On Monday (February 4th), Blockchain startup Blockstream announced that its new open-source "Proof of Reserves" tool could help centralized cryptocurrency exchanges prove their BTC balances to third parties (such as auditors). And in the wake of the huge disaster at Canada's QuadrigaCX exchange, the desperate need for such a tool is even easier to see.
Here is how Blockstream announced the news on Twitter:
Regarding the recent discussion around exchange distrust, we think it's time for the industry to settle on a standard for proving #bitcoin holdings, so we've published a new open source Proof of Reserves tool. Don't trust. Verify. 📖🔍🔏 https://t.co/uKqlJjLU1x pic.twitter.com/kU8kIesqA6— Blockstream (@Blockstream) February 5, 2019
What Is the Problem Blockstream Is Trying to Solve?
"Bitcoin exchanges are increasingly coming under pressure from users and regulators to prove they are managing their users funds correctly. After so many high-profile hacks over the years (many of which went unnoticed for some time), proving Bitcoin reserves has become an important task for businesses seeking to retain the trust of their customers."
What Is Wrong With Existing Solutions?
"Unfortunately, the few exchanges that are taking steps to prove their Bitcoin balances to third parties use their own in-house solutions to generate their proofs. The variety of approaches makes it difficult for anyone wishing to verify exchange holdings for themselves, as they must familiarize themselves with each individual system, which usually requires some specialist technical knowledge."
According to Blockstream, the usual approach to building such a tool suffers from these two problems:
- Poor Accessibility: "as stated above, due to each exchange taking a DIY approach, proof of reserve solutions are technical and unfamiliar. Users have to figure out how to verify holdings for each exchange they engage with. This leads to more trusting, and less verifying."
- Security risks: "proving reserves requires exchange personnel to demonstrate the ownership of private keys associated with exchange wallets. Often this involves the movement of all funds to a new set of addresses—presenting major attack vectors for attackers attempting to compromise storage."
What is Blockstream's Solution and Why Did Blockstream Build It?
"At Blockstream, we’ve been working on a solution to provide a best-practice standard Proof of Reserves for the industry, that offers broad compatibility with the way most Bitcoin exchanges are storing their users’ funds. A BIP has already been submitted to the bitcoin-dev mailing list, and today we’re open-sourcing the development of the tool for feedback from the industry."
Blockstream says this tool was originally developed for their Liquid Network, "a blockchain for exchanges, brokers, and market makers that enables fast, private Bitcoin transactions with other members of the network." In their own words:
"We originally set off to build a solution for Liquid functionaries to prove their Liquid bitcoin (L-BTC) reserves to third-party auditors. But as we researched the project, we quickly realised that existing approaches by exchanges for regular Bitcoin reserves had room for improvement, and that our software had wider applications outside of the Liquid Network."
How Does Blockstream's Proof of Reserves Reserves Tool Work?
"Proof of Reserves allows an exchange to prove how many bitcoin they could spend, without needing to generate a 'live' transaction or exposing themselves to the risks of moving funds. Using the tool, an exchange first constructs a single transaction which spends all of an exchange’s Bitcoin UTXOs, and adding an extra invalid input. By including one invalid input, the entire transaction is rendered invalid and would be rejected by the network if broadcast. However, the transaction is constructed in such a way that it can still be used as an explicit proof of all the Bitcoin UTXOs spendable by the exchange. This transaction data can then be shared with anyone that needs to verify reserves. They simply import the data into their own Proof of Reserves client to confirm the exchange’s total holdings and the addresses associated with those holdings. The solution is easy-to-use and accessible to anyone that knows how to run a CLI application."
Currently, this tool "supports both the Bitcoin Core wallet and Trezor, with more integrations on the way (Ledger support coming soon!)." Although the main expected use case for the Proof of Reserves tool is currently centralized crypto exchanges needing to provide a proof of their Bitcoin reserves to auditors for verification purposes, Blockstream hopes that, once they have made some privacy improvements to it, it will eventually also be useful to the users of centralized exchanges.
Some Reactions From Crypto Twitter
Manfred Karrer, Founder of decentralized crypto exchange Bisq:
If you don't hold your keys you don't hold Bitcoin but an IOU. No proof of Reserves needed if you use @bisq_network— Manfred Karrer (@manfred_karrer) February 5, 2019
Tuur Demeester, Founding Partner Adamant Capital:
Fantastic, really hope this gets picked up. Bitcoin hasn't seen exchanges do significant Proof of Reserves since right after the MtGox collapse in 2014. https://t.co/bE0Rcu0skZ— Tuur Demeester (@TuurDemeester) February 5, 2019
Nic Carter, Co-Founder of Coinmetrics:
There I was thinking that a proof of reserves had to be accompanied by a proof of liabilities established by some trusted auditor but through ZKPs you don't even need that! pic.twitter.com/mrrJw3cPT9— nic carter (@nic__carter) February 4, 2019
John Carvalho ("Bitcoin Error Log"):
I have solved the age-old problem of proving your exchange is solvent and has your coins! Proof of reserves? Nope. Audits? Nope. Attestations? Nope. Trusted computing with Merkel trees? Nope. What's the real solution? Withdraw your fucking coins. #NotYourKeysNotYourCoins— John Carvalho (@BitcoinErrorLog) February 5, 2019
Featured Image Courtesy of Blockstream