bitcoin in front on bitcoins

ZK Proof of Reserves

Given the recent downturn of the digital currency industry kicked off by the meteoric collapse of the ‘grown ups’ in the sector (FTX), many have been sent reeling, wondering if there is something we could do to avoid this sort of calamity in the future.

The answer is yes! It is what people loosely term “Proof of Reserves” or Proof of Solvency (though PoS is already a terribly overloaded term), and it revolves around using zero-knowledge proofs in order to show that the reserves that an exchange hold are actually held and that their clients’ funds are “safe1“.

Now, before we dive into how this would work conceptually, it is worth going over the problem definition at a high level.

The problem we are trying to solve is that a traditional exchange normally holds their clients’ accounts and balances in trust accounts, held by a licensed and insured trust bank, an institution that holds the exchanges’ client assets in accounts separate from the exchanges’ own. The exchange acts only as an executor of the accounts and is not the legal owner.

This legal differentiation turns out to be most critical when an exchange goes into insolvency and bankruptcy, as the courts determine ownership based on the legal status of assets in a liquidation. It could mean the difference between getting your assets back or just joining the long line of other creditors in a bankruptcy proceeding. The other effect of this is that the asset account balances are separately accounted for in the name of the client, and they are not pooled with the exchange’s assets.

Thus, while the exchange can deposit and withdraw from these accounts on behalf of their client, the records left would clearly indicate that the exchange is moving the client’s money and not their own.

The issue is, for exchanges that deal with digital assets on blockchains, there aren’t many trust banks that can hold digital assets, and thus they are forced to custody the assets themselves. Herein lies the first conflict of interest.

While a traditional exchange would act simply as an exchange, dealing with order books, a fair listing of products, and matching trades, virtual currency exchanges end up being the defacto broker/dealer as well. To add to the problem, they not only act as brokers/dealers for their clients (holding their assets for them in order to facilitate trading on the exchange), but they also often engage as proprietary traders themselves (trading on their own exchange with their own accounts!). This is a recipe for disaster, and from this perspective, it is a miracle that FTX and others lasted as long as they did without ‘running away with the bank.’ If we were to evoke a casino analogy, it is as if FTX ran the casino, acted as the loan shark, and actively competed against the customers at the casino tables at the same time! Yes, my friends, this is the insane world of ‘crypto.

What does ‘Proof of Reserves’ purport to do?

The first issue that needs to be addressed is simply one that allows an exchange to prove that they are indeed holding their clients’ funds separately and that the assets are present on all blockchains that are supported. Second, a PoR system needs to ensure that the exchange does not use its clients’ funds for anything other than the clients’ own trading. If it can do so on a daily basis (perhaps even on an intra-day basis), then its clients can be certain that their assets are safe. (well, mostly… more on this later*)

Thankfully, through the use of Zero-Knowledge Range proofs in Bitcoin SV (BSV), this is possible.

In summary:

1) An exchange first produces proof of all of the assets under its control (including all the keys that it knows the private keys for, which speak for these assets)

2) Then, the exchange publishes a Merkle Tree, including all of the users’ accounts that it holds liabilities for. This proves liabilities. There is an assumption that enough users will verify that they are included in the list to prevent the exchange from excluding anyone.

3) Then the exchange then generates a proof that the sum of its committed liabilities + the proof of its total assets = 0. This means that it is running with full reserves.

A more detailed explanation can be found here, as published by the folks at sCrypt.

The implementation addresses some concerns over previous naive attempts at doing proof of solvency, namely by using anonymized accounts in the proof of assets to protect the exchange from leaking the total assets under its control.2

It also uses a range proof to ensure that exchanges cannot add fake accounts with negative balances to reduce their liabilities (in order to cook their books to match the assets).

Using a technique such as this, it is the hope that the next generation of exchanges will start to adopt more advanced decentralized technologies in order to run more transparent businesses in an honest way.

It is only then that the general public will start to trust the blockchain industry as much as, and eventually more than, traditional institutions.

Caveat: Remember we said “mostly” safe? Well, the inherent issue in any trust bank system is you have to trust that the bank doesn’t just suddenly go bust or ‘run away’ with your assets. Let’s get this straight right away—there is no guarantee that any party won’t run away (what kids call ‘rug pulling’) with your funds. This applies to regular fiat, digital assets, or your neighbor Bob with your lawnmower. And anytime you put your assets in the control of another party, you run this risk.

That is why we have IP laws and criminal laws to punish those that violate that trust. In the real world, the risk of your trust bank or exchange running away with your money is very low. This is because the potential cost of them doing that and the likelihood of being caught is relatively high. But in ‘crypto,’ it is usually the case where the cost of them rug pulling and the chance of them being caught is much lower3 than in the traditional financial system. So even with an exchange running PoR, there is never a 100% guarantee that your funds won’t disappear in an instant. All the PoR guarantees that at the time of the check, the funds were there.

And until the time of the next PoR check, your funds are like Schrödinger’s cat, and you don’t know whether it’s dead or not.

[1] A terrible term introduced by a maverick/miscreant of the industry.

[2] Which is the Achilles heel of Ethereum contracts which leak balance reports of all token holders publicly.

[3] Or so criminals believe anyway. Actually, catching thieves on Bitcoin is actually not that hard. The issue is that courts have yet to get their head around how to handle theft and restitution on the new technology platform. This will eventually be sorted out, and when that happens, holding assets on the blockchain will actually be less risky than real-life assets.

Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]