Clockwork: An Exchange Protocol for Proofs of Non Front-Running

Abstract:

Exchanges are critical for providing liquidity and price transparency to markets, but electronic exchanges sometimes front run their users: because the exchange is in a privileged position, it can observe incoming orders and insert its own orders or alter execution to profit, if undetected, risk-free. There are cryptographic schemes to address front-running, but they either require an assumption of non-collusion or do not definitively prevent it, and none can provide the exchange with useful evidence of good behavior: a transcript the exchange can show to an offline entity, like a potential new customer or a regulator, to prove that it is not front running.

We present ClockWork, a practical exchange protocol which gives an exchange the ability to prove to a user that it did not front-run their order. In ClockWork, users commit to and encrypt orders inside a timelock puzzle. By assuming a lower bound on the time it takes to solve the puzzle, we ensure that no one, including the exchange, can submit new orders or selectively drop orders after the batch is fixed, and that users cannot repudiate committed orders. Users interacting with the exchange are convinced that the exchange did not front-run, and the protocol creates a transcript between the exchange and the users that serves as evidence orders were matched correctly and has attestations from users who agree they were not front-run. We implement ClockWork and show that despite using computationally expensive timelock puzzles, it provides reasonable performance for batch auctions . This is a useful tradeoff to provide a verifiably correct exchange.

Dan Cline worked with the DCI via the Co-op program from the University of Massachusetts Amherst. His mentors were Neha Narula and Tadge Dryja