Bitcoin exchanges are increasingly under pressure from users and regulators, and users and regulators require them to prove that they are properly managing their funds. Over the years, Bitcoin has been hit by so many high-profile hackers (many of which have not been noticed for some time), proving that bitcoin reserves have become an important task for companies seeking to maintain customer trust.
Unfortunately, a few exchanges that are taking steps to prove their bitcoin balances to third parties use their own internal solutions to provide evidence. A variety of methods make it difficult for anyone who wants to verify their foreign exchange reserves for themselves, because they must be familiar with each individual system, which usually requires some specialized technical knowledge.
At Blockstream, we've been working on a solution that provides the industry with a proof of best practice standards that is widely compatible with the way most bitcoin exchanges store user funds. A BIP has been submitted to the bitcoin-dev mailing list, and today we are developing the open source tool to get industry feedback.
How it started
Our initial purpose was to create a solution for the Liquid function to prove their Liquid Bitcoin (L-BTC) reserves to third-party auditors. But in the course of studying this project, we quickly realized that there is room for improvement in the existing methods of exchanging conventional bitcoin reserves, and our software has a wider application outside of the Liquid network.
The traditional method of bitcoin reserves proves that there is a lack of standardized methods, resulting in two main problems:
- Poor accessibility: As mentioned above, since the DIY method is used for each exchange, the proof of the backup solution is technical and unfamiliar. of. Users must figure out how to verify the holdings of each transaction they participate in. This leads to more trust and less verification.
- Security Risk: The foreign exchange reserve certificate requires the foreign exchange personnel to prove the ownership of the private key associated with the foreign exchange wallet. This usually involves transferring all of the funds to a new set of addresses—providing the primary attack vector for attackers trying to destroy the store.
Proof of how to operate
Blockstream's “Reserve Proof” tool is based on a tried-and-tested approach that has been used in the industry, rather than trying to build a new “fancy” solution from scratch.
In short, the foreign exchange reserve certificate allows an exchange to prove how many bitcoins they can use without the need to generate real-time transactions or the risk of transferring funds.
Using this tool, the exchange first constructs a transaction that uses all of the exchange's bitcoin UTXO and adds an additional invalid input. By including an invalid input, the entire transaction will be rendered invalid, and if broadcast, will be rejected by the network. However, the way the transaction is constructed can still be used as clear evidence of all bitcoin UTXO that the exchange can use.
The transaction data can then be shared with anyone who needs to verify the reserve. They simply import the data into their foreign exchange reserve certification client to confirm the total holdings of the exchange and the addresses associated with those holdings. The solution is easy to use and accessible to anyone who knows how to run a CLI application.
The latest technology application preparation proves to be written in Rust, and currently supports both the Bitcoin core wallet and Trezor, and more integration will be implemented (the ledger will be supported soon).
We are also very pleased to see that foreign exchange reserves have proven possible because our blockchain research team is free to use part of the signature bitcoin transaction (PSBT) technology.
Currently, evidence built using the tool requires the exchange to disclose the entire list of UTXOs, and if publicly shared, it may reveal too much information about the financial operations of each exchange. However, since Liquid uses a confidential transaction, the sum of these values ??can be demonstrated and disclosed without revealing the value of a single UTXO.
At present, the Exchange is expected to use the Proof of Reserves to produce a proof of reserve for verification purposes. We have also put forward some views on the improvement of the privacy of the tools so that they can be used by Exchange users in the future.