The collapse of FTX has severely eroded user confidence in centralized crypto exchanges. Most investors have finally realized the importance of owning the keys to their digital assets and have moved record volumes of tokens from exchanges to non-custodial wallets.
These events led to a wave of urging centralized exchanges to provide reliable evidence that they had more assets than liabilities. In a blog post on November 19, Ethereum co-founder Vitalik Buterin analyzed cryptographic methods used thus far by exchanges to become untrustworthy, including the limitations of these methods.
He also proposed new techniques of centralized exchanges to achieve distrust including shorthand argument, non-zero interaction knowledge (ZK-SNARKs) and other advanced techniques.
Binance, Coinbase, and Kraken contributed to this position, along with a16z General Partner and former CTO of Coinbase Balaji Srinivasan.
Proof of solvency through scale lists and Merkel trees
In 2011, Mt. Gox was one of the first exchanges to provide proof of solvency by transferring 424,242 BTC from a cold wallet to a Mt. Gox previously announced. It was later revealed that the transaction may have been misleading because the transferred assets may not have been transferred from a cold wallet.
In 2013, discussions began about how the exchanges would prove the total volume of user deposits. The idea was that if the exchanges proved the total of users’ deposits, i.e. their total liabilities, along with their ownership of an equivalent amount of assets, i.e. proving the assets, they would prove their solvency.
In other words, if exchanges can prove that they have assets equal to or greater than their user deposits, this will prove that they can pay back all users in the event of withdrawal requests.
The easiest way for exchanges to prove total user deposits was to simply post a list of users’ names along with their account balances. However, this violated user privacy, even if the exchanges only published a list of hashes and balances. Therefore, Merkle tree technology was introduced, which allows verification of large datasets.
In the Merkle Tree technology, the table of user balances is inserted into a Merkle sum tree, where each node or leaf is a balance and hash pair. The bottom layer of nodes contains individual user balances and salted username hashes. As you move up the tree, each node represents the sum of the balances of the two nodes below it and the sum of the hashes of the two nodes below it.
Buterin writes that while privacy leakage is limited in Merkel trees compared to public lists of names and balances, it is not completely invulnerable. He added that hackers who control a large number of accounts on the exchange could gain significant knowledge of the exchange’s users.
Buterin also noted:
“…the Merkle tree technique is about as good as a proof-of-commit scheme can be, if the goal is only to achieve proof-of-commits. But its privacy properties are still not perfect.
You can go a little further with Merkle trees in smarter ways, like making each satoshi or wei a separate card, but eventually with more modern technologies, there are better ways to do it.”
Exchanges can put all user balances into a Merkle tree or KZG commitment and use ZK-SNARK to prove that all balances are non-negative and add up to the total deposit value claimed by the exchange. Adding a layer of hashing to improve privacy will ensure that no exchange user can know anything about other users’ balances.
In the long term future, perhaps this type of ZK Proof of Commitment could be used not only for customer deposits on exchanges, but for lending on a larger scale. “
In other words, borrowers can provide ZK evidence to lenders to ensure that borrowers do not have too many open loans.
Use Proof of Assets
The easiest way to prove assets for the exchanges was the method used by Mt. Gox. Exchanges simply transfer their assets at a pre-agreed time or in a transaction where the data field indicates which exchange owns the assets. Exchanges can also avoid gas fees by signing an off-chain message.
However, this technology has two major problems – handling cold storage and dual use collateral. Most exchanges keep most of their assets in cold storage to keep them safe, which means “creating even one additional proof-of-address control message is an expensive process!” Buterin Books.
To deal with the issues, Buterin indicated that the exchanges could use a few more public addresses in the long term. Exchanges can generate some addresses, verify ownership once, and use the same addresses repeatedly. However, this presents challenges in maintaining privacy and security.
Alternatively, exchangers can have many addresses and prove ownership of a few randomly selected addresses. Moreover, exchanges can also use ZK Proofs to ensure privacy and provide an overall balance for all on-chain addresses, Buterin said.
The second issue is making sure that the exchanges do not confuse guarantees with false solvency. Buterin said:
“Ideally, proof of solvency would be done in real time, with proof that it refreshes after every block. If this is impractical, the next best thing would be to coordinate on a consistent schedule between different exchanges, eg. Proof of reserves per hour. 1400 UTC every Tuesday”.
The latest release is to provide proof of assets for fiat currencies. Cryptocurrency exchanges hold both digital assets and fiat currencies. According to Buterin, since fiat currency balances are not verifiable through crypto, providing proof of assets requires relying on “legal trust models.” For example, banks with a statutory order to stock exchanges can certify available balances and auditors can certify balance sheets.
Alternately, exchanges could create two separate entities — one that deals with asset-backed stablecoins and one that deals with bridges between fiat and cryptocurrencies. Buterin noted:
Since USDC “liabilities” are just on-chain ERC20 tokens, Proof of Liabilities comes “free” and only Proof of Assets is required.
Uses of plasma and valiums
To completely prevent exchanges from stealing or misusing customer funds, exchanges can use Plasma. A scaling solution that became popular in Ethereum research circles in 2017-2018, Plasma splits the balance into different tokens, where each token is assigned an index and has a specific location in the Merkle tree in the Plasma block.
However, since the advent of plasmas, ZK-SNARKs have emerged as a “more viable” solution, Buterin noted. The modern version of Plasma is validium, which is the same as ZK-rollups but the data is stored off-chain. However, Buterin warned:
“In valid, the operator has number A method of stealing money, although it depends on the implementation details, can get some users money related If the operator disappears. “
Disadvantages of complete decentralization
The most common problem with fully decentralized exchanges is that users may lose access to their accounts if they get hacked, forget their password, or lose their device. Exchanges can solve this problem with email recovery and other advanced forms of account recovery through KYC details. But this requires the exchange to take control of the user’s funds.
“In order to have the ability to refund user accounts for good reasons, exchanges must have the power that they can also use to steal user account funds for bad reasons. This is an inevitable trade-off.”
According to Buterin, the “ideal long-term solution” is based on self-booking through social redemption wallets and multiple signatures. However, in the short term, users need to choose between centralized and decentralized exchanges based on the trade-off they are comfortable with.
|Custody exchange (ex. Coinbase today)||User funds may be lost if there is a problem on the exchange side||Exchange can help restore the account|
|Non-custodial exchange (ex. Uniswap today)||Users can opt out even if the exchange is operating maliciously||User funds may be lost if the user makes a mistake|
Conclusions: The future of stock exchanges is better
In the short term, investors need to choose between custodial exchanges, non-custodial exchanges, or decentralized exchanges like Uniswap. However, in the future, some centralized exchanges may develop, which will be restricted by cryptography so that the exchange cannot steal users’ funds, by holding balances in a valid smart contract, Buterin said.
He added that the future may also bring half-guarded exchanges where users trust to exchange with fiat currencies but not cryptocurrencies.
Buterin noted that while both types of exchanges will continue to coexist, the simplest way to enhance the safety of custodial exchanges is to add proof of reserves. This will include a mixture of Proof of Assets and Proof of Liabilities.
In the future, Buterin hopes, all exchanges will evolve to be dishonest, “at least on the crypto side.” Centralized wallet redemption options will be present, he said, “but this can be done at the wallet layer rather than within the exchange itself.”
On the fiat side, exchanges can deploy native cash deposits and cash withdrawals for fiat-backed stablecoins such as USDT and USDC. But Buterin warned, “It will take some time before we can get there fully.”
#Vitalik #Buterin #Coinbase #Kraken #Binance #Promote #Untrusted #CEX #Apps