Surely you have heard a lot these days the concept of Proof of Reserve and you may be wondering what exactly it is. In this article we tell you everything you need to know about Proof of Reserve, keep reading to assess what it consists of, how it is done and what its main characteristics are.
What is Proof of Reserve?
A Proof of Reserve or Reserve Test is a transparency mechanism whereby the centralized exchanges show their deposits in cryptocurrencies or fiat, through a audit verifiable in order to give peace of mind to its users and investors.
The intention of a Proof of Reserve is to remove any doubts that may exist about the suitability of the exchange accounts and the financial security of the same and of its users, since the holdings in cryptos of the exchange must exceed the total value deposited by the users. In case this is not fulfilled, this assumes that the exchange has somehow used money from its users to carry out additional operations, which can lead to liquidity problems and, in the worst case, to bankruptcy, with the loss this would cause to its users.
Thus, a Proof of Reserve tries to provide a certain degree of transparency from the exchange to its users, especially in times of financial difficulties or rumors that may be taking place around it.
From Proof of Keys to Proof of Reserve
There is a community version of the Proof of Reserve: the proof of keys. With it, users make massive cryptocurrency withdrawals from centralized exchanges every January to see if they have the money they claim to have in their wallet. What is sought is simple: check that the exchange has the money available at all times and that users can withdraw it whenever they want.
However, this procedure entails a problem: it does not take into account that massive withdrawals can overload the computer systems of the exchange and the blockchains in which these operations are carried out. The Proof of Keys and similar activities can generate withdrawal problems and delays that will not always be related to the lack of liquidity of the exchange, but to server overloads that cause them to be out of service.
In this way, to create a safer and easier test to carry out these checks, the community worked using the same properties of the blockchain and of the wallets, creating a way to verify the balances associated with the wallets controlled by an exchange from the merkle trees.
Each user of an exchange has their own cryptocurrency addresses, but these are controlled by the exchange. In this way, the user can only make deposits to the address that has been provided. The withdrawal is made in the form of application to the exchange, which must approve it and carry out the operation. In this way, it is the exchange that has the private keys to approve these operations.
Now, if you have a BTC wallet with 100 different addresses and a few satoshis in each of them, the wallet will always show you the total sum of these satoshis. This happens because blockchain technology allows list the inputs and outputs of the addresses through the merkle trees. Using these structures and some cryptographic proofs it is possible to generate publicly verifiable evidence for each address and prove that the balance associated with each of them actually exists. This is Proof of Reserve, a simpler, more accurate, reliable, faster and cheaper method than the aforementioned Proof of Keys.
Keys to how Proof of Reserve works
During a Proof of Reserve the exchange allows the external auditor take an anonymous snapshot of all your users' balances. Each user on an exchange has only one associated cryptocurrency address, so the premise “one address = one user” holds true. The snapshot of balances that is taken is generally a hash which is created using the account balance, the associated address and your platform ID. User by user, this snapshot is taken that is added to a merkle tree, to finally have a hash final that is associated with the global balance available in the wallets managed by the exchange.
Seen this way, where and how verifiable is all this? Well, the structure of the merkle trees is what allows this "magic". One of the properties of merkle trees is that allow to verify the accuracy of the data they contain simply bearing a part of it. In fact, this property is precisely the reason why Satoshi Nakamoto decided to use the structure of merkle trees in Bitcoin, to create the well-known UTXOs and block hashes that we see in Bitcoin.
At this point, verifying the data is very simple: you are a user of the platform so you know the address of your cryptocurrency wallet on the exchange, your ID and the balance you have active. Just go to the exchange, generate the hash using this data (usually just a concatenation of this data to which a SHA-256 hash is applied) and then check if that hash has actually been included in the final hash of the general merkle tree of Proof of Reserve. If your hash has been recognized within the merkle tree generated by the Proof of Reserve, then you can be sure that your balances really exist and the money is there.
Proof of Reserve's weak points
Of course, Proof of Reserves are especially useful, but they are not entirely reliable. Such an audit is only one general view of the situation of the exchange wallets, which, although it gives confidence, is not everything. Likewise, the exchange can incur in faults that in the end lead it to have to disable withdrawals and cause losses to its users.
The reason? A company not only has assets (in this case the cryptocurrencies of its users) but also liabilities (expenses and debts for its operation). If an exchange has very high liabilities exceeds what it can afford and compromises the assets of its users, the exchange will be forced (even by law) to use said assets to honor the debts incurred and thereby generate losses for its users.
Proof of Reserve can tell us if the exchange has our money, but the liability can still bankrupt you. This is why many users in the crypto community defend that exchanges must not only present the Proof of Reserve, but also a public audit of your liabilities.
Another situation in which Proof of Reserve does not offer guarantees is when the exchange platform is prepared in advance to said event. It is possible that before taking the “snapshot” to generate the proof, the exchange will request a crypto loan and fill your wallet with the necessary amount.
At this point, when the snapshot is taken and the Proof of Reserve process is carried out, everything seems to be in order, but the reality is that the borrowed money returns with interest to the lender and the exchange continues with the same reservation problem. One solution to this is for exchanges to make their cold wallet addresses public, but even then this is complex, because many rely on larger custodians or other traditional custodial entities.
Author
