Blockstream Open Sources Development of Its Proof of Reserves Tool
On February 4, 2019, blockchain tech company Blockstream announced the development of a “proof of reserves” tool to standardize the authenticity of exchanges’ crypto reserves. The Bitcoin development company has submitted a Bitcoin Improvement Proposal (BIP) to the bitcoin-dev mailing list for consideration.
Blockstream stated that it is “open-sourcing the development of the tool for feedback from the industry.” Citing high-profile hacks as a reason why such services would be in demand, Blockstream is hoping to create a “best-practice standard Proof of Reserves for the industry, that offers broad compatibility with the way most Bitcoin exchanges are storing their users’ funds.”
Blockstream stated that it the original idea for the tool was to build a means for its Liquid functionaries to prove their Liquid bitcoin (L-BTC) reserves to third-party auditors. But it soon recognized that there were further applications that could reach beyond Liquid and be useful to cryptocurrency exchanges in general.
“Put in as simple terms as possible, Proof of Reserves allows an exchange to prove how many bitcoin they could spend, without needing to generate a ‘live’ transaction or exposing themselves to the risks of moving funds.”
Reducing Security Risks
As the technology is envisioned currently, the tool will be able to circumvent some of the typical problems associated with proving cash reserves, namely the security risks associated with current verification methods that exchanges typically employ. With the help of the tool, an exchange “first constructs a single transaction which spends all of an exchange’s [unspent bitcoin].”
Basically, this function aggregates all of the cryptocurrencies sitting in the exchanges wallets into a transaction, but instead of sending this transaction — and creating a potential attack vector — the tool deliberately “sabotages” it. The transaction still shows that the wallets in question have all of the assets, but none of the assets get moved around. In this way, none of the exchange’s actual assets are at risk of being spent or attacked, and the amount of currency is still verified.
“This transaction data can then be shared with anyone that needs to verify reserves. They simply import the data into their own Proof of Reserves client to confirm the exchange’s total holdings and the addresses associated with those holdings.”
Removing the Need for Trust
The other problem that the Proof of Reserves tool is intended to alleviate is the technical barrier that prevents users from checking on the reserves of an exchange they may want to transact on. In other words, it’s difficult for non-technical users to verify the reserves for themselves, forcing them to trust that the exchange is operating in good faith.
And there have been plenty of questions surrounding the veracity of reserve claims in the crypto space which could make customers uneasy about placing their trust in an exchange. On February 5, 2019, for example, a Canadian court granted cryptocurrency exchange QuadrigaCX bankruptcy protection and appointed Ernst & Young as monitors to help the exchange locate any funds it could use to reimburse its customers.
Following the death of QuadrigaCX’s co-founder and CEO Gerald Cotten, the exchange claims to have lost access to some $190 million in deposited funds, alleging that Cotten was the only one able to access his encrypted laptop where the keys and passwords are stored. This has caused many users to question whether or not the exchange actually has the stated funds in reserve.
Third-party verification of actual cash reserves could help potential users identify whether or not an exchange is operating in good faith and under acceptable standard practices.
Thus far, however, Blockstream’s verification tool has at least one area of significant concern: it reveals the entire transaction history of the participating exchanges. If this problem were to persist, the tool could be used to unmask all of users’ transactions with the exchange in question. Although this glitch would obviously be completely impractical for confidentiality reasons, the underlying premise of the tool does work, and the blog post states that Blockstream hopes to create a fully confidential version with the help of the new open-source development process.