research
Standardizing Bitcoin Proof of Reserves
February 04, 2019
|

Bitcoin exchanges are increasingly coming under pressure from users and regulators to prove they are managing their users funds correctly. After so many high-profile hacks over the years (many of which went unnoticed for some time), proving Bitcoin reserves has become an important task for businesses seeking to retain the trust of their customers.

Unfortunately, the few exchanges that are taking steps to prove their Bitcoin balances to third parties use their own in-house solutions to generate their proofs. The variety of approaches makes it difficult for anyone wishing to verify exchange holdings for themselves, as they must familiarise themselves with each individual system, which usually requires some specialist technical knowledge.

At Blockstream, we’ve been working on a solution to provide a best-practice standard Proof of Reserves for the industry, that offers broad compatibility with the way most Bitcoin exchanges are storing their users’ funds. A BIP has already been submitted to the bitcoin-dev mailing list, and today we’re open-sourcing the development of the tool for feedback from the industry.

How it Started

We originally set off to build a solution for Liquid functionaries to prove their Liquid bitcoin (L-BTC) reserves to third-party auditors. But as we researched the project, we quickly realised that existing approaches by exchanges for regular Bitcoin reserves had room for improvement, and that our software had wider applications outside of the Liquid Network.

The Traditional Approach

The lack of standardised methodology for Bitcoin proof of reserves leads to two major problems:

  1. Poor accessibility: as stated above, due to each exchange taking a DIY approach, proof of reserve solutions are technical and unfamiliar. Users have to figure out how to verify holdings for each exchange they engage with. This leads to more trusting, and less verifying.
  2. Security risks: proving reserves requires exchange personnel to demonstrate the ownership of private keys associated with exchange wallets. Often this involves the movement of all funds to a new set of addresses—presenting major attack vectors for attackers attempting to compromise storage.

How Proof of Reserves Works

Blockstream’s Proof of Reserves tool iterates upon tried-and-tested methods already used within the industry, rather than attempt to build a brand new, “fancy” solution from scratch.

Put in as simple terms as possible, Proof of Reserves allows an exchange to prove how many bitcoin they could spend, without needing to generate a “live” transaction or exposing themselves to the risks of moving funds.

Using the tool, an exchange first constructs a single transaction which spends all of an exchange’s Bitcoin UTXOs, and adding an extra invalid input. By including one invalid input, the entire transaction is rendered invalid and would be rejected by the network if broadcast. However, the transaction is constructed in such a way that it can still be used as an explicit proof of all the Bitcoin UTXOs spendable by the exchange.

This transaction data can then be shared with anyone that needs to verify reserves. They simply import the data into their own Proof of Reserves client to confirm the exchange’s total holdings and the addresses associated with those holdings. The solution is easy-to-use and accessible to anyone that knows how to run a CLI application.

Latest Tech in Action

Proof of Reserves is written in Rust, and currently supports both the Bitcoin Core wallet and Trezor, with more integrations on the way (Ledger support coming soon!).

We’re also very pleased to see that Proof of Reserves was made possible thanks to liberal use of Partially Signed Bitcoin Transactions (PSBT), a technology that emerged from our Blockstream research team.

Work to be Done

Currently, proofs constructed using the tool require exchanges to reveal their entire list of UTXOs, which if shared publicly, could reveal too much information on each exchange’s financial operations. However, with Liquid the sum of values can be proven and disclosed without revealing the value of individual UTXOs, due to Liquid’s use of Confidential Transactions.

For now, our Proof of Reserves tool is expected to be used by exchanges to create proof of reserves to provide to auditors for verification, and we already have a few ideas1 in the works to improve the tool’s privacy so that it can also be used by exchange users in the future.

Get Involved

Proof of Reserves will be rolling out as a standard feature on Liquid for proving L-BTC holdings. We’ll also be providing technical support for all Liquid Network members to deploy the tool in their regular Bitcoin operations. Drop us an email for more details on how to become a Liquid member.

Resources

  1. Making Bitcoin Exchanges Transparent - Christian Decker, James Guthrie, Jochen Seidel and Roger Wattenhofer. 20th European Symposium on Research in Computer Security (ESORICS), Vienna, Austria, September 2015. https://www.tik.ee.ethz.ch/file/b89cb24ad2fa4e7ef01426d318c9b98b/decker2015making.pdf