What is the significance and loopholes of the Merkle Tree reserve proof?
Original editor: Wu said blockchain
Foreword: The FTX thunderstorm made all exchanges start to jointly promote the Merkle tree reserve proof scheme. In the future, this will become a must-have option for almost all exchanges like the security audit of DeFi projects. At present, Kraken and Gate have been practiced for a long time abroad and domestically. What exactly is a Merkle Tree proof of reserve, what is its significance, and what are its shortcomings? This article summarizes some content for readers to understand.
Content one:
Description of the earliest long-term use of Gate in China
Merkle tree (Merkle tree) is a hash binary tree, invented by Ralph Merkle in 1979, which stores data in the leaf nodes of the tree structure, and ensures the integrity of the data through level-by-level hash (Hash) operations on the data. Cannot be tampered with. Any change in the leaf node data will be passed to the upper level node and finally reflected to the root of the tree. Every transaction in the Bitcoin block is stored through the Merkle tree structure.
In the method we propose, two methods are used to provide the proof of the total assets of platform users and the proof of valid user deposits respectively. The hash value of each user's account asset is stored in the leaf node of the Merkle tree through the Merkle tree. The total amount of user assets stored in the leaf nodes of the Merkle tree is audited by a third-party financial audit agency, and the effective user deposit held by the platform is also reviewed and verified by a third-party financial audit agency. In the end, a third-party financial audit agency will provide a written audit report and announce the audit results. At the same time, the Merkle tree that stores the hash value of all user assets is publicly available. Every platform user can verify whether the amount of their account assets is accurately included in the Merkle tree through mathematical algorithms.
For mainstream currencies, we will cooperate with auditing companies to complete audit reports one by one, publish all user asset hash value Merkle trees on the Github platform, and open source verification code programs, any platform user can access from "My Finance" "Balance Proof Page" to obtain verification information, and verify whether your assets are accurately published and included in the audit process through our public Merkle tree and verification procedures.
For other currencies, any project party or individual can request the platform to complete the audit work and disclose the user asset Merkle tree according to the same standard, but the proposer needs to bear a certain fee. The fee standard will be determined according to the difficulty of auditing, whether the currency is multi-chain storage, whether it has PoS financial management function, whether it has privacy function, etc.
Content two:
Original link
In February 2019, Bitcoin and blockchain infrastructure company Blockstream published a blog post titled "Standardized Proof of Bitcoin Reserves," explaining how to self-certify the Bitcoin reserves of institutions such as exchanges and the control over these reserve funds right. Blockstream initially researched this scheme to prove to auditors the Bitcoin reserve on the Bitcoin sidechain Liquid Network, and later developed it into a specification for proof of Bitcoin reserve.
Before Blockstream, the diversity of verification schemes made it difficult for users to understand the reserves of each exchange. In addition, due to the need to verify the ownership of the private key, there may be a risk of funds being stolen during the process of signing transactions to transfer assets.
The scheme is implemented through Bitcoin's special UTXO (unspent transaction output) transaction format, and the exchange constructs a transaction output containing all the bitcoin reserves of the exchange, but at the same time constructs an invalid input. The transaction will be rejected by the network at the time of broadcast and cannot produce an actual transaction, but the transaction can still be used as proof of the amount of bitcoin controlled by the exchange.
In fact, back in 2014, the Crypto community had discussions about how exchanges could certify their reserves to auditors. After Blockstream proposed the bitcoin reserve proof scheme and joined BIP, the market began to study more detailed schemes, and the proof mode based on Merkle Tree is a scheme generally recognized by the market at present.
US-based cryptocurrency exchange Kraken explained its proof-of-reserve proposal in more detail. Kraken said that the so-called PoR (Proof of Reserves) is an independent audit conducted by a third party. The auditor will take an anonymous snapshot of all account balances, aggregate them into the Merkle Tree, and obtain Merkle Root: a A combination of data that uniquely identifies these balances when the snapshot is created.
Auditors then collect digital signatures generated by Kraken that prove ownership of on-chain addresses with publicly verifiable balances. Finally, auditors compare and verify that these balances exceed or match customer account balances shown in the Merkle Tree to determine whether the exchange holds adequate reserves.
To briefly explain, the underlying data of the Merkle Tree is the Hash generated by the asset data held by each account, and then the Merkle Tree generates a new Hash through two Hash, and so on, the final Hash represents the assets owned by the exchange The total amount of assets, which should be greater than or at least equal to the assets held by all users. The biggest reason why this scheme can be accepted is that each user’s asset data is included in it. If the exchange wants to tamper with any data in the process, it will have a great impact on the final data (the reason for the impact comes from the generated The algorithm characteristics of Hash will not be repeated here).
Although this scheme proves that the exchange has the ability to redeem all user assets during the audit, it also has certain defects. For example, it is impossible to prove that the private key is exclusively owned, whether the assets at the time of the audit are temporarily borrowed, how to prove that the exchange funds (equivalent to owner's equity) are separated from user assets (equivalent to exchange liabilities), and the audit itself prudence etc.
In addition to Kraken, the cryptocurrency exchange BitMEX announced its plan to verify the Bitcoin reserves held by the exchange in 2021. This plan also uses a Merkle Tree-based proof model to generate an ID for each user's account, making Users can run a Bitcoin node by themselves, and then run this set of programs to verify the account assets and the total assets of the exchange in each Bitcoin block height.
write at the end
write at the end
Although the FTX incident sounded the alarm for us and promoted the further development of exchange transparency, in fact, the current asset verification scheme still has many loopholes including the above-mentioned shortcomings. In many details, it is still difficult for the exchange to "prove its innocence". The transparency of centralized institutions has always been an issue that has been widely concerned and discussed. Insufficient transparency will cause investors' concerns, but too transparent may expose commercial secrets to a certain extent, and these contradictions do not only occur in the Web3 field.
To give a simple example, many of the current centralized exchanges have launched cryptocurrency wealth management products. Under the premise that the exchange does not abuse these assets, some of them may be used for quantitative transactions, some for hedging risks, some for DeFi, and some for mortgage lending. It is difficult for the exchange itself to disclose all the uses to the public.
At present, the proof of reserves to prove the exchange's ability to pay is just the beginning. How to prove that user funds are not confused with their own funds, how to prove that wealth management products are not Ponzi schemes, how to prove the acceptance ability of market makers, etc. Questions to think about and solve.
Content three:
Different perspectives, via Chainfeed
Ben: Potential problems include: 1. Root update frequency; 2. Front-end fraud; 3. Third-party audit credit; 4. Whistleblower usability. But more transparency is generally a better trend for CEX users.
Haotian: The exchange CEX all said to adopt the Merkle tree reserve certificate, which has a positive impact, but potential problems still exist: 1) How to update the frequency of the data stored in the Merkle tree, it cannot be refreshed in real time for every input and output , the problem of embezzlement of funds still exists; 2) The Merkle tree data is stored on the exchange’s own server, which can be verified at best, and the “verification” is the nature of after-the-fact verification. After all, there will still be problems with the credibility of the platform.
Jolestar: The Merkle tree scheme doesn’t actually work much, but it’s better than nothing. This trend is good. The real solution needs to refer to the idea of layer2, to ensure the user's unilateral right to withdraw coins, and to have fraud penalties.
Mindao: The core problem is that it is not enough to just know the reserves. Related transactions, debt relationships, and margin transactions cannot be reflected through reserves. The bull market is coming, and users will kill red eyes, let alone care about it. Talk is better than nothing, but in the end: heteronomy > self-discipline. DeFi is a proof on the sustainable asset chain, and even the business logic and permissions are clear and verifiable. We are back to the original point, all in DeFi is right.
Benmo: In addition to the 100% proof of the deposit of each Cex, I hope that the cross-chain bridges will also provide a 100% proof of the deposit.
