Cryptocurrency exchanges use proofs of liabilities (PoLs) to prove to their customers their liabilities committed on-chain, thereby enhancing their trust in the service. Unfortunately, a close examination of currently deployed and academic PoLs reveals significant shortcomings in their designs. For instance, existing schemes cannot resist realistic attack scenarios in which the provider colludes with an existing user. In this paper, we propose a new model, dubbed permissioned PoL, that addresses this gap by not requiring cooperation from users to detect a dishonest provider's potential misbehavior. At the core of our proposal lies a novel primitive, which we call Permissioned Vector Commitment (PVC), to ensure that a committed vector only contains values that users have explicitly signed. We provide an efficient PVC and PoL construction that carefully combines homomorphic properties of KZG commitments and BLS-based signatures. Our prototype implementation shows that, despite the stronger security, our proposal also improves server performance (by up to $10\times$) compared to prior PoLs.

翻译：加密货币交易所使用责任证明（PoLs）向客户证明其已在链上承诺的负债，从而增强客户对服务的信任。然而，通过对当前已部署及学术界的PoL方案进行深入分析，我们发现其设计存在显著缺陷。例如，现有方案无法抵抗服务提供商与现有用户共谋的现实攻击场景。本文提出了一种称为许可型PoL的新模型，该模型无需用户配合即可检测不诚实服务商的潜在不当行为，从而弥补了这一缺陷。我们方案的核心是一种新颖的原语，称为许可型向量承诺（PVC），它确保承诺的向量仅包含用户已明确签名的值。我们提供了一种高效的PVC与PoL构建方案，该方案巧妙结合了KZG承诺的同态特性与基于BLS的签名。原型实现表明，尽管安全性更强，与现有PoL方案相比，我们的方案还提升了服务器性能（最高可达$10\times$）。