Defects and Improvements of Centralized Exchange Reserve Proof Methods

After the collapse of FTX, market trust in centralized institutions has significantly declined. In order to regain user confidence, many exchanges have begun to adopt the Merkle Tree reserve proof method to demonstrate that they have not misappropriated user assets. However, this method has some fundamental flaws and cannot completely guarantee the safety of funds.

This article will explore two main issues with the existing Merkle Tree reserve proof methods and propose some improvement suggestions.

Overview of Existing Reserve Proof Methods

Current proof of reserves typically uses traditional auditing methods, with reports issued by trusted third-party auditing firms to verify that the exchange's on-chain assets (reserves) match the total balance of user assets (liabilities).

In terms of debt proof, the exchange needs to generate a Merkle Tree that includes user account information and asset balances, establishing an anonymous and tamper-proof snapshot of user account assets. Users can independently verify whether their accounts are included in the Merkle Tree.

Regarding proof of reserves, the exchange needs to provide its on-chain addresses and verify ownership through methods such as digital signatures.

The auditing agency then compares the total assets on both the liability and reserve sides to determine whether the exchange has engaged in fund misappropriation.

Major Defects of Existing Methods

1. May pass audit through temporary borrowing

Current reserve proofs are usually based on specific point in time and have long audit intervals. This allows exchanges to temporarily borrow funds during the audit period to fill gaps, concealing misappropriation of funds.

2. May conspire with external organizations to forge certificates.

Providing only a digital signature does not equate to actually owning the assets on the corresponding address. The exchange may collude with external entities to provide on-chain proof using non-owned assets. Even the same funds may be reused by multiple institutions, and existing auditing methods struggle to identify such fraudulent activities.

Improvement Suggestions

An ideal proof of reserve system should allow for real-time checks of liabilities and reserves, but this may come with high costs and risks of user privacy breaches. To prevent proof of reserves from being falsified without disclosing user information, the following two recommendations are proposed:

1. Introduction of spot-check random audits

Conducting random audits at unpredictable intervals makes it difficult for the exchange to manipulate account balances and on-chain assets. This approach can also deter misconduct through a deterrent effect.

Implementation method: A trusted third-party auditing agency randomly sends audit requests to the exchange. The exchange must immediately generate a Merkle Tree containing the user account balances at the current time point (marked by block height) as proof of liabilities.

2. Adopt the MPC-TSS scheme to accelerate reserve proof

Random audit requires exchanges to provide proof of reserves within a short period of time, which is a major challenge for exchanges managing a large number of on-chain addresses. Even if most assets are stored in a few fixed addresses, consolidating funds among numerous addresses is still time-consuming, potentially leaving room for misappropriation.

One possible solution is to utilize the MPC threshold signature scheme (MPC-TSS) technology. MPC-TSS splits the private key into multiple encrypted shards held by multiple parties. The holders can collectively sign transactions without exchanging or merging the private keys.

Under this scheme, the auditing institution can hold one shard of the private key, while the exchange holds the remaining shards. Setting the "threshold" to greater than one means that the assets are still controlled by the exchange. At the same time, the MPC-TSS scheme needs to support the BIP32 protocol to generate a large number of co-managed addresses.

The auditing agency possesses key shards, which can determine the set of on-chain addresses of the exchange and calculate the asset scale at the specified block height, thereby enabling more effective reserve proof.

Through these improvements, the reserve proof system is expected to better protect user asset security and enhance the transparency and credibility of centralized exchanges.