Merkle Tree Proof of Reserves and Liabilities: Raising the Bar for Enhanced Transparency

Dec 22, 2022

The recent FTX turmoil has prompted cryptocurrency companies to release cryptographic proofs of their custodial funds to combat skepticism about their cash management. These proofs allow anyone to verify that the funds held on-chain are sufficient to cover the exchange's liabilities to its users. This is done by using a method called Merkle Tree Proof of Reserves.

What are Proof of Reserves and Proof of Liabilities?

Unlike full nodes, centralized exchanges (CEXs) do not provide unequivocal proof of funds. In most of these cases, cryptocurrencies are simply sent into a black box, leaving users with little choice but to cross their fingers and trust that their money isn't being misused.

To combat this, CEXs are increasingly creating cryptographic proofs to demonstrate that their on-chain funds are sufficient to cover their users' liabilities, rather than solely relying on government-issued licenses and audits. This attempt to provide public transparency to centralized cryptocurrency reserves through a verifiable auditing practice is called Proof of Reserves.

Proof of Reserves is a means of demonstrating that platforms or exchanges are capable of honoring withdrawals on their platforms at all times. In general, it consists of two parts: a current record of customers' coin deposits (known as Proof of Liabilities), and the pool of coins held within a set of exchange addresses (also known as Proof of Assets). If Proof of Assets > Proof of Liabilities, then the exchange is solvent and can always honor withdrawal requests (Proof of Reserves).

Timeline of the Proof of Liability concept

The first attempts to cryptographically prove that exchanges are not cheating their customers date back to 2011, when the then-largest exchange Mt Gox proved that they indeed owned all their customers’ funds by sending BTC to a pre-announced address.

In 2013, a new concept of proof emerged, where exchanges proved that customers' deposits equaled X and also proved ownership of the private keys of X coins. This is called Proof of Solvency, which requires exchanges to prove that they hold enough funds to pay back all its depositors.

The simplest way to prove deposits is to publish a list of (username, balance) pairs. The list allows everyone to verify that their balances appear in the list, as well as to verify that (i) no balance is negative, and (ii) the total matches the claim.

This approach has the disadvantage of raising privacy concerns, although this can be overcome by publishing a list of (hash(username, salt), balance) pairs, and sending the salt value privately to each user. However, there is still a possibility of account balance leaks using this method. The desire to preserve privacy led to the next invention: the Merkle tree Proof of Liabilities.

What is a Merkle tree?

A Merkle tree is a data structure that is created by combining the customer balance and the username hash into a tree structure where each node represents a (hash, balance) pair. Leaf nodes at the bottom of the tree represent individual customer balances and the hashed username. Nodes higher up in the hierarchy have a balance equal to the sum of the two balances below, and the hash is the hash of the two nodes below.

Cf. https://vitalik.ca/general/2022/11/19/proof_of_solvency.html

All transactions in a Merkle tree are related and grouped together to obtain a root hash or "root address" (yellow box). This root hash is related to all the other hashes of the tree. The Merkle tree Proof of Liability saves a great deal of time since it is not necessary to verify every transaction in a network. Instead, this method relies only on a subset of data to verify funds, which is why it’s considered the industry gold standard for user fund verification.

How does it work? Based on the Merkle tree above, let's assume that Charlie wants to verify his funds. For this purpose, he does not need to know all Merkle tree entries, just the ones highlighted in blue. As long as Charlie receives the hashed information from David, as well as the hashes of the other two blue blocks, he will be able to verify that his funds indeed are on the exchange –– without the need of any other information.

It is also worth noting that if a hash in a Merkle tree is changed, all the others will also change (root hash). As a result, the authenticity of the information for the entire tree will be invalidated. This feature allows Merkel trees to provide the high level of safety they are known for.

A very important proposition is the non-negativity allowance for leaves. If a malicious node with a negative balance were added to the tree, then the neighboring nodes and all nodes above would fail the proof verification. Such a malicious attack can only succeed if no one on the entire side of the tree where the malicious node is checks and verifies their balances.

What are the advantages of a Merkle tree?

There are several advantages to using a Merkle tree. One of the key advantages is that it provides a high level of transparency and assurance to users. By providing a Proof of Liabilities, a platformis demonstrating that it has the assets that it claims to have, which helps to build trust with users and ensure the solvency of the platform.

Another advantage is that it is efficient and secure. The use of a Merkle tree allows for efficient verification of the entire list of assets, without requiring the disclosure of the full list. This protects the privacy of the exchange and its users, while still allowing for the verification of the exchange's reserves.

Moreover, the accuracy of the whole tree can be verified without examining each node individually. Hence, Merkle proof of liabilities can be viewed as crowdsourced proofs of user-conducted checks.

In addition, Merkle proofs are resistant to tampering. Since the hashes in the tree are linked together in a specific order, any attempt to alter the list of assets would result in a different hash being produced. This makes it difficult for an attacker to alter the proof of reserves without being detected.

Overall, a Merkle tree Proof of Liabilities is a useful tool for cryptocurrency exchanges to demonstrate the solvency and transparency of their operations. By providing Proof of Liabilities, an exchange or custodian can build trust with its users and ensure the security of their funds.

Step-by-step guide: How to verify your funds on Cake DeFi

At Cake DeFi, transparency and security aren't just duties, they're a necessity, and we live them every day. Our platform has led the way in disclosing the amount of coins we hold in our addresses (Proof of Assets) since we launched in 2019, back when nobody else was doing it. Whether you are a customer or not, you can easily access the information around Proof of Assets on our transparency page.

But now we want to take it a step further and provide a tool so that everyone can easily check the other side of the equation as well – Merkle tree Proof of Liabilities. This is part of our ongoing initiative to give the public the full picture and enable customers to verify that their funds are safely stored with us. Check it out yourself here.

The following steps are required to determine whether your account balance is included in the tree structure of the Merkle tree Proof of Liabilities:

  • Hash your account balance and your unique ID

This step has been made super easy so that anyone can do it without any knowledge! In order to make your life easier, we have already prepared everything and hashed your balance and unique ID for you. To find your hash ID, log into your account and look at the bottom of the page.

  • Check if that hash has actually been included in the final hash of the general Merkle tree Proof of Liabilities

You can now receive the Merkle tree for your funds by entering the hash ID you copied earlier into the input field on the Proof of Reserves page. As an output, you will receive the following structure:

This includes two sets of data: The first is the Merkle root, which acts as a cryptographic seal to summarize all the imputed data (current balance of funds held by Cake DeFi), and the second one is the verified leaf that shows a breakdown of your funds.

  • Independently conduct the Merkle proof

Following our motto "Trust because you can verify", you can also independently perform the Merkle tree Proof of Liabilities check by following these steps:

Step 1: Install the verification tool using the info provided on Github.

Step 2: Copy your personal hash ID

Step 3: Download the Merkle tree file

Step 4: Execute the following command on your terminal: npm run verify -- -- <paste-the-name-of-your-merkle-tree-file-here> --hash=<paste-your-personal-hash-here>

With the Merkle tree Proof of Liabilities, Cake DeFi has raised the bar for transparency and will continue to set the industry standard for years to come. Log into your account and visit our Proof of Reserves page to check your funds.

If you would like to contribute to this venture and give us your ideas about how we can improve our platform, please contact us via Zendesk or reach out to us via our social media channels.

Bake

The most transparent way to get cashflow from your cryptocurrencies.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.