This work addresses a critical vulnerability in existing Proof-of-Liability (PoL) schemes, which are susceptible to collusion between service providers and users to fabricate liability data. To mitigate this issue, the paper proposes a permissioned Proof-of-Liability model leveraging a novel cryptographic primitive—Permissioned Vector Commitment (PVC). This construction relies solely on explicitly signed user values to form commitment vectors, enabling effective detection of provider misconduct without requiring active user participation during verification. The PVC scheme efficiently combines the homomorphic properties of KZG commitments with BLS signatures to achieve both security and performance. Experimental evaluation of the prototype demonstrates that the proposed approach not only provides stronger security guarantees but also improves server throughput by up to an order of magnitude compared to state-of-the-art PoL systems.

Cryptocurrency exchanges use proofs of liabilities (PoLs) to prove to their customers their liabilities committed on-chain, thereby enhancing their trust in the service. Unfortunately, a close examination of currently deployed and academic PoLs reveals significant shortcomings in their designs. For instance, existing schemes cannot resist realistic attack scenarios in which the provider colludes with an existing user. In this paper, we propose a new model, dubbed permissioned PoL, that addresses this gap by not requiring cooperation from users to detect a dishonest provider's potential misbehavior. At the core of our proposal lies a novel primitive, which we call Permissioned Vector Commitment (PVC), to ensure that a committed vector only contains values that users have explicitly signed. We provide an efficient PVC and PoL construction that carefully combines homomorphic properties of KZG commitments and BLS-based signatures. Our prototype implementation shows that, despite the stronger security, our proposal also improves server performance (by up to $10\times$) compared to prior PoLs.