Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges

Bitcoin exchanges function like banks, securely holding customers' bitcoins on their behalf. Several exchanges have suffered catastrophic losses with customers permanently losing their savings. A proof of solvency demonstrates cryptographically that the exchange controls sufficient reserves to settle each customer's account. We introduce Provisions, a privacy-preserving proof of solvency whereby an exchange does not have to disclose its Bitcoin addresses; total holdings or liabilities; or any information about its customers. We also propose an extension which prevents exchanges from colluding to cover for each other's losses. We have implemented Provisions and it offers practical computation times and proof sizes even for a large Bitcoin exchange with millions of customers.

[1]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[4]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[5]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[6]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[7]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[8]  Wenbo Mao Guaranteed Correct Sharing of Integer Factorization with Off-Line Shareholders , 1998, Public Key Cryptography.

[9]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[10]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[11]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[12]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[13]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[14]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[15]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[16]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[17]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[18]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[19]  Burton Rosenberg,et al.  Handbook of Financial Cryptography and Security , 2010 .

[20]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[21]  Róbert Párhonyi,et al.  Micropayment Systems , 2010, Handbook of Financial Cryptography and Security.

[22]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[23]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[24]  Tyler Moore,et al.  Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk , 2013, Financial Cryptography.

[25]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[26]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[27]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[28]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.