• Twitter
  • Facebook
  • Google+
  • LinkedIn

Novel Proof of Reserves Protocol with Shorter Proof Sizes

Novel Proof of Reserves Protocol with Shorter Proof Sizes

Cryptocurrency exchanges enable customers to own digital assets without having to mine them. They provide customers with user-friendly wallets facilitating trading in digital assets and fiat currencies. Notwithstanding the benefits to customers, the downside of such exchanges is that the customer funds are lost in case an exchange gets hacked or is involved in an exit fraud. Proof of Solvency is a technique which could avert such losses by requiring exchanges to regularly prove to the customers that they own assets at least as much as their liabilities. It consists of two parts: proof of reserves (proving the possession of assets) and proof of liabilities (proving liabilities towards customers). We design RevelioBP [1,4], a novel proof of reserves protocol for MimbleWimble based cryptocurrencies. RevelioBP succeeds in alleviating the drawbacks of Revelio [2] - the current state-of-the-art proof of reserves protocol for MimbleWimble. 

An exchange publishing RevelioBP proof constructs a zero-knowledge proof to prove that it owns specific outputs (addresses) in a larger set of outputs (known as anonymity set) which collectively contain a certain amount of assets. Without revealing which outputs an exchange owns and what amounts those outputs hide, it can convince any verifier about the amount of assets it owns using the RevelioBP protocol. The main features of RevelioBP are: (i) the proof size of RevelioBP is O(log(n)) improving over O(n) of Revelio where n is the size of the anonymity set, (ii) if different exchanges try to cheat customers by sharing their outputs (effectively inflating their reserves), RevelioBP can detect it, (iii) RevelioBP sets the anonymity set to the set of all unspent outputs (called as UTXO set) on the Blockchain thereby ensuring maximum privacy for exchange-owned outputs. For a UTXO set size of 2 ×105 and for an exchange owning 20 outputs, the RevelioBP proof is a mere 2.5 KB compared to a 41 MB Revelio proof. Shorter proof of reserves allows exchanges to publish proofs frequently and store several historical proofs for audit purposes. Further, the cost of storing such proofs on a Blockchain heavily depends on its size. Thus, RevelioBP can significantly reduce such costs due to shorter proof sizes. Lastly, we implement RevelioBP in Rust programming language [3] and demonstrate reasonable proving and verification timings suitable for practical deployment of the protocol. 

In conclusion, we present RevelioBP, a novel cryptographic proof of reserves protocol for MimbleWimble based cryptocurrencies. Although the time required to generate RevelioBP proofs for exchanges is higher than that for Revelio, the benefits it provides in terms of the proof size and enhancing privacy makes it a promising alternative to Revelio.