Cross Ledger Transaction Consistency for Financial Auditing

Authors Vlasis Koutsos , Xiangan Tian , Dimitrios Papadopoulos , Dimitris Chatzopoulos



PDF
Thumbnail PDF

File

LIPIcs.AFT.2024.4.pdf
  • Filesize: 1.23 MB
  • 25 pages

Document Identifiers

Author Details

Vlasis Koutsos
  • Hong Kong University of Science and Technology, Hong Kong
Xiangan Tian
  • Hong Kong University of Science and Technology, Hong Kong
Dimitrios Papadopoulos
  • Hong Kong University of Science and Technology, Hong Kong
Dimitris Chatzopoulos
  • University College Dublin, Ireland

Acknowledgements

We would like to thank the anonymous reviewers for their feedback and Pierre-Louis Roman for shepherding our paper.

Cite AsGet BibTex

Vlasis Koutsos, Xiangan Tian, Dimitrios Papadopoulos, and Dimitris Chatzopoulos. Cross Ledger Transaction Consistency for Financial Auditing. In 6th Conference on Advances in Financial Technologies (AFT 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 316, pp. 4:1-4:25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/LIPIcs.AFT.2024.4

Abstract

Auditing throughout a fiscal year is integral to organizations with transactional activity. Organizations transact with each other and record the details for all their economical activities so that a regulatory committee can verify the lawfulness and legitimacy of their activity. However, it is computationally infeasible for the committee to perform all necessary checks for each organization. To overcome this, auditors assist in this process: organizations give access to all their internal data to their auditors, who then produce reports regarding the consistency of the organization’s data, alerting the committee to any inconsistencies. Despite this, numerous issues that result in fines annually revolve around such inconsistencies in bookkeeping across organizations. Notably, committees wishing to verify the correctness of auditor-provided reports need to redo all their calculations; a process which is computationally proportional to the number of organizations. In fact, it becomes prohibitive when considering real-world settings with thousands of organizations. In this work, we propose two protocols, CLOSC and CLOLC, whose goals are to enable auditors and a committee to verify the consistency of transactions across different ledgers. Both protocols ensure that for every transaction recorded in an organization’s ledger, there exists a dual one in the ledger of another organization while safeguarding against other potential attacks. Importantly, we minimize the information leakage to auditors and other organizations and guarantee three crucial security and privacy properties that we propose: (i) transaction amount privacy, (ii) organization-auditor unlinkability, and (iii) transacting organizations unlinkability. At the core of our protocols lies a two-tier ledger architecture alongside a suite of cryptographic tools. To demonstrate the practicality and scalability of our designs, we provide extensive performance evaluation for both CLOSC and CLOLC. Our numbers are promising, i.e., all computation and verification times lie in the range of seconds, even for millions of transactions, while the on-chain storage costs for an auditing epoch are encouraging i.e. in the range of GB for millions of transactions and thousands of organizations.

Subject Classification

ACM Subject Classification
  • Security and privacy → Privacy-preserving protocols
Keywords
  • Financial auditing
  • Two-tier ledger architecture
  • Smart contracts
  • Transaction privacy
  • Financial entity unlinkability

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. DEDIS Advanced Crypto Library for Go. Online; accessed 1 July 2023. URL: https://github.com/dedis/kyber.
  2. Financial Reporting Council. URL: https://www.frc.org.uk/.
  3. Hyperledger Fabric. URL: https://www.hyperledger.org/use/fabric.
  4. Public Company Accounting Oversight Board. URL: https://pcaobus.org/.
  5. What’s The Difference Between 2, 3, & 4-Way Matching. Online; accessed 8 May 2024. URL: https://www.dataserv.com/blog/difference-between-2-3-4-way/.
  6. The World’s Biggest Accounting Fraud Scandals, 2023. Online; accessed 21 May 2024. URL: https://www.skillcast.com/blog/accounting-fraud-scandals.
  7. 2020. Poly Network. URL: https://poly.network/.
  8. 2020. Rainbow Bridge. URL: https://near.org/nbridge/.
  9. 2022. Axelar. URL: https://axelar.network/.
  10. Sarah Allen, Srđjan Čapkun, Ittay Eyal, Giulia Fanti, Bryan A Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, et al. Design choices for central bank digital currency: Policy and technical considerations. Technical report, National Bureau of Economic Research, 2020. Google Scholar
  11. Gilbert K Amoako, Jonas Bawuah, Emmanuel Asafo-Adjei, and Catherine Ayimbire. Internal audit functions and sustainability audits: Insights from manufacturing firms. Cogent Business & Management, 10(1):2192313, 2023. Google Scholar
  12. Deniz Appelbaum and R Nehmer. Designing and auditing accounting systems based on blockchain and distributed ledger principles. Feliciano School of Business, pages 1-19, 2017. Google Scholar
  13. Salman Arif, John Kepler, Joseph Schroeder, and Daniel Taylor. Audit process, private information, and insider trading. SSRN Electronic Journal. doi, 10, 2018. Google Scholar
  14. Carsten Baum, James Hsin-yu Chiang, Bernardo David, and Tore Kasper Frederiksen. Sok: Privacy-enhancing technologies in finance. In Joseph Bonneau and S. Matthew Weinberg, editors, 5th Conference on Advances in Financial Technologies, AFT 2023, October 23-25, 2023, Princeton, NJ, USA, volume 282 of LIPIcs, pages 12:1-12:30. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023. URL: https://doi.org/10.4230/LIPICS.AFT.2023.12.
  15. Elette Boyle, Geoffroy Couteau, Niv Gilboa, and Yuval Ishai. Compressing vector OLE. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 896-912. ACM, 2018. URL: https://doi.org/10.1145/3243734.3243868.
  16. Elette Boyle, Niv Gilboa, and Yuval Ishai. Function secret sharing. In Elisabeth Oswald and Marc Fischlin, editors, Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, volume 9057 of Lecture Notes in Computer Science, pages 337-367. Springer, 2015. URL: https://doi.org/10.1007/978-3-662-46803-6_12.
  17. Nathalie Brender, Marion Gauthier, Jean-Henry Morin, and Arbër Salihi. The potential impact of blockchain technology on audit practice. Journal of Strategic Innovation and Sustainability, 14(2), 2019. Google Scholar
  18. Chainlink. What Is a Cross-Chain Bridge? URL: https://chain.link/education-hub/cross-chain-bridge.
  19. Panagiotis Chatzigiannis and Foteini Baldimtsi. Miniledger: Compact-sized anonymous and auditable distributed payments. In Elisa Bertino, Haya Schulmann, and Michael Waidner, editors, Computer Security - ESORICS 2021 - 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I, volume 12972 of Lecture Notes in Computer Science, pages 407-429. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-88418-5_20.
  20. Corporate Finance Institute. Top Accounting Scandals: A recap of the top scandals in the past. Online; accessed 11 January 2021. Google Scholar
  21. Flavio Corradini, Alessandro Marcelletti, Andrea Morichetta, Andrea Polini, Barbara Re, and Francesco Tiezzi. Engineering trustable and auditable choreography-based systems using blockchain. ACM Trans. Manag. Inf. Syst., 13(3):31:1-31:53, 2022. URL: https://doi.org/10.1145/3505225.
  22. Jun Dai and Miklos A. Vasarhelyi. Toward blockchain-based accounting and assurance. J. Inf. Syst., 31(3):5-21, 2017. URL: https://doi.org/10.2308/ISYS-51804.
  23. Ivan Bjerre Damgård. A design principle for hash functions. In Conference on the Theory and Application of Cryptology, pages 416-427. Springer, 1989. Google Scholar
  24. Sebahattin Demirkan, Irem Demirkan, and Andrew McKee. Blockchain technology in the future of business cyber security and accounting. Journal of Management Analytics, 7(2):189-208, 2020. Google Scholar
  25. Christine E Earley. Data analytics in auditing: Opportunities and challenges. Business horizons, 58(5):493-500, 2015. Google Scholar
  26. Karl Hackenbrack and Mark W Nelson. Auditors' incentives and their application of financial accounting standards. Accounting Review, pages 43-59, 1996. Google Scholar
  27. Hongdan Han, Radha K. Shiwakoti, Robin Jarvis, Chima Mordi, and David Botchie. Accounting and auditing with blockchain technology and artificial intelligence: A literature review. Int. J. Account. Inf. Syst., 48:100598, 2023. URL: https://doi.org/10.1016/J.ACCINF.2022.100598.
  28. Holly Doyle, Simon Passfield, Guildhall Chambers. Shams: When is a transaction not a transaction?, 2023. Online; accessed 27 April 2023. Google Scholar
  29. Yuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung Jin Yang, and Raluca Ada Popa. Merkle^2: A low-latency transparency log system. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May 2021, pages 285-303. IEEE, 2021. URL: https://doi.org/10.1109/SP40001.2021.00088.
  30. Yan Ji and Konstantinos Chalkias. Generalized proof of liabilities. In Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi, editors, CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, pages 3465-3486. ACM, 2021. URL: https://doi.org/10.1145/3460120.3484802.
  31. Neal Koblitz. Elliptic curve cryptosystems. Mathematics of computation, 48(177):203-209, 1987. Google Scholar
  32. Vlasis Koutsos, Sankarshan Damle, Dimitrios Papadopoulos, Dimitris Chatzopoulos, and Sujit Gujar. Avecq: Anonymous verifiable crowdsourcing with worker qualities. IEEE Transactions on Dependable and Secure Computing, pages 1-18, 2024. Google Scholar
  33. Vlasis Koutsos and Dimitrios Papadopoulos. Publicly auditable functional encryption. In Mehdi Tibouchi and Xiaofeng Wang, editors, Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023, Proceedings, Part II, volume 13906 of Lecture Notes in Computer Science, pages 396-425. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-33491-7_15.
  34. Vlasis Koutsos, Xiangan Tian, Dimitrios Papadopoulos, and Dimitris Chatzopoulos. Cross ledger transaction consistency for financial auditing. Cryptology ePrint Archive, Paper 2024/1155, 2024. URL: https://eprint.iacr.org/2024/1155.
  35. Stephen Kozlowski. An audit ecosystem to support blockchain-based accounting and assurance. In Continuous Auditing: Theory and Application, pages 299-313. Emerald Publishing Limited, 2018. Google Scholar
  36. Legal Information Institure, Cornell. 31 U.S. Code § 9105 - Audits. https://www.law.cornell.edu/uscode/text/31/9105. Google Scholar
  37. Chao Lin, Xinyi Huang, Jianting Ning, and Debiao He. ACA: anonymous, confidential and auditable transaction systems for blockchain. IEEE Trans. Dependable Secur. Comput., 20(6):4536-4550, 2023. URL: https://doi.org/10.1109/TDSC.2022.3228236.
  38. Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. CONIKS: bringing key transparency to end users. In Jaeyeon Jung and Thorsten Holz, editors, 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, pages 383-398. USENIX Association, 2015. URL: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/melara.
  39. Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology - CRYPTO '87, A Conference on the Theory and Applications of Cryptographic Techniques, Santa Barbara, California, USA, August 16-20, 1987, Proceedings, volume 293 of Lecture Notes in Computer Science, pages 369-378. Springer, 1987. URL: https://doi.org/10.1007/3-540-48184-2_32.
  40. Mohammed Ahmad Naheem. Internal audit function and aml compliance: the globalisation of the internal audit function. Journal of Money Laundering Control, 19(4):459-469, 2016. Google Scholar
  41. Mohammed Ahmad Naheem. Money laundering: A primer for banking staff. International Journal of Disclosure and Governance, 13(2):135-156, 2016. Google Scholar
  42. Krishnasuri Narayanam, Venkatraman Ramakrishna, Dhinakaran Vinayagamurthy, and Sandeep Nishad. Atomic cross-chain exchanges of shared assets. In Maurice Herlihy and Neha Narula, editors, Proceedings of the 4th ACM Conference on Advances in Financial Technologies, AFT 2022, Cambridge, MA, USA, September 19-21, 2022, pages 148-160. ACM, 2022. URL: https://doi.org/10.1145/3558535.3559786.
  43. Neha Narula, Willy Vasquez, and Madars Virza. zkledger: Privacy-preserving auditing for distributed ledgers. In Sujata Banerjee and Srinivasan Seshan, editors, 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018, Renton, WA, USA, April 9-11, 2018, pages 65-80. USENIX Association, 2018. URL: https://www.usenix.org/conference/nsdi18/presentation/narula.
  44. P7. Auditing disclosures in financial statements, 2016. Online; accessed 21 May 2024. URL: https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/auditing-disclosures.html.
  45. Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Joan Feigenbaum, editor, Advances in Cryptology - CRYPTO '91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1991, Proceedings, volume 576 of Lecture Notes in Computer Science, pages 129-140. Springer, 1991. URL: https://doi.org/10.1007/3-540-46766-1_9.
  46. Daniël Reijsbergen, Aung Maw, Zheng Yang, Tien Tuan Anh Dinh, and Jianying Zhou. TAP: transparent and privacy-preserving data services. In Joseph A. Calandrino and Carmela Troncoso, editors, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, pages 6489-6506. USENIX Association, 2023. URL: https://www.usenix.org/conference/usenixsecurity23/presentation/reijsbergen.
  47. Andrea M Rozario and Miklos A Vasarhelyi. Auditing with smart contracts. International Journal of Digital Accounting Research, 18, 2018. Google Scholar
  48. Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151:1-32, 2014. Google Scholar
  49. Tiancheng Xie, Jiaheng Zhang, Zerui Cheng, Fan Zhang, Yupeng Zhang, Yongzheng Jia, Dan Boneh, and Dawn Song. zkbridge: Trustless cross-chain bridges made practical. In Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi, editors, CCS 2022, pages 3003-3017. ACM, 2022. URL: https://doi.org/10.1145/3548606.3560652.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail