Proof of Reserves (PoR, Proof of Reserves) is a way of proving that a digital currency platform holds enough assets to mortgage its outstanding debts.
Proof of reserves is particularly important for digital currency exchanges where depositors who hold assets act as users, and for issuers who provide certain assets or asset portfolio token packaging.
exist
existFTX collapsedFinally, the public needs to understand the importance of Proof of Reserves more than ever. It can be said that if a digital currency exchange does not publish any proof of reserves, it is equivalent to demanding the unconditional trust of users.
Proof of reserves is also crucial for issuers of stablecoins and wrapped tokens Wrapped Token, users want a guarantee that their stablecoins are backed by the currency they anchor (and can be repaid); the same is true for Wrapped Tokens .
Merkle tree proof
Merkle trees are one way of performing a proof of reserve, which is a cryptographic method of combining large amounts of data into a single hash.
The Merkle Tree Proof of Reserves protocol verifies the validity of user balances and transactions, and it hides the exact amount of each digital currency held by the exchange to protect the privacy of the platform and users. At the same time, this method also allows users to personally verify the reserve certificate of the platform.
Digital currency exchanges generally issue certificates of reserves based on Merkle trees on a regular basis, including weekly, monthly or quarterly snapshot certificates. Still others may offer live proofs on their websites.
While a snapshot may be sufficient to prove the solvency of a digital currency company at a certain point in time, it is clear that real-time proofs are more advantageous because real-time proofs allow anyone to verify that their funds stored on the exchange are fully backed.
How to prove reserves?
There are three main steps for digital currency trading platforms or digital currency companies to hire auditors to prove reserves:
① Auditors need to collect the wallet address of the legal currency and digital currency held by the platform, as well as the encrypted signature of the wallet ownership certificate.
② Auditors need to collect snapshots of all debt records of the platform; and use the Merkle tree to hash the data to generate Merkle Root.
③ Auditors need to confirm the reserves of all customer assets held by the platform; and provide verification tools to each individual user to verify whether their account balance is included in the calculation of liabilities.
💻 In the first step, the digital currency platform will provide the auditor with a list of on-chain wallet addresses it owns, and at the same time provide a signature (or other specific method defined by the auditor) to verify that these wallet addresses are indeed controlled by the digital currency platform. Once the auditor receives and verifies the wallet address, the third-party agency will continue to monitor the token balance of the assets on the exchange chain.
💻 In the second step, the digital currency platform periodically provides auditors with a snapshot of its entire account balance. The auditor will generate a Merkle tree from the snapshot it provides of user account balances.
A Merkle tree is an encryption method that combines large amounts of data into a single hash value. This hash, called the Merkle Root, encapsulates all incoming data as a cryptographic token.
The process of Merkelization starts by separating each individual data point in the dataset. For Proof of Reserve evaluations, each individual data point is a unique hash of the user ID and the users balance on the platform.
Auditors do not see any personally identifiable information about the user, only the hashed ID. The users hashed user ID and platform account balance are then hashed again using SHA 256 encryption to create a unique and private hash that acts as each users personal Merkle Leaf.
To create a Merkle Root, one users Merkle Leaf is paired with another Merkle Leaf (sibling leaf) and a new and unique hash is created, which subsequently aggregates the two users data in a single Merkle branch. This process is repeated until all users Merkle Leafs are merged into a single Merkle Root.
The Merkle Root is represented as a cryptographic hash that includes all hashed user IDs and platform account balances from the platform database.
💻 In the third step, the auditor will publish the reserve ratio (reserve ratio), that is, the companys assets/corporate liabilities. The auditor also provides the reserve rate of each token to further reduce the risk of exchange rate fluctuations of a single token.
Among other things, auditors can provide tools that allow individual account holders to verify that their balances are indeed included in the Merkle tree. Users will obtain the record ID for their Proof of Reserves audit from the digital currency company, insert the record ID into the Merkle tree verification tool, and retrieve the specific balance included in the Merkle tree construction to ensure their balance is included in the process middle.
When centralized exchanges cannot accommodate a large number of user withdrawals, it means that they are functionally down, if not completely insolvent.
Therefore, if a platform publishes a comprehensive proof of reserves, it means that users get a certain degree of assurance that their deposits are safely kept and can be withdrawn at any time.
As an example, when rumors of FTX’s bankruptcy began to circulate, a large number of users flocked to withdraw funds. And this cannot be ruled out because the company did not publish the proof of reserves.
If a trading platform has a certain foresight, it can avoid this situation by providing comprehensive proof of reserves on a regular basis, so as to minimize the destructive power of bankruptcy rumors.
For users and regulators, the Proof of Reserves audit is a very powerful demonstration of strength, and at the same time allows those exchanges that are solvent and have conducted a Proof of Reserves audit to be more trustworthy than those that are unwilling to prove Advantage. This is also a way of belonging to the digital currency, which allows the platform to gain trust through self-regulation.
Why do you need proof of reserves?
Celsius, Three Arrows Capital, Voyager Digital, Hodlnaut, BlockFi, and FTX (and other centralized exchanges that have failed or gone bankrupt) have suffered liquidity crises one after another. Users of these platforms lost a considerable amount of assets due to the lack of transparency of the platforms - victims included retail investors as well as institutional investors and creditors.
When centralized exchanges cannot handle bank runs, it means they are insolvent. And if a platform has a reserve certificate, it proves that they do hold your digital assets. Therefore, users can withdraw asset balances at any time without restriction.
Through the audit of proof of reserves, the platform can show the public a high degree of trustworthiness. Proof-of-Reserves audits also ensure that centralized platforms or services will not transfer your funds to malicious actors, and allow users to withdraw funds in the event of a crisis.
Limitations of PoR
In general, Proof of Reserves services have some limitations:
① The aspect involved in the proof of reserves lies in the control of the funds on the chain at the audit time point, but it cannot prove that some private keys may have been copied by the attacker.
② The service cannot identify hidden collateral or prove that funds were not borrowed to pass this audit.
③ Just as the smart contract audit does not guarantee that the contract has not been updated or whether the project party has deployed the audited contract, the service cannot prove that the private key has not been lost and the funds have not been stolen since the audit.
solution
solution
Since PoR has some limitations, what should we pay attention to to minimize these limitations when we choose partners who provide proof of reserves?
Auditors must have the following attributes:
① Professional security knowledge in wallet address security and user data encryption and protection
② As an impartial third-party audit institution, it is independent and its brand is credible
③ The most advanced reserve certification service and the most cutting-edge professional knowledge
④ A large-scale accessible community, which helps to directly improve the trust and transparency perceived by users
