QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
Why Proof of Reserves Matters
Each one represents massive losses for those involved - hundreds and thousands of affected lives. These are real people and families at the other ends, with hopes and dreams, who worked hard for their money.
In the case of QuadrigaCX, it took the freezing of the bank accounts, the death/disappearance of the CEO, and concerted legal action to even realize it was insolvent.
Unchecked exchanges can continue to operate for years with whatever level of reserves they like, while standard traditional audits have multitudes of limitations.
Hacks may continue for weeks (Bitgrail) or months (Mt. Gox), either not noticed or not disclosed. Funds are lost forever due to the irreversible nature of cryptocurrency.
Overview of Proof of Reserves
Proof of Reserves enables a real-time public audit of an entity holding cryptocurrency such as an exchange. The algorithm uses the blockchain and a special structure called a hashtree to show without doubt that:
-
Reserves exist on the blockchain.
-
The exchange or entity has authority to spend those reserves.
-
Those reserves include the balance of any customer which checks.
​This is done without revealing the private/personal information of customers or who owns what on the exchange.
In 2019, we saw 3 large scale exchange events in Canada alone:
-
QuadrigaCX
-
EZ-BTC
-
Einstein
reserves exist on the blockchain
The exchange publishes the public keys for each wallet where balances are stored.
This address forms a link to a third party which can be used to validate the holdings.
exchange can
access reserves
To prevent an exchange from claiming the balances in arbitrary wallets as their reserve, we need to prove access.
This can be done through a Satoshi test or the generation of a custom transaction with invalid inputs.
reserves include your balance
A hashtree structure is used. A hashtree is a binary tree structure, where the data in the nodes is one-way encrypted.
The hashtree can be used to validate balance information without revealing sensitive customer information.
Proving reserves exist
on the blockchain
This is extremely simple. The exchange will simply publish the public keys for each wallet where balances are stored. This address forms a link to a third party which can be used to validate the holdings, however more advanced users can also check independently.
Privacy Concerns
Some exchanges report concerns over user privacy, since it's possible to trace transactions to and from those addresses. User privacy is certainly an important consideration. All information is already publicly available on the blockchain, and for most large exchanges, advanced blockchain analysis can already determine which wallets most likely belong to each exchange.
While most people don't have the knowledge and ability to perform this analysis on their own, cybercriminals, governments, and other organizations typically have access to such talent. The privacy afforded by an exchange not confirming ownership of public keys is more of a façade, and might actually give a false sense of privacy. Truly privacy conscious users should use privacy coins and/or set up new wallets for each transaction.
Security Concerns
Some have suggested that this could impact the security of the exchange. It's true that this provides greater certainty for an attacker as to the exact balance they could obtain through a successful hack operation. Rather than approximate by the size of the exchange and public volume reports, or perform detailed blockchain analysis, a hacker would know the exact amount definitively with much less effort. If the amount is high, that might make a hacker more likely to attempt a break-in, so an exchange with weak security would fall victim to a hack sooner.
​
The hacker could also see the backend wallet architecture. That might get some clues as to when funds are moved around. It's worth noting that this information is all on the blockchain, so it's already public, however the hacker may not know which wallets belong to the exchange with certainty (as opposed to an educated guess). Either way, one should hope there aren't any exploitable secrets hiding here depending on such a flimsy layer of obscurity.
​
It's important to understand the difference between a public and private key. While the private key would allow spending of money and must remain secret, the public key is designed to be public. The public key is the same key that you give to someone if you'd like them to pay you. It's a fundamental part of asymmetric cryptography that revealing the public key doesn't assist with finding the private key. If this wasn't true, all balances in the blockchain would be hackable, since all public keys are already part of each block.
THREE KEY ELEMENTS
Proving the Exchange can access the reserves
To prevent an exchange from claiming the balances in arbitrary wallets as their reserve, we need to prove access. This can be done through a satoshi test or the generation of a custom transaction with invalid inputs.
Satoshi Test
The exchange announces a date in the future, an address, and an amount of money. If the transaction occurs, it shows spending control (or influence) over the wallet. It will generally be a small amount (like a satoshi), and the "to" address could also be one they own.
Only the transaction fee is the cost for the exchange. This can be done once per wallet, with a repeat or requested modification to the payment anytime there is sufficient scepticism.
Custom Transactions
It's also possible to create a transaction which can prove ownership without enabling the spending of money, by leaving some of the inputs in the transaction invalid. Experienced cryptographers will be able to validate the legitimacy of the transaction.
In this case, the exchange would be able to keep the transaction fees. However, this method is much harder for people to validate as it requires specialized knowledge. This opens the possibility that the transaction might not be properly checked, and may not work to convince less technical users.
Proving Reserves include your balance
In order to do this, a structure called a hashtree is used. A hashtree is a binary tree structure, where the data in the nodes is hashed (one-way encrypted). The hashtree can be used to validate balance information without revealing sensitive customer information.
​
The full implementation of the hash tree is described in detail by a page put together by Zak Wilcox. The idea was developed by Gregory Maxwell and Peter Todd.
Why Do We Need a HashTree?
As a simple check, you can see that the reserves are greater than what you stored. If every customer did this, it would enforce that the exchange has a balance at least as large as the largest customer. That would mean that there is sufficient balance for any customer to make a withdrawal up to their entire balance.
​
However, what if multiple customers want to withdraw? In order to know that this would be possible, we would have to know that the total in reserves was equal to the sum of all customer balances, and that this sum included your balance.
​
One simple solution would be to publish all the customer balances and personal information globally in one list. Then, each customer could check their balance on the list, and check that the sum added up. The obvious problem with this solution is that all the customer balances and personal information are published, and anyone could see the information of anyone else.
​
Clearly, we need a way to publish this list, without revealing all the private and personal information of customers to other customers. All a customer needs to be able to validate is their own information, and that the balances add up. This is what a hashtree does.
We are calling on regulators, Canadian crypto users, and exchange platforms to provide feedback and support for our proposal.
​
Please join our discussion and help us build a future that works for everyone and that we can all be excited about.
