May 5, 2021
The Chamber of Digital Commerce Provides Best Practices for Proof of Reserves
"Trust, But Verify"
Goldman Sachs recently announced that it will offer clients the opportunity to invest in a “full spectrum” of digital assets, “whether that’s through the physical bitcoin, derivatives or traditional investment vehicles,” according to Mary Rich, the venerable bank's newly minted global head of digital assets. Goldman's plunge comes on the heals of Morgan Stanley's announcement that its financial advisors could place clients into bitcoin funds starting this month. Add Tesla, BNY Mellon, Visa, Mastercard, PayPal, Harvard University, MicroStrategy, Citi, and Silverlake Group to the mainstream mania and you get the point - crypto is growing up. Market maturity means that investors, big and small, novice and sophisticated, expect certain things - namely, security and transparency. As Billy Joel would sing, it's "A Matter of Trust."
But, how does the crypto industry, long dogged by cyberattacks and thefts, hacks and scams, engender that trust from investors? This is where "Proof of Reserves," swoops in allowing customers to, as Ronald Reagan cautioned, "Trust, but verify." Proof of Reserves allows customers of digital asset platforms to confirm that the service they are using does, in fact, hold their bitcoin or other digital assets. We recently wrote a blog post on the need for legal clarity in the legislative and regulatory cryptoverse. Trust is the yin to clarity's yang - the building blocks of any political, social or economic system. Laws must be clear and trust must exist for business to thrive.
The ability of Virtual Asset Service Providers (VASPs) and other crypto businesses to offer proof of reserves is a powerful tool to earn and retain customer trust. But with the Usain Bolt pace of innovation and adoption across the cryptovese, there is a lack of clarity and consistency around Proof of Reserves. The Chamber of Digital Commerce has set out to tackle the problem. The Chamber, and project leadership committee members Noah Buxton of Armanino, Nic Carter of Castle Island Ventures and Coin Metrics, Patrick South of TRM Labs, and Salvatore Ternullo of KPMG, yesterday issued: Proof of Reserves: The Practitioners Guide to an Emerging Standard for Increasing Trust and Transparency in Digital Asset Platform Services ("Guide").
The Chamber's Guide explains: For a number of reasons, not excluding the nascence of the industry, there appears to be a lack of clarity of the definition and best practices of Proof of Reserves for digital asset market participants. The demand by customers for more assurance over digital asset reserves is no longer an undercurrent, it is overt. Customer demand is driving digital asset platforms to ask professional service firms to address the demand.
The Chamber's Guide provides needed clarity through detailed best practices and ultimately moves to "solve the problem of proving that an entity holds digital assets sufficient to cover its outstanding liabilities." So what are best practices for Proof of Reserves?
How To Determine Proof of Reserves?
The Chamber states:
The ultimate purpose of a [Proof of Reserves] is to prove to customers of a digital asset platform that the service provider owns and controls digital assets equal to, or in excess of, its liabilities to customers. In short, a Proof of Platform Reserve aims to prove customer liabilities are less than or equal to the assets it holds on behalf of customers.
And, with crypto, the proof is on the blockchain. The beauty of cryptocurrency and its open ledger, is that such an audit is, relatively, simple. The technology to provide auditability and transparency for crypto held in custody has been inherent from inception. As the Guide points out, "Organizations leverage the immutability of a public blockchain and native cryptographic mechanisms to provide proof of existence and control of digital assets held by centralized organizations on behalf of their customers."
Best Practices for Proof of Reserves
In its Guide, the Chamber focuses on a specific type of liability or what the Guide calls a “Crypto Collateralized Claim'' (“CCC”) involving Crypto Platform Account Liabilities. These are businesses that we typically think of as VASPs - crypto custodians, brokers, and other centralized services businesses that issue IOUs to customers which represent a claim on digital assets custodied by the VASP. The Guide calls Proof of Reserves for Crypto Platform Account Liabilities "Platform Proof of Reserves" ("PoPR").
The term “Proof of Platform Reserves," in the Guide, is used to precisely denote the specific type of Proof of Reserves whereby a digital asset platform holds funds on behalf of customers (i.e., 100% reserved, or some lesser fraction agreed to by customers); the reserve assets are in-kind (i.e., bitcoin account balances are reserved by bitcoin); and, the customer’s claim is redeemable for the digital asset (i.e., bitcoin account balance can be withdrawn on chain to another wallet).
PoPR "grants customers of a digital asset platform the ability to confirm that their account balances (i.e., their liabilities on the platform) were included within PoPR," using a data structure called a Merkle Tree hash.
Who Says Money Doesn't Grow on Trees?
Backing up and going deep for a minute, in cryptography and computer science, a hash tree or Merkle tree, named after computer scientist Ralph Merkle, is a tree in which every leaf node is labelled with the cryptographic hash of a data block, and every non-leaf node is labelled with the cryptographic hash of the labels of its child nodes. Hash trees allow efficient and secure verification of the contents of large data structures. Hash trees are a generalization of hash lists and hash chains. Demonstrating that a leaf node is a part of a given binary hash tree requires computing a number of hashes proportional to the logarithm of the number of leaf nodes of the tree.
For PoPR a Merkle Tree hash "acts as a 'seal' of all the accounts included with the assessment into a single alphanumeric string, known as a Merkle Root," allowing customers to ensure that their account appropriately links to the Merkle Root which shows inclusion within the larger PoPR. This is where we stop writing, provide a helpful graphic, and direct you to the Chamber's excellent guide for further explanation.
Ok, So What Does PoPR Look Like In Practice? The Chamber Provides Examples:
A Bitcoin Only Exchange:
The most simple example involves a bitcoin only exchange in which the platform maintains 100% of like-kind assets on behalf of customers. 1) A customer sends bitcoin to a custody address controlled by a digital asset platform. The digital asset platform sweeps the bitcoin into cold storage addresses whereby customer bitcoin is “pooled” and maintained until redemption activities are initiated by customers. The digital asset platform always maintains “physical” bitcoin equal to, or in excess of, customer liabilities. A PoPR could be utilized to demonstrate the platform’s control over the appropriate reserve percentage of customer digital assets at a point in time.
Multi-Asset Platform with Variety of Financial Products and Services:
This is the more complex example in which a customer sends bitcoin to a receiving address controlled by a digital asset platform. The digital asset platform aggregates the assets and sends it to a third-party to generate yield, some of which may or may not be shared back with the platform’s customer. A PoPR could satisfy some customers in providing additional assurance over the asset holdings at a point in time, but would necessarily require management, a consultant or CPA auditor to test and/or report on off-chain receivables (the agreement with the third party to return the principal amount lent)
But no matter how simple or complex, a "Proof of Platform Reserve aims to prove customer liabilities are less than or equal to the assets it holds on behalf of customers."
Close your eyes for a moment and remember a time before you ventured down the rabbit hole of Merkle Trees. Ok, better now? Beyond the forest of Merkle Trees and cryptographic hashes lies a world in which cryptocurrency grows and thrives. It is a green pasture of transparency, accountability, clarity, and most importantly, trust. As the pace of cryptocurrency adoption accelerates, as banks and fortune 500 companies get into the crypto game, as individuals invest in and use crypto on a daily basis, that trust is the foundation of this new financial system. Proof of Reserves provides that foundation of trust. We might even see the forest for the Merkle trees.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.