Proof of Solvency specification and Javascript implementation.
Proof of Solvency (PoS) is a scheme designed to let users verify the solvency of online websites which accept Bitcoin (or other similar currency) deposits (e.g. exchange websites, online wallets, gambling websites, etc.) in a way that doesn't compromise the privacy of users.
This scheme is based on the Proof Of Liabilities and Proof of Assets schemes.
Table of Contents
Table of Contents
Work in progress.
The liabilities proof is done using the scheme described at olalonde/proof-of-liabilities.
Embedded:
PS: The x-liabilities-proof-root
must be available on the index page (domain.com/) of the domain name and should be retrievable by non logged in visitors.
<meta name="x-liabilities-proof" data="/account/btc-partial-tree.json">
<meta name="x-liabilities-proof-root" data="/btc-root.json">
/acccount/btc-partial-tree.json
(different for each user)
{
"id": "MtGox.com BTC liabilities",
"partial_tree": { ... }
}
/btc-root.json
{
"id": "MtGox.com BTC liabilities",
"root": {
"value": 37618,
"hash": "2evVTMS8wbF2p5aq1qFETanO24BsnP/eshJxxPHJcug="
}
}
The assets proof is done using the scheme described at olalonde/proof-of-assets.
Embedded:
<meta name='x-assets-proof' data='/btc-assets.json'>
/btc-assets.json
{
"id": "MtGox.com BTC assets",
"signatures": [
{ "address": "", "signature": "" }
],
"type": "BTC" (optional - defaults to bitcoin)
}
The proof that a site is solvent can be done by adding up all amounts controlled by addresses listed in the assets proof and deducting this amount from the root value in the liabilities proof.
function is_solvent() { return (assets >= liabilities) }
Assets and liabilities proof should be paired together using the id
key. An asset
proof must have the same id
as its matching liabilities proof. This
allows a shared wallet who handles multiple currencies to have multiple
solvency proofs.
- This scheme warns users when an exchange is insolvent but it does not prevent them from running away with the money / getting hacked / etc.
- The asset proof could be generated by convincing/scamming someone else into signing a message for you / using an online service that signs message without revealing the private keys used.
- The same keys can be used to generate multiple asset proofs for different domains although this can be mitigated by relying on a third party server that detects this.
- It is possible for exchanges to exclude users that haven't logged in for a while from the liability proof. This can be mitigated by implementing a "push" protocol which would prevent exchange from knowing who is verifying the proof.
- The verifier extension currently relies on a third party server to fetch the liability proof roots in order to make sure the user is not served a custom root. It also relies on a trusted third party server to retrieve the balance for a given asset proof. Both those servers are relatively easy to host and they could be optionally customized in the extension's settings.
Send a pull request if you would like your site listed here.