Proof of Reserves
Entities which have conducted a PoR attestation within the last 12 months:
- Coinfloor (self-assessment, user validation with merkle approach, ongoing)
- BitBuy (forensics firm assisted, no user validation, point in time)
- Gate.io (auditor-assisted, user validation with merkle approach, point in time)
- HBTC (self-assessment, user validation with merkle approach, point in time)
- [Your exchange’s name here?]
Note: I am presenting these claims ‘as is’ with no endorsement or guarantee of their correctness
Proof of Reserve introduction
If there’s a single thing I could do to better this industry, it would be to convince every custodial service provider in the cryptocurrency space to adopt a routine Proof of Reserve/ Proof of Solvency program.
Proof of Reserves is the idea that custodial businesses holding cryptocurrency should create public facing attestations as to their reserves, matched up with a proof of user balances (liabilities). The equation is simple:
Proof of Reserves + Proof of Liability = Proof of Solvency
If you can prove to the general public that your cryptocurrency held on deposit matches up with user balances, you can plausibly claim to be solvent. Of course, in practice, this isn’t quite so simple. Proving that you control some funds on chain is trivial, but you could always borrow those funds on a short term basis. This is why point-in-time attestations mean relatively little.
Proving liabilities is tricky, and generally requires an auditor to engage in a full assessment. For instance, exchanges can omit certain liabilities to ‘cheat’ a PoR attestation. This is why I recommend both a user-facing PoR protocol, allowing users to obtain ‘herd immunity’ by collectively verifying their individual balances, and an auditor-facing PoR protocol, to prove that the claimed liabilities are faithful to reality.
Another issue is that exchanges could have unaccounted-for liabilities that a mere cash flow analysis might not capture. For instance, given that many exchanges exist under muddy regulatory regimes and legal contexts, it’s not guaranteed that depositors would be senior to creditors in the case of bankruptcy. This means that it’s possible that large debts could consist of a hidden liability that would weaken depositor claims on reserves in a worst case scenario. This is why I recommend including an auditor in a PoR process, so these more complex liabilities (and an assessment of the seniority of depositors) can be understood. More generally, exchanges should adopt a legal policy in which depositors are absolutely privileged and senior to all creditors.
So a Proof of Reserve program isn’t entirely trustless. However, it’s still worth doing, for several reasons:
- It’s good housekeeping. A periodic PoR attestation demonstrates to your end users that you have your house in order, and that you are being vigilant with regards to solvency
- It’s a strong self-regulatory measure. If exchanges collectively adopted PoR, regulators might be more inclined to adopt a light touch approach. Much better to operate in relative freedom with voluntary self-regulatory measures rather than suffering onerous regulatory impositions later on
- It helps safeguard against toxic operators by making fractional reserves virtually impossible to hide. These exchange failures reflect badly on the whole industry, so it’s in everyone’s interest to avoid them
To those who reject PoR because it’s not perfectly trustless in its current implementation, I would respond that the perfect is the enemy of the good. At present, the industry standard is virtually no transparency. Those exchanges that are more stringently regulated, under the NY Trust License for instance, can credibly claim to be fair stewards of user funds. Some exchanges conduct audits to obtain bank partners. But these audits are generally not consumer facing, and many exchanges are loosely regulated. A far more potent trust signal would entail allowing depositors to individually verify that their deposits genuinely exist under the control of the exchange. If we let a commitment to perfection stall the adoption of processes like PoR, we will likely end up with a much worse situation where onerous, top-down regulation is imposed on exchanges. I always prefer proactive industry-driven self-regulation to state regulation, and I think you should, too.
Proof of Reserve Resources
- Nic Carter in Coindesk, How to Stop the Next Quadriga: Make Exchanges Prove Their Reserves
- Karim Helmy in The Block, Exchange Proofs of Reserves & Solvency: a mechanical explanation
- Nic Carter on Medium, How to scale Bitcoin (without changing a thing)
- Mauricio Di Bartolomeo in Bitcoin Magazine, Why Proof of Reserves is Important to Bitcoin
- Matt B on Medium, Proof-of-Reserves: A Standard for Enhanced Transparency
- On The Brink, The auditor view of Proof of Reserves (with Noah Buxton and Jeremy Nau of Armanino LLP)
- On The Brink, Free Banking in the Age of Crypto (with Professor Larry White)
- Designated-verifier proof of assets for bitcoin exchange using elliptic curve cryptography (2020)
- Systemizing the Challenges of Auditing Blockchain-Based Assets (2019)
- Revelio: A MimbleWimble Proof of Reserves Protocol (2019)
- Breaking the binding: Attacks on the Merkle approach to prove liabilities and its applications (2019)
- MProve: A Proof of Reserves Protocol for Monero Exchanges (2019)
- Confidential and efficient asset proof for bitcoin exchanges (2018)
- Making Bitcoin Exchanges Transparent (2015)
- Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges (2015)
- Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk (2013)
- Blockstream, Standardizing Proof of Reserves (2019)
- Zak Wilcox, Proving Your Bitcoin Reserves (2014). This is Zak’s (since-deleted) description of the Maxwell/Todd ‘merkle approach’ to proving liabilities
- Olalonde’s Proof of Liabilities code on Github (2015)
Why ‘Proof of Reserve’ if you really mean ‘Proof of Solvency’?
Proof of reserve sounds better, and Solvency is a much higher bar to clear. Ideally a PoR would be paired with a full accounting of liabilities, known and hidden, and solvency assurances would be obtained.
What about exchange/user privacy?
As long as exchanges are ok with people knowing how the total value of assets on deposit, they don’t have to divulge any additional information. In practice, it’s trivial to determine how many coins an exchange has, and many third party providers actively publish this data. So trying to hide the number of coins on deposit is a lost cause anyway. Through the proof of liability tool, user information is anonymized and hashed. This allows only users with a knowledge of their account ID and their balance to verify that they are included in the merkle proof without spying on other users.
What about DEXes?
The growth of DEXes is exciting and great for the industry. However, cryptocurrency users have a revealed preference for custodial ownership, at least for a portion of their coins. Self-custody is hard and it isn’t for everyone. Approximately 20-25% of BTC and ETH is held in a custodial setting. By encouraging custodial exchanges to adopt PoR, I am hoping that user assurances at custodial exchanges can be bettered. However, it goes without saying – not your keys, not your coins. You are ALWAYS vulnerable if you choose to use a custodial exchange.
I want to adopt PoR. What do you recommend?
1. I recommend updating your legal ToS to clarify a) the segregation of client deposits and operating capital, b) the seniority of client deposits in liquidation, and c) the responsibilities you have towards depositors under your regulatory regime, if any.
2. As for adopting a PoR strategy, I suggest an ongoing, auditor-enhanced, user-verifiable proof of solvency using the merkle approach. Point in time attestations are not sufficient. I recommend using an auditor to assist and attest to the liabilities side. Currently Armanino and KPMG are audit/accounting firms known to be offering these services. I strongly recommend allowing depositors to verify that their balances are included in the proof of liabilities using the Maxwell/Todd merkle method.
Why do I need an auditor or external third party assistance?
The liabilities side of the equation is tricky, and for users to have confidence that the accounting is complete, it’s worth engaging a trusted auditor willing to contribute their professional reputation to an assessment of liabilities.
Want to include your exchange in my list of active PoR participants? Have feedback or want to suggest a resource for inclusion? To get in touch, DM me on Twitter.