How To Prove That Exchanges Really Have Your Money
How do you prove that an exchange has enough bitcoins to pay you out? Developers may have the answer.
From all the news surrounding Gox's demise, it seems pretty certain at this point that it was operating with a fractional reserve, trading with only a small proportion of the money that it was supposed to have. The question now is, how can we be sure that others aren't doing it, too?
Whether you're a straightforward bitcoin wallet or an exchange, the hope is that you'll have enough bitcoins to cover everyone's accounts, should they all decide to empty their funds at once. This week, large bitcoin companies seemed eager to persuade people that they did.
In their joint statement condemning Gox, five major exchanges explained that they would be "coordinating efforts over the coming days to publicly reassure customers and the general public that all funds continue to be held in a safe and secure manner". How do they do that, exactly?
"I imagine that would be handled by the MTL regulators as they require permissible funds and when they come onsite to do the audit it would be apparent," said Megan Burton, the CEO of exchange CoinX, which is taking a state-by-state approach to getting its money transmission license in the US.
Neither Coinsetter or CoinX were cosignatories of the joint statement released this week. Coinbase came closer to an audit than anyone. It blogged, already discussed here, in which Andreas Antonopoulos, the CSO at Blockchain.info, visited the office to check things over.
He published a short, six-paragraph report describing how he checked the firm's cold storage addresses in the block chain. He also made Coinbase conduct a transaction on a random address in its block chain to ensure ownership.
Is this enough?
Financial audits can be extensive affairs, in which beancounters nose their way through reams of paperwork relating to accounting practices and financial controls. There is generally an audit committee which oversees the whole process. By the time that the audit is done, the likes of EY and PwC have gone over things with a fine toothcomb.
Barry Silbert, the head of the Bitcoin Investment Trust, who is now said to be preparing an exchange. Silbert has said that many auditors aren't well-equipped to deal with bitcoin, not least because bitcoin addresses are anonymous.
“Access does not equal ownership, so you cannot prove title,” he told CoinDesk late last year. Nevertheless, he has enlisted one, so it can be done, apparently.
Blockchain transparency
Coinkite is doing its best to provide customer accountability. The Canadian company, which operates wallets for its users, released a link to what it calls an audit, although this isn't verified by a third party. Instead, it's a listing of the individual inputs and outputs contained within the user's own wallet, and it's drawn from the block chain.
Rodolfo Novak, co-founder of the firm, says that it's able to do that because it relies on the block chain for its data. All transactions are conducted on the block chain, he explains, which makes it easy for users to see what's going on. "We don’t have any off-chain transactions. Even the fees you pay to us are block chain transactions."
Novak wonders why anyone would want to resort to a centralized audit at all. After all, his argument goes, wasn't bitcoin supposed to be about decentralized trust?
CoinDesk asked Coinbase about the access and ownership question, but it directed us to its blog post and refused further comment. Neither Payward (the owner of Kraken - which recently suspended USD deposits) nor Bitstamp commented.
Coinkite's block chain-based transparency is one of the things that sets it apart from the co-signatories to the joint statement. These companies don't seem to run their operations in the same way.
In particular, it can be difficult for exchanges to achieve block chain transparency. "The main thing is that the order book can’t be block chained. It needs to be fast. The actual settlement of that order book could be block chained, but it takes a phenomenal amount of technology to be written and to achieve that," Novak muses.
Decentralized audits
Is there a way, then, to create decentralized means of proving a non-fractional reserve? The brouhaha around Gox has rekindled interest in a proposal by Gregory Maxwell, one of the core developers.
In a traditional exchange, it may be difficult to publicly state how much the exchange should have, and then publicly prove that they have it, without listing all of the account balances for proof. That's a privacy nightmare, of course.
Maxwell's proposal uses a node - think of it as a leaf on a tree - with two things in it: a hash indicating the specific account, and a value of bitcoins in that account. All the nodes connect back to a central node (call it the trunk of the tree, which knows about all of the leaves).
The exchange or wallet publishes the central node, which gives the entire value of all the nodes in the exchange, and then it gives the owner of a 'leaf' its value, while also confirming that it has also checked all of the leaves between it and the trunk.
The user wouldn't know anything about the other accounts, but it could compare its own value with the exchange's total reserves, to make sure that it had enough to cover at least that account's value.
As Maxwell says: "It doesn't prevent fractional reserve --- but if used well, it prevents dishonest fractional reserve."
Bitcoinity, which monitors various exchanges, likes the idea so much that it wants to promote the first exchange to use it, on its site.
STORY CONTINUES BELOW
Any takers?
Piggy bank image via Shutterstock