A Proof of Reserves (PoR) is an independent audit conducted by a third party which seeks to ensure that a custodian holds the assets it claims to on behalf of its clients.

Proof of Reserves

The digital asset industry lacks the standards to ensure digital asset service providers hold enough assets to cover customer deposits. Gaps in trust result in lower rates of adoption and higher counterparty risks.

Proof of Reserves (PoR) is an objective third-party process that instils confidence providers have sufficient digital assets to meet users’ liabilities and enables validation that account data was included in the review.

Proof of Reserves + Proof of Liability = Proof of Solvency

The auditor takes an anonymized snapshot of all balances held and aggregates them into a Merkle treetemuland crypto glossary merkle treeA Merkle tree is a data structure that serves to encode blockchain data more efficiently and securely.Learn more — a privacy-friendly data structure that encapsulates all client balances.

From there, the auditor obtains a Merkle root: a cryptographic fingerprint that uniquely identifies the combination of these balances at the time when the snapshot was created.

merkle tree – temuland crypto

The auditor then collects digital signatures produced by the asset holder, which prove ownership over the on-chain addresses with publicly verifiable balances.

Lastly, the auditor compares and verifies that these balances exceed or match the client balances represented in the Merkle tree, and therefore that the client assets are held on a full-reserve basis.

Why ‘Proof of Reserve’ if you really mean ‘Proof of Solvency’?

Proof of Reserve sounds better, and Solvency is a much higher bar to clear. Ideally, a PoR would be paired with a full accounting of liabilities, known and hidden, and stronger solvency assurances would be obtained.

Is PoR “one-sided” – does it avoid liabilities?

No. PoR is a term of art that refers to the attestation whereby both the assets held on deposit and the user liabilities are compared. Under standard PoR, liability holders have the ability to determine that they were included in the liability set (that’s what the Merkle tree is for). The “hard part” is the liabilities – proof of assets on chain is normally trivial. So PoR is not “underpowered” or “incomplete”. A proper PoR really does give you assurances that the exchange is solvent at least in the narrow context of on-platform balances.

What about exchange/user privacy?

As long as exchanges are ok with people knowing how the total value of assets on deposit, they don’t have to divulge any additional information. In practice, it’s trivial to determine how many coins an exchange has, and many third-party providers actively publish this data. So trying to hide the number of coins on deposit is a lost cause anyway. Through the proof of liability tool, user information is anonymized and hashed. This allows only users with knowledge of their account ID and their balance to verify that they are included in the merkle proof without spying on other users.

What about DEXes?

The growth of DEXes is exciting and great for the industry. However, cryptocurrency users have a revealed preference for custodial ownership, at least for a portion of their coins. Self-custody is hard and it isn’t for everyone. Approximately 20-25% of BTC and ETH is held in a custodial setting. By encouraging custodial exchanges to adopt PoR, I am hoping that user assurances at custodial exchanges can be bettered. However, it goes without saying – not your keys, not your coins. You are ALWAYS vulnerable if you choose to use a custodial exchange.

Shortcomings and Future Improvements

  • A Proof of Reserves involves proving control over on-chain funds at the point in time of the audit, but cannot prove exclusive possession of private keys that may have theoretically been duplicated by an attacker.
  • The procedure cannot identify any hidden encumbrances or prove that funds had not been borrowed for purposes of passing the audit. Similarly, keys may have been lost or funds stolen since the latest audit.
  • The auditor must be competent and independent to minimize the risk of duplicity on the part of the auditee, or collusion amongst the parties.

At the end of the day, the goals are simple: safety and security.

Jodi Rell
Former Governor of Connecticut