Proof of Solvency

Proof of Solvency specification and Javascript implementation.

Proof of Solvency (PoS) is a scheme designed to let users verify the solvency of online websites which accept Bitcoin (or other similar currency) deposits (e.g. exchange websites, online wallets, gambling websites, etc.) in a way that doesn't compromise the privacy of users.

This scheme is based on the Proof Of Liabilities and Proof of Assets schemes.

Table of Contents

Specification
Sites that implement this scheme

Proof of Solvency extension

extension screenshot

Table of Contents

Specification

Work in progress.

Liabilites proof

The liabilities proof is done using the scheme described at olalonde/proof-of-liabilities.

Embedded:

PS: The x-liabilities-proof-root must be available on the index page (domain.com/) of the domain name and should be retrievable by non logged in visitors.

<meta name="x-liabilities-proof" data="/account/btc-partial-tree.json">
<meta name="x-liabilities-proof-root" data="/btc-root.json">

/acccount/btc-partial-tree.json (different for each user)

{
  "id": "MtGox.com BTC liabilities",
  "partial_tree": { ... }
}

/btc-root.json

{ 
  "id": "MtGox.com BTC liabilities",
  "root": {
    "value": 37618,
    "hash": "2evVTMS8wbF2p5aq1qFETanO24BsnP/eshJxxPHJcug="
  }
}

Assets proof

The assets proof is done using the scheme described at olalonde/proof-of-assets.

Embedded:

<meta name='x-assets-proof' data='/btc-assets.json'>

/btc-assets.json

{
  "id": "MtGox.com BTC assets",
  "signatures": [
    { "address": "", "signature": "" }
  ],
  "type": "BTC" (optional - defaults to bitcoin)
}

Verification

The proof that a site is solvent can be done by adding up all amounts controlled by addresses listed in the assets proof and deducting this amount from the root value in the liabilities proof.

function is_solvent() { return (assets >= liabilities) }

Assets and liabilities proof should be paired together using the id key. An asset proof must have the same id as its matching liabilities proof. This allows a shared wallet who handles multiple currencies to have multiple solvency proofs.

Known limitations

This scheme warns users when an exchange is insolvent but it does not prevent them from running away with the money / getting hacked / etc.
The asset proof could be generated by convincing/scamming someone else into signing a message for you / using an online service that signs message without revealing the private keys used.
The same keys can be used to generate multiple asset proofs for different domains although this can be mitigated by relying on a third party server that detects this.
It is possible for exchanges to exclude users that haven't logged in for a while from the liability proof. This can be mitigated by implementing a "push" protocol which would prevent exchange from knowing who is verifying the proof.
The verifier extension currently relies on a third party server to fetch the liability proof roots in order to make sure the user is not served a custom root. It also relies on a trusted third party server to retrieve the balance for a given asset proof. Both those servers are relatively easy to host and they could be optionally customized in the extension's settings.

Sites that implement this scheme

Send a pull request if you would like your site listed here.

olalonde / proof-of-solvency

readme