Proof of Reserves: Inner Workings
This is the second of four pieces exploring how Proof of Reserve works in practice. Our next post will dive into the limitations of Proof of Reserve.
The Technology Behind Proof of Reserve?
Proof of Reserve (PoR) is an attempt to provide public transparency to centralized cryptocurrency reserves through a verifiable auditing practice. It uses cryptographic proofs and public wallet address ownership verification in combination with periodic third-party audits to publicly attest that a centralized platform holds enough assets to match user deposits. This cryptographic approach makes it possible for individual users to verify that their account balance is included in the attestation.
PoR relies on a technique, the Merkle Tree (also known as a binary hash tree), to provide a cryptographically secure method of verifying assets in a reserve. The Merkle Tree data structure is used to verify the integrity of the data by comparing the hash of the data to the hash of the root node. If the two hashes match, the data is considered to be valid.
An example of a Merkle Tree, courtesy of Bitpanda
Gate.io sheds light on the steps that can be used to create a Merkle Tree, which includes:
- Hashed user ID(UID) and user balances are first extracted from the exchange data.
- Each pair of hashed UID and user balance is hashed respectively and then connected to the underlying block.
- Leaf nodes of the Merkle Tree are generated using the same hash function for each data block.
- The resulting hashed data is hashed together in pairs to create the parent nodes. This process continues until a single hash known as the ‘Merkle root’ is obtained.
Proof of Reserve ensures transparency with the help of a Merkle Tree. It is a privacy-friendly data structure that assures quick and easy verification of large volumes of data, enhancing accountability, credibility, and trust between protocols and their users.
Merkle Trees are also ideal for data integrity since user data is anonymized using a unique salt before being added to the Merkle Tree. Each user’s balance can only be viewed if one has access to this salt. Furthermore, the Merkle Tree makes it easier for users to check whether their accurate account balance was included in the audit by comparing selective data within the Merkle Tree. They can verify this in two simple steps:
- Hash their account balance and unique ID
- Search for it in the Merkle Tree
The Proof of Reserve Process
Proof of Reserve, while underpinned by a single technique, is a complex process requiring trust in third-party auditors and the accounting practices valuing any off-chain assets. That process at a high level is as follows:
- An independent auditor takes a snapshot of all the user balances held by a cryptocurrency exchange and aggregates them into a Merkle Tree. By storing these hashes in a Merkle Tree, it becomes possible to verify that a given transaction is included in a block without having to check the entire block. This is essential in ensuring the privacy of users, as it means that their transaction data can be verified without revealing their identity.
- To further ensure privacy, each user's balance is also hashed with a unique salt before being stored in the Merkle Tree. This makes it impossible to determine the balance of any given user without knowing their salt. In cryptography, salt is a set of random data that is used as an additional input to a one-way function, that hashes data, a password, and a passphrase.
- Here, only those with access to the user's salt can view their balance. This ensures that even if someone were able to view the contents of the Merkle Tree, they would not be able to determine which account belongs to which user.
- This dataset is then run through a cryptographic hash function through which the auditor obtains a Merkle root - a cryptographic fingerprint that uniquely identifies the combination of balances.
- Last but not least, the auditor gathers the exchange’s digital signatures that show the total number of assets held in reserve at a point in time and verifies whether or not it matches the user balances represented in the Merkle tree, therefore ensuring that the client’s assets are held safely and the protocol is backed by assets to efficiently meet all withdrawal requests.
The auditor is an essential piece of the Proof of Reserve puzzle, responsible for collecting data from financial institutions and exchanges and verifying whether or not it matches the user balances mentioned in the Merkle Tree.
To help enhance trust and transparency in the industry, Gate.io has made its Proof of Reserve auditing solution open-source. In 2020, Gate.io became the first exchange to provide third-party certified, user-verifiable Proof of Reserve audit.
The company carries out audits with the help of a leading U.S. firm: Armanino LLP. Armanino LLP first conducts an audit and publishes the report on Gate.io’s reserve alongside user account balances that are compiled and encrypted using Merkle Tree. Users can then independently verify if their account balances are reflected in the reserve report correctly.
Thanks to Gate.io and other companies, many cryptocurrency exchanges are increasingly using Proof of Reserve audits.
Adoption of Proof of Reserve Audits
According to disclosures, Coinbase Global Inc. reported customer crypto assets and liabilities totaled $95.11 billion for the September quarter, up from $88.45 billion in the previous quarter. To prove that they have the reserves to cover all customer deposits, many exchanges such as Huobi, Binance, Crypto.com, Deribit, KuCoin, OkxKraken, and BitMEX, are now using PoR.
Even though the audits have been conducted, there are many instances where due process has not been followed. For instance, Binance and HBTC submitted their PoR audit without the oversight of an auditor. Similarly, Luno, Revix, Bitbuy and Shakepay, in their audit filing have not adhered to user validation by the Merkle approach. Furthermore, many organizations took Informal asset attestations into account in which neither a cryptographic record of the assets is retained nor a disclosure of liabilities is offered- Bitfinex,Crypto.com, OKX, KuCoin, and Huobi being the primary ones.
Since the assets are not audited and don’t go through the standard cryptographic verification, these audits and the subsequent attestations lack the credibility of the standard PoR audit. When it comes to exchanges using PoR, it is blatantly used for industry reputation and marketing purposes therefore users need to exercise extreme diligence and, to a greater extent, exercise caution. It should be noted that the disclosure of proof of reserve provides only a partial picture of a crypto exchange's assets - investors should confirm that all liabilities are disclosed and accounted for before choosing a crypto exchange as well.
Proof of Solvency
Proof of Reserve is one of the two variables in the Proof of Solvency equation. PoR only paints half of the picture, whereas disclosing an exchange’s liabilities gives a fair idea of the exchange’s status. Proof of Solvency in theory would be an optimal way for clients, partners, and third parties to verify the solvency of exchanges without compromising their users’ privacy.
Here, an exchange first needs to prove custody and ownership of the reserves. Next, it would publish the liabilities on its books. Once both of these are known it becomes fairly apparent if the exchange has enough reserves to cover its liabilities. This output is what we call “Proof of Solvency”, which can be used to build trust and transparency between the exchange, its clients, and regulators and prove that an exchange is backed by assets enough to meet all withdrawal requests at any given time.
Proof of Solvency = Proof of Reserve + Proof of Liabilities
Proof of Reserve is an incredibly fascinating process utilizing Merkle Trees, but may not fully address the problems posed by FTX’s downfall. To fully appreciate the limitations of Proof of Reserve, stay tuned for our next piece.