foreword
foreword
Some time ago, Binance and FTX triggered a "war" in the cryptocurrency industry. In the end, FTX had insufficient reserves due to misappropriation of user assets, resulting in a thunderstorm. After this thunderstorm, users and investors have become more and more distrustful and even suspicious of centralized exchanges, so they are unwilling to deposit their assets in centralized exchanges. As for exchanges, in order to retain users and investors, they try to increase their trust in centralized exchanges. One of the measures is to make the assets in the centralized exchange transparent, that is, to use the Merkle tree reserve certificate.
Merkle tree
Before studying the Merkle tree reserve proof, we need to know what a Merkle tree is.
secondary title
2.1 Merkle tree concept
Merkle Tree (Merkle Tree, also known as Hash Tree) is a hash binary tree invented by Ralph Merkle in 1979. A Merkle tree, like a standard binary tree, consists of a root node, a set of intermediate nodes, and a set of leaf nodes.
2.2 Application of Merkle Tree
IPFS
GitHub
The Merkle tree stores data in the leaf nodes, and the intermediate node is generated by the hash of its corresponding two leaf nodes, and then by analogy, the entire Merkle tree is finally generated through the step-by-step hash operation. Once the data of any leaf node changes, it will affect the intermediate nodes generated by it and finally reflect the changes of the root node, thus ensuring the non-tamperable modification of the data.
According to this feature, Merkle trees are widely used in various fields:
bitcoin
P2P network
first level title
Merkle Tree Reserve Proof
secondary title
3.1 Proof of Reserve Concept
PoR (Proof of Reserves, Chinese translation is proof of reserves) is a common asset audit method, which is independently audited by a third-party audit agency to prove that the reserves on the chain have not been embezzled, but are enough to match the user's transaction value. All assets recorded.
3.2 Proof of reserves process"BTC":"1.023","ETH":"0","USDT":"20.2343322"Usually, a third-party audit agency takes an anonymous snapshot of all account balances, and then obtains the hash value step by step up to the root node. Finally, the auditor determines whether the exchange holds by comparing the balance on the public chain with the audited balance. Sufficient reserves.
According to the different rules of each exchange, the generated hash value is also different. Taking OKX as an example, according to its official documents, each sub-node contains the hash of the node and the number of coins covered by the snapshot of user assets. The hash value is hash = SHA 256(nonce + balances). The exchange will assign a unique nonce to each user. This nonce can be queried on the audit page. Balances is a json composed of the number of currencies covered by the user asset snapshot string, such as: {
} (Note: remove the invalid 0 at the end and keep 8 digits of precision).
The principle of verification is to calculate the hash value of the parent node (corresponding upper-level intermediate node) from the user's own leaf node until the root node calculates the hash value, compared with the root node in the officially announced Merkle tree path The hash value of the node, if the two are equal, the verification will pass, if they are not equal, the verification will fail.
Therefore, after the exchange discloses the Merkle root, users have three ways to prove whether it is 100% reserve:
Any user can verify that their balance and UID are on the tree;
A third-party audit company audits the total balance of all users on the tree;
3.3 Reserve Proof Measures of CEXs
Since the FTX thunderstorm, various CEXs have sent messages indicating that they want to carry out measures for proof of reserves.
first level title
postscript
Although we understand that the proof of reserves is indeed very important in the exchange, even if it proves that the exchange has 100% reserves, it can only show that the exchange has 100% reserves at the moment when the Merkel tree root is announced , the current Proof of Reserves also has many problems:
The update frequency of the tree root is not fast enough to refresh every transaction in real time;
Proof of reserves is only a method that can restore certain trust of users at present, but the proof of reserves is far from enough, and there are still many things that cannot be proved by reserves. I hope the exchange can be open and transparent. Since all exchanges have made reserve certificates, should cross-chain bridges with frequent incidents also consider making reserve certificates?
references
