History of Proof of Reserves
This lesson will introduce the history of Proof of Reserves, as well as the advantages and disadvantages of different proof-of-reserves technologies.
Proof of Reserves has evolved from direct proof of assets, continuously introducing trusted technologies and processes to optimize the proof process, ultimately developing into proof of debts. These technologies include trusted third parties, Merkle Trees, and zero-knowledge proofs, among others.
Proof of Assets
In 2011, MtGox, the largest bitcoin exchange at the time, proved they owned the funds by sending 424,242 BTC to a pre-announced address. This method can only prove the ownership of assets and cannot prove the liabilities of the exchange. Users have no way of knowing if this is the exact amount of assets that have been misappropriated.
Proof of Debts
The biggest difference between proof of debts and proof of assets is that proof of debts not only proves the number of assets held by the exchange but also discloses the number of assets deposited by users.
Direct Disclosure
The debt of an exchange is the assets deposited by the user. The simplest way to prove user assets is to disclose a list containing user accounts and balances, allowing users to check whether their accounts’ balances are correct.
However, this approach has significant flaws:
① We cannot guarantee that the list provided by the exchange is true.
② During the process, user account information and balances might be leaked.
Therefore, the direct disclosure method is the theoretical foundation of proof of debts but has not been implemented by any exchange so far.
Merkle Trees
A Merkle tree is a data structure similar to a “tree”, with the data at the bottom of the tree called “leaf nodes” and the data in the middle called “intermediate nodes”. The left and right leaf nodes can be processed by hashing (referring to processing any input value through a specific method to obtain a specific value) to output the value of the intermediate node. The values of the left and right intermediate nodes, when hashed, produce a unique output value for the upper intermediate node. After processing layer by layer, the final result is the root node of the Merkle tree. This value is unique, and any change in leaf nodes will result in a change in the root node.
In this method, the total user assets held by the exchange are obtained through layer-by-layer addition. However, when directly placing both user account and balance data in the leaf nodes, there is still a small-scale information leakage crisis. Using the example in the diagram above, the user Charlie, marked in green, can not only know some information about David but also the total balances of Alice and Bob on the left. Therefore, there are new technological improvements in the leaf nodes:
(1) As shown in the figure above, hash the user account ID with a specific value.
(2) Split the user balance. For example, Charlie’s 10 ETH can be divided into two 5 ETH placed in two leaf nodes.
(3) Hash the user ID and balance separately, then hash the obtained values again.
Despite various optimization methods, there is one problem that Merkel trees cannot solve: negative balance accounts. In practical use, users may experience leveraged trading, perpetual contracts, and other products after depositing cryptocurrency. If losses occur, the maximum loss should be 100% of the principal, meaning that user account balances should be greater than or equal to 0.
So, negative balance accounts are generally initiated by malicious exchanges. If the exchange misappropriates 500 ETH, based on normal calculations, the actual reserve ratio of the exchange’s owned assets is likely less than 100%, exposing its misappropriation behavior. However, the exchange can use an account named Henry with a balance of -500 ETH, as shown in the diagram, to make the total assets generated by the Merkle Tree equal to or less than the actual assets the exchange has misappropriated, creating a false impression that the reserve ratio is greater than 100%.
Third-Party Audits
In daily contexts, “audit” mainly refers to independent economic supervision activities, and the entity engaging in this activity is called an “audit firm.” Common application scenarios include financial report audits of listed companies, government audits, etc. In the crypto world, CEXs seek reputable audit firms from traditional fields to conduct audits. Due to the unique nature of the crypto industry and the imperfect audit system, many third-party audits need to be combined with Merkle tree technology.
Audit firms will use the user balances provided by the exchange to generate a Merkle tree. After the Merkel tree is generated, auditors verify the total user balances and publish the complete Merkel tree and root hash. Users can enter their hashed user ID and token balance into the verification interface to trigger the verification process.
The advantage of this method is that it can increase credibility through well-known audit firms. However, it relies on the professional ethics of auditors and cannot guarantee that auditors will not collude with the exchange for malicious purposes. Therefore, to provide Proof of Reserves in a more secure, transparent way, third-party audits have gradually become auxiliary proof methods or have been abandoned.
Technology Breakthrough: Zero-knowledge Proofs
As mentioned earlier, the existing Merkel tree structure cannot solve negative balance accounts and privacy issues. In December 2022, Vitalik Buterin, the founder of Ethereum, published an article entitled “ Having a safe CEX: proof of solvency and beyond,”, discussing how exchanges can have better proof of solvency. The article suggests introducing new technologies like zk-SNARKs based on traditional Proof of Reserves to ensure more open, transparent, and genuine Proof of Reserves. This has also prompted major exchanges to explore the use of zero-knowledge proofs to replace Proof of Reserves.
Conclusion
From simple proof of assets to the use of cryptographic technology, the Proof of Reserves by exchanges is developing towards decentralization, privacy, and transparency. In the next lesson, we will explore the combination of zero-knowledge proofs and Proof of Reserves.
History of Proof of Reserves
This lesson will introduce the history of Proof of Reserves, as well as the advantages and disadvantages of different proof-of-reserves technologies.
Proof of Reserves has evolved from direct proof of assets, continuously introducing trusted technologies and processes to optimize the proof process, ultimately developing into proof of debts. These technologies include trusted third parties, Merkle Trees, and zero-knowledge proofs, among others.
Proof of Assets
In 2011, MtGox, the largest bitcoin exchange at the time, proved they owned the funds by sending 424,242 BTC to a pre-announced address. This method can only prove the ownership of assets and cannot prove the liabilities of the exchange. Users have no way of knowing if this is the exact amount of assets that have been misappropriated.
Proof of Debts
The biggest difference between proof of debts and proof of assets is that proof of debts not only proves the number of assets held by the exchange but also discloses the number of assets deposited by users.
Direct Disclosure
The debt of an exchange is the assets deposited by the user. The simplest way to prove user assets is to disclose a list containing user accounts and balances, allowing users to check whether their accounts’ balances are correct.
However, this approach has significant flaws:
① We cannot guarantee that the list provided by the exchange is true.
② During the process, user account information and balances might be leaked.
Therefore, the direct disclosure method is the theoretical foundation of proof of debts but has not been implemented by any exchange so far.
Merkle Trees
A Merkle tree is a data structure similar to a “tree”, with the data at the bottom of the tree called “leaf nodes” and the data in the middle called “intermediate nodes”. The left and right leaf nodes can be processed by hashing (referring to processing any input value through a specific method to obtain a specific value) to output the value of the intermediate node. The values of the left and right intermediate nodes, when hashed, produce a unique output value for the upper intermediate node. After processing layer by layer, the final result is the root node of the Merkle tree. This value is unique, and any change in leaf nodes will result in a change in the root node.
In this method, the total user assets held by the exchange are obtained through layer-by-layer addition. However, when directly placing both user account and balance data in the leaf nodes, there is still a small-scale information leakage crisis. Using the example in the diagram above, the user Charlie, marked in green, can not only know some information about David but also the total balances of Alice and Bob on the left. Therefore, there are new technological improvements in the leaf nodes:
(1) As shown in the figure above, hash the user account ID with a specific value.
(2) Split the user balance. For example, Charlie’s 10 ETH can be divided into two 5 ETH placed in two leaf nodes.
(3) Hash the user ID and balance separately, then hash the obtained values again.
Despite various optimization methods, there is one problem that Merkel trees cannot solve: negative balance accounts. In practical use, users may experience leveraged trading, perpetual contracts, and other products after depositing cryptocurrency. If losses occur, the maximum loss should be 100% of the principal, meaning that user account balances should be greater than or equal to 0.
So, negative balance accounts are generally initiated by malicious exchanges. If the exchange misappropriates 500 ETH, based on normal calculations, the actual reserve ratio of the exchange’s owned assets is likely less than 100%, exposing its misappropriation behavior. However, the exchange can use an account named Henry with a balance of -500 ETH, as shown in the diagram, to make the total assets generated by the Merkle Tree equal to or less than the actual assets the exchange has misappropriated, creating a false impression that the reserve ratio is greater than 100%.
Third-Party Audits
In daily contexts, “audit” mainly refers to independent economic supervision activities, and the entity engaging in this activity is called an “audit firm.” Common application scenarios include financial report audits of listed companies, government audits, etc. In the crypto world, CEXs seek reputable audit firms from traditional fields to conduct audits. Due to the unique nature of the crypto industry and the imperfect audit system, many third-party audits need to be combined with Merkle tree technology.
Audit firms will use the user balances provided by the exchange to generate a Merkle tree. After the Merkel tree is generated, auditors verify the total user balances and publish the complete Merkel tree and root hash. Users can enter their hashed user ID and token balance into the verification interface to trigger the verification process.
The advantage of this method is that it can increase credibility through well-known audit firms. However, it relies on the professional ethics of auditors and cannot guarantee that auditors will not collude with the exchange for malicious purposes. Therefore, to provide Proof of Reserves in a more secure, transparent way, third-party audits have gradually become auxiliary proof methods or have been abandoned.
Technology Breakthrough: Zero-knowledge Proofs
As mentioned earlier, the existing Merkel tree structure cannot solve negative balance accounts and privacy issues. In December 2022, Vitalik Buterin, the founder of Ethereum, published an article entitled “ Having a safe CEX: proof of solvency and beyond,”, discussing how exchanges can have better proof of solvency. The article suggests introducing new technologies like zk-SNARKs based on traditional Proof of Reserves to ensure more open, transparent, and genuine Proof of Reserves. This has also prompted major exchanges to explore the use of zero-knowledge proofs to replace Proof of Reserves.
Conclusion
From simple proof of assets to the use of cryptographic technology, the Proof of Reserves by exchanges is developing towards decentralization, privacy, and transparency. In the next lesson, we will explore the combination of zero-knowledge proofs and Proof of Reserves.