthas to find a “block-hash-value” smaller than a jointly agreednumber. A block is an element with a limited size that storesthe transaction information. Each block holds the hash of thepreceding block which in the long run forms a chain of blocks,called, the blockchain. “Who-owns-what” information is em-bedded in the blockchain as transaction information. There-fore, the cohort of independent participants turns blockchaininto a liberated data/asset management technology free oftrusted third parties.
B. Cryptocurrency
Although it finds many areas, the most commonly usedapplication of blockchain technology is cryptocurrencies. A cryptocurrency is a cryptographically secure and verifiable cur-rency that can be used to purchase goods and services. In thispaper, we will use cryptocurrency and money interchangeably.Blockchain technology undoubtedly changed the way datacan be transferred, stored, and represented. Nonetheless, mak-ing a consensus on the final state of a distributed ledger hasdrawbacks. The first drawback is long transaction confirmationtimes. For example, in Bitcoin, a block is generated at aboutevery 10 minutes. As a heuristic Bitcoin users wait 6 blocksfor the finality of a transaction which yields almost 60 minutes.In Ethereum, time between blocks are shorter but users wait30 consecutive blocks which yields 10-15 minutes of waitingtime. Note that, as a block is limited in size, not only thethroughput will be limited, but also the total waiting time for the users will be longer during the congested times ofthe transfer requests. Nevertheless, if a user is in a hurry forapproval of its transaction, it will need to pay larger feesto miners than what its competitors pay. This brings us thesecond drawback of using blockchain for cryptocurrency. Theminer nodes, which generate and approve blocks, get fees fromthe users to include transactions in blocks. So when there iscongestion, a payer either has to offer more fee or she/he hasto wait more so that a miner picks her/his transaction request.
C. Smart Contracts
The ability to employ smart contracts is another feature thatmakes blockchain an unorthodox asset management technol-ogy. Smart contracts are scripts or bytecodes, which definehow transactions will take place based on the future eventsdefined within the contract. Smart contracts can be utilizedin conditional/unconditional peer-to-peer (P2P) transactions,voting, legal testament etc. As always, the duty of decision-making is on blockchain. Hence, the blockchain finalizes thetransaction outputs when the smart contracts are utilized too.III. PCN
S AND THEIR C ATEGORIZATION
A. Payment Channel Networks
Due to the scalability issues researchers have always beenin the search of solutions to make the cryptocurrency scalable.Among many offered solutions, the off-chain payment channelidea has attracted the most interest. To establish such achannel, two parties agree on depositing some money in amulti-signature (2-of-2 multi-sig) wallet with the designatedownership of their share. The multi-sig wallet is created by asmart contract where both parties sign. The smart contract,mediated by the blockchain, includes the participants’ ad-dresses, their share in the wallet, and information on how thecontract will be honored. Approval of the opening transactionin the blockchain initiates the channel. The idea is simple; thepayer side gives ownership of some of his/her money to theother side by locally updating the contract mutually. To closethe channel the parties submit “closing transaction” to theblockchain for it to honor the final state of the channel. Thus,each side receives its own share from the multi-sig wallet.Payment channels created among many parties make estab-lishment of multi-hop payments from a source to a destinationthrough intermediary nodes possible. As shown in Fig. 1,Alice-Charlie (A-C) and Charlie-Bob (C-B) have channels.Let, A-C and C-B are initialized when time is t . AlthoughAlice does not have a direct channel to Bob, she can still payBob via Charlie. At time t+x1 , Alice initiates a transfer of10 units to Bob. The money is destined to Bob over Charlie.When Charlie honors this transaction in the C-B channel bygiving 10 units to Bob, Alice gives 10 units of her share toCharlie in A-C channel. When the transfers are over, A-Cand C-B channels get updated. When time is t+x2 , Alicemakes another transaction (20 units) to Bob and the shares inthe channels get updated once again.Multi-hop payment concept enables the establishment of anetwork of payment channels among users, which is referred ig. 1. A Simple Multi-hop Payment. Alice can initiate a transfer to Bobutilizing channels between Alice-Charlie and Charlie-Bob. to as PCN as shown in Fig. 2. Current PCNs vary in terms ofwhat topologies they depend on and which layer-1 blockchaintechnology they utilize. We discuss this categorization next.We will then explain each of these PCNs in more detail andcategorize them in Section IV. Fig. 2. A PCN of end-users and relays acting as backbone.
B. PCN Architectures
In this section, we categorize the types of network architec-tures that can be used in PCNs.
1) Centralized Architecture:
In this type of network, thereis a central node, and users communicate with each other eitherover that central node or based on the rules received from thecentral node as shown in Fig. 3(a). From the governing pointof view, if an organization or a company can solely decide onthe connections, capacity changes, and flows in the network,then this architecture is called to be a centralized one.
2) Distributed Architecture:
In distributed networks, thereis no central node. As opposed to the centralized network, eachuser has the same connectivity, right to connect, and voice inthe network. A sample architecture is shown in Fig. 3(b).
3) Decentralized Architecture:
This type of architecture isa combination of the previous two types which is shown inFig. 3(c). In this architecture, there is no singular centralnode, but there are independent central nodes. When the childnodes are removed, central nodes’ connections look very muchlike a distributed architecture. However, when the view isconcentrated around one of the central nodes, a centralizedarchitecture is observed.
4) Federated Architecture:
Federated architecture soundsvery much like the federation of the states in the real worldand arguably lies somewhere between centralized and de-centralized networks. In a federated architecture, there aremany central nodes where they are connected to each otherin a P2P fashion. Then the remaining nodes (children) strictlycommunicate with each other over these central nodes whichvery much looks like a federation of centralized architectures.
Fig. 3. Network Types
C. Types of Blockchain Networks
In this section, we categorize the existing PCNs based onblockchain type they employ. There are mainly three types ofblockchains employed by PCNs:
1) Public Blockchain:
In a public blockchain, no bindingcontract or registration is needed to be a part of the network.Users can join or leave the network whenever they want.Consequently, the PCN will be open to anyone who wouldlike to use it.
2) Permissioned Blockchain:
Permissioned (i.e., Private)blockchain lays at the opposite side of the public blockchain,where the ledger is managed by a company/organization.Moreover, the roles of the nodes within the network are as-signed by the central authority. Not everybody can participateor reach to the resources in the permissioned blockchain. PCNsemploying permissioned blockchain will be “members-only”.
3) Consortium Blockchain:
Contrary to the permissionedblockchain, in consortium blockchain, the blockchain is gov-erned by more than one organization. From the centralizationpoint of view, this approach seems more liberal but the gov-ernance model of the blockchain slides it to the permissionedside. PCNs utilizing consortium blockchain will be similar topermissioned blockchain in terms of membership but in thiscase members will be approved by the consortium.V. P
RIVACY I SSUES IN
PCN S : M ETRICS AND E VALUATION
As PCNs started to emerge within the last few years, a lotof research has been devoted to make them efficient, robust,scalable and secure. However, as some of these PCNs startedto be deployed, they reached large number of users (i.e., LNhas over 10K users), which is expected to grow further. Suchgrowth brings several privacy issues that are specific to PCNs.We argue that there is a need to identify and understandprivacy risks in PCNs from both the users and businessesperspectives. Therefore, in this section, we first define theseprivacy metrics and explain possible privacy attacks in PCNs.We then summarize the existing PCNs to evaluate their privacycapabilities with respect to these metrics for the first time.
A. Privacy in PCNs
In its simplest form, data privacy or information privacy can be defined as the process which answers how storage,access, and disclosure of data take place. The PCN, in ourcase, needs to provide services ensuring that the users’ datawill not be exposed without their authorization. However, theuser data travels within the PCN through many other users.To address these issues, some PCN works aimed to hide thesender ( u s ) or receiver ( u r ) identity (i.e., anonymity ) whereassome others concentrated on strengthening the relationshipanonymity between sender and recipient. B. Attack Model and Assumptions
There are two types of attackers considered in this paper.The first attacker is an honest-but-curious (HBC) where theattacker acts honestly while running the protocols but stillcollects information passively during operations. The secondattacker of interest is the malicious attacker that controls morethan one node in the network to deviate from the protocols.These attacker types and how they can situate in the networkare shown in Fig. 4 as follows: (cid:13) The attacker is on thepath of a payment. (cid:13) The attacker is not on the path of aparticular payment but it can partially observe the changes inthe network. (cid:13) The attacker colludes with other nodes, forexample, to make packet timing analysis with sophisticatedmethods.
Fig. 4. Attackers can appear in the network in different places.
Based on these assumptions, we consider the followingpotential attacks for compromising privacy in PCNs: • Attacks on Sender/Recipient Anonymity :Sender/Recipient anonymity requires that the identityof the sender/recipient ( u s / u r ) should not be knownto the others during a payment. This is to protect theprivacy of the sender/recipient so that nobody can tracktheir shopping habits. There may be cases where anadversary may successfully guess the identity of thesender/recipient as follows: For case (cid:13) , the sender canhave a single connection to the network and next node isthe attacker, hence, the attacker is sure that u s is sender.For case (cid:13) the attacker may guess the sender/recipientby probing the changes in the channel balances. For case (cid:13) the attacker will learn the sender/recipient if it cancarry out a payment timing analysis within the partialnetwork formed by the colluded nodes. • Attack on Channel Balance Privacy.
To keep theinvestment power of a user/business private, the channelcapacities should be kept private in PCNs. The investmentamount in a channel would give hints about financialsituation of a user or its shopping preferences. More-over, if the capacity changes in the channels are known,tracing them causes indirect privacy leakages about thesenders/recipients. For instance, an attacker can initiatefake transaction requests. After gathering responses fromintermediary nodes, it can learn about the channel capac-ities. • Relationship Anonymity.
In some cases identities of u s or u r may be known. This is a very valid case forretailers because they have to advertise their identitiesto receive payments. However, if an attacker can relatethe payer to the payee, not only the spending habitsof the sender but also the the business model of therecipient will be learned. In such cases, the privacy of thetrade can be preserved by hiding the relationship betweenthe sender and recipient. Specifically, who-pays-to-whominformation should be kept private. • Business Volume Privacy.
For a retailer, publicly dis-closed revenue will yield the trade secrets of its business,which must be protected by the PCN. In that sense,privacy of every payments is important. Such paymentprivacy can be attacked as follows: In a scenario wheretwo or more nodes collude, the amount of a transactioncan be known to the attacker. In another scenario, if therecipient is connected to the network via a single channelthrough the attacker, then it will track all of the flowstowards the recipient.
C. State-of-the-art PCNs and their Privacy Evaluation
In this section, we briefly describe current studies whicheither present a complete PCN or propose revisions to thecurrent ones, then analyze their privacy capabilities based onour threat model. We provide a summary of the assessmentof the current PCNs’ categorizations and privacy features inTable I.
Lightning Network (LN) : LN [4] is the first deployedPCN which utilizes Bitcoin. It started in 2017 and by June
ABLE IQ
UALITATIVE E VALUATION OF P RIVACY F EATURES OF E XISTING
PCN S . N e t w o r k T yp e B l o c k c h a i n T yp e S e nd e r A nony m it y R ec i p i e n t A nony m it y C h a nn e l B a l a n ce P r i v ac y R e l a ti on s h i p A nony m it y B u s i n e ss V o l u m e P r i v ac y Lightning Network (HTLC) [4] Decentralized/Distributed PublicRaiden Network [5] Decentralized/Distributed AllSpider [ ? ] Decentralized/Centralized AllSilentWhispers [8] Decentralized/Centralized AllSpeedyMurmurs [9] Decentralized/Centralized PublicPrivPay [10] Decentralized/Centralized Permis-sionedBolt [11] Centralized PublicErdin et al. [12] Distributed/Federated AllAnonymous Multi-Hop Locks(AMHL) [13] Decentralized/Distributed Public: Partially satisfies OR can not defend against all mentioned attacks.: Fully satisfies.: Does not satisfy. “Hashed Time-Locked Contracts” (HTLC) for multi-hop transfer. The directional capacities inthe payment channels are not advertised but the total capacityin the channel is known for a sender to calculate a path. Thisprovides a partial channel balance privacy. The sender encryptsthe path by using the public keys of the intermediary nodes byutilizing “onion-routing” so that the intermediary nodes onlyknow the addresses of the preceding and the following nodes.None of the intermediary nodes can guess the origin or thedestination of the message by looking at the network packet. Raiden Network : Shortly after LN, Ethereum foundationannounced Raiden Network [5]. Raiden is the equivalent ofLN designed for transferring Ethereum ERC20 tokens andprovides the same privacy features. Although Ethereum is thesecond largest cryptoccurrency, that popularity is not reflectedwell in the Raiden Network. As of June 2020, Raiden serveswith 25 nodes and 54 channels. The advantage of Raiden overLN is, due to tokenization, users can generate their own tokensto create a more flexible trading environment.
Spider Network : Spider network [7] is a PCN which proposesapplying packet-switching based routing idea which is seenin traditional networks (e.g., TCP/IP). However, it is knownthat in packet-switching the source and the destination ofthe message should be embedded in the network packet. Thepayment is split into many micro-payments so that the channeldepletion problem gets eliminated. The authors also aimedhaving better-balanced channels. In this PCN, there are spiderrouters with special functionalities which communicate witheach other and know the capacities of the channels in thenetwork. The sender sends the payment to a router. When the packet arrives at a router, it is queued up until the fundson candidate paths are satisfactory to resume the transaction.The authors do not mention privacy, and plan utilizing onion-routing as a future work. The micro-payments might followseparate paths, which would help keeping business volumeprivate if the recipients were kept private. Additionally, hijackof a router will let an attacker learn everything in the network.
SilentWhispers : SilentWhispers [8] utilizes landmark routingwhere landmarks are at the center of the payments. In theirattack model, either the attacker is not on the payment path ora landmark is HBC. Here, landmarks know the topology butthey do not know all of the channel balances. When senderwants to send money to a recipient, she/he communicates withthe landmarks for her/his intent. Then landmarks start commu-nicating with the possible nodes from “sender-to-landmark” tothe “landmark-to-recipient” to form a payment path. Each nodein the path discloses the channel balance availability for therequested transfer amount to the landmarks. Then landmarksdecide on the feasibility of the transaction by doing multi-partycomputation. In SilentWhispers, the sender and the receiverare kept private but the landmarks know the sender-recipientpair. The payment amount is also private for the nodes whodo not take part in the transaction. Moreover, the balances ofthe channels within the network are kept private. Althoughcentralization is possible, the approach is decentralized andlandmarks are trusted parties.
SpeedyMurmurs : SpeedyMurmurs [9] is a routing protocol,specifically an improvement for LN. In SpeedyMurmurs, thereare well-known landmarks like in SilentWhispers. The differ-ence of this approach is that the nodes on a candidate pathexchange their neighbors’ information anonymously. So if aode is aware of a path closer to the recipient, it forwardsthe payment in that direction, called “shortcut path”. In ashortcut path, an intermediary node does not necessarily knowthe recipient but knows a neighbor close to the recipient.SpeedyMurmurs hides the identities of the sender and therecipient by generating anonymous addresses for them. Inter-mediary nodes also hide the identities of their neighbors bygenerating anonymous addresses. Although it may be complex,applying de-anonymization attacks on the network will turn itinto SilentWhispers. This is because, while the algorithm isa decentralized approach, with unfair role distribution, it mayturn into a centralized approach.
PrivPay : PrivPay [10] is a hardware-oriented version ofSilentWhispers. The calculations in the landmark are donein tamper-proof trusted hardware. Hence, the security andprivacy of the network are directly related to the soundnessof the trusted hardware which may also bring centralization.In PrivPay, sender privacy is not considered. Receiver privacyand business volume privacy is achieved by misinformation.When an attacker constantly tries to query data from othernodes the framework starts to produce probabilistic results.
Bolt:
Bolt [11] is a hub-based payment system. That is, thereis only one intermediary node between sender and recipient.Bolt assumes zero-knowledge proof based cryptocurrencies.It does not satisfy privacy in multi-hop payments, however, itsatisfies very strong relationship anonymity if the intermediarynode is honest. On the other hand, being dependant on a singlenode makes this approach a centralized one.
Permissioned Bitcoin PCN : In PCNs, if the network topologyis not ideal, e.g., star topology, some of the nodes may learnabout the users and payments. To this end, the authors in [12]propose a new topological design for a permissioned PCN suchthat the channels’ depletion can be prevented. They come upwith a real use case where a consortium of merchants createa full P2P topology and the customers connect to this PCNthrough merchants which undertakes the financial load of thenetwork to earn money. The privacy of the users in the PCN issatisfied by LN-like mechanisms. The authors also investigatehow initial channel balances change while the sender/receiverprivacy and the relationship anonymity can be satisfied byenforcing at least 3-hops in a multi-hop payment.
Anonymous Multi-Hop Locks (AMHL) : In AMHL proposal[13], the authors offer a new HTLC mechanism for PCNs.On a payment path, the sender agrees to pay some servicefee to each of the intermediaries for their service. However,if two of these intermediaries maliciously collude they caneliminate honest users in the path and consequently steal theirfees. In order to solve this, they introduce another communi-cation phase in which the sender distributes a one-time-keyto the intermediary nodes. Although the HTLC mechanismis improved for the security of the users the sender’s privacyis not protected; each of the intermediaries learns the sender.However, relationship anonymity can still be satisfied. V. F
UTURE R ESEARCH I SSUES IN
PCN S Privacy in PCNs is an understudied topic and there are manyopen issues that need to be addressed as a future research. Inthis section, we summarize these issues:
Abuse of the PCN protocols.
As most of the PCNs rely onpublic cryptocurrencies, whose protocol implementations arepublic. This freedom can be abused such that by changingsome parameters and algorithms in the design, an attackercan behave differently than what is expected. This will bringprivacy leakages and censorship in the network. A topologicalreordering of the network will help solve this problem. If asender gets suspicious about an intermediary node, it can lookfor alternatives instead of using that node.
Discovery of Colluding Nodes.
When the nodes collude ina PCN, they can extract more information about the users.To prevent this, the protocols should be enriched to discoverthe colluding nodes or by adding redundancy to the protocols,colluding nodes can be confused.
Policy Development.
The cryptocurrency and PCN idea is stillin the early phases of their lives. Hence, policy and regulationfor not only the security of the participants but also for theprivacy of them is highly needed in this domain. This will alsocreate a quantitative metric for the researchers to measure thesuccess of their proposals.
Impact of Scalability on Privacy.
One of the aims for intro-ducing PCNs was making the cryptocurrencies more scalable.For example, LN advises running the Barabasi-Albert scale-free network model while establishing new connections [15].Thus, the final state of the network can impose centralizationwhich will have adverse effects on the privacy of the nodes inthe network.
Integration of IoTs with PCNs.
Use of IoT devices forpayments are inevitable. Aside from the fact that most IoTdevices are not powerful to run a full node, security andprivacy of the payments and the device identities withinthe IoT ecosystem needs to be studied. These devices areanticipated to be able to participate in the network throughgateways. Revelation of device ownership will reveal the realidentity of the users to the public which is a big threat onprivacy.
Privacy in Permissioned PCNs.
While establishing a networkof merchants in permissioned PCNs, the merchants should atleast disclose their expected trade volume in order to establisha dependable network. This will, however, yield trade secretsof the merchants. To prevent this, zero-knowledge proof basedmulti-party communication can be explored.VI. C
ONCLUSION