Defects and Improvement Suggestions for Proof of Reserves Methods in Centralized Exchanges

After the collapse of FTX, the market's trust in centralized institutions has significantly declined. To rebuild confidence, several exchanges have begun adopting the Merkle Tree reserve proof method to demonstrate the safety of user assets. However, this method has some fundamental flaws, and this article will explore these issues and propose improvements.

Overview of Existing Reserve Proof Methods

Current proof of reserves typically relies on third-party auditing firms to verify whether centralized institutions have misappropriated user funds by comparing on-chain assets (proof of reserves) with the total balance of user assets (proof of liabilities).

In terms of proof of liabilities, institutions need to generate a Merkle Tree that includes user account information and asset balances, allowing users to independently verify whether their accounts are included. Proof of reserves requires institutions to provide and verify the on-chain addresses they hold, typically demonstrating ownership through digital signatures.

The audit institution then verifies the total assets on both the liability and reserve sides to determine whether there is any misappropriation of funds.

Main Defects of Existing Methods

1. The possibility of borrowing funds being audited

Since audits are usually based on specific points in time and have long intervals, centralized institutions still have the opportunity to temporarily fill the misappropriated funds gap through lending during the audit period.

2. Risks of collusion with external parties

Providing a digital signature does not equate to actual ownership of the asset. Institutions may collude with external parties to provide asset proof for multiple institutions using the same funds, and existing audit methods struggle to identify such fraudulent activities.

Improvement Suggestions

An ideal reserve proof system should allow real-time verification, but this may incur high costs or risks of user information leakage. To prevent fraudulent behavior during audits without disclosing user information, the following suggestions are proposed:

1. Random Audit by Sampling

Conduct random audits at unpredictable intervals to increase the difficulty of institutional manipulation of account balances and on-chain assets. In specific implementation, trusted third-party auditing institutions can randomly send audit requests to centralized institutions, requiring the generation of a Merkle Tree of user account balances at specific points in time (marked by block height).

2. Accelerate Reserve Proof Using MPC-TSS Scheme

Random audit requires institutions to provide proof of reserves in a short period of time, which is a significant challenge for institutions managing a large number of on-chain addresses. To address this issue, consideration can be given to utilizing MPC threshold signature scheme (MPC-TSS) technology.

MPC-TSS divides the private key into multiple encrypted shards, held by multiple parties. Holders can jointly sign transactions without exchanging or merging the private keys. In this scheme, the auditing institution can hold one shard of the private key, while the centralized institution holds the remaining shards. Setting the "threshold" to a number greater than one ensures that the assets are still controlled by the centralized institution.

To support the generation of a large number of custodial addresses, the MPC-TSS solution must be compatible with the BIP32 protocol. Auditing institutions can determine the on-chain address set of centralized institutions by holding private key shares and can assess their asset scale at a specified block height.

These improvement suggestions aim to enhance the reliability and efficiency of reserve proof, helping to rebuild user trust in centralized institutions. However, specific implementation still requires in-depth discussions and collaboration among all parties in the industry.