Bitcoin Forum
May 30, 2015, 12:17:09 AM *
News: Latest stable version of Bitcoin Core: 0.10.2 [Torrent]
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: [ANN] Kraken Passes Cryptographically Verifiable Proof of Reserves Audit  (Read 21929 times)
btcx
VIP
Sr. Member
*
Offline Offline

Activity: 296



View Profile WWW

Ignore
March 24, 2014, 08:01:29 AM
 #1

https://www.kraken.com/security/audit

Big thanks to Stefan Thomas, CTO of Ripple Labs (founder of WeUseCoins.com, BitcoinJS, and Bitcointalk admin), for being our volunteer auditor.

Timing didn't work out for Stefan to post this himself but he will confirm as soon as he is available:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====BEGIN AUDIT REPORT=====

AUDITOR: Stefan Thomas
AUDITED ENTITY: Payward, Inc., https://www.kraken.com
ROOT HASH: 306daae528dc137c9053554c45e90a631ef859490a3ede651d488135602500a3
BLOCK HEIGHT: 289859
RESULT: >100% reserves


March 22, 2014
San Francisco

This post is to report on an audit I performed for the Kraken Bitcoin exchange on March 11th, 2014 and March 22nd, 2014 at their offices here in San Francisco. I've not received any payment for this audit - my personal goal with this is to help improve the stability of and confidence in the math-based currency industry overall.


Statement
=========

The audit process is designed to allow the auditor - in this case me, Stefan Thomas - to verify that the total amount of bitcoins held by Kraken matches the amount required to cover an anonymized set of customer balances. I am attesting to is the root hash of a merkle tree containing all balances that were considered in the audit. If you are a customer of Kraken, you'll be able to verify using open-source tools that your balance at the time of the audit is part of this root hash. If it is and if you believe that I am trustworthy, then you can be confident that your balance was covered by 100% reserves at the time of the audit.

Compared to audits performed by other exchanges, this approach is very strict while still maintaining absolute privacy for customers. The most difficult part of an audit is normally to verify that the exchange is not under-reporting the number and balances of account holders. With this approach each account holder can verify that they were considered in the audit.

Trust in this type of audit still requires trust in the auditor. For now, this will rest on my shoulders, but Kraken have expressed interest in doing regular audits with different auditors each time. This serves to renew the audit and also to increase the confidence in the audit process and the validity of the result.


Claims
======

Claim 1: Kraken controls a certain amount of Bitcoins.

Proof: Kraken provided a JSON file with a list of their Bitcoin addresses and balances. I used the `cryptoshi audit` command in libcoin to verify the JSON file against a copy of the block chain.

The version of libcoin used was commit f8c66accf2af88c039bd7c6678da7a338b8befa0.

Here is the audit code used:

https://github.com/libcoin/libcoin/blob/f8c66accf2af88c039bd7c6678da7a338b8befa0/applications/cryptoshi/cryptoshi.cpp#L637-691


Claim 2: The amount from claim 1 is greater than the amount contained in the root hash of balances.

Proof: Kraken provided a binary file containing a set of user balances. This binary file can read and manipulated using the tool "krakendb".

The version of krakendb used was commit 78d3504a7d68256a9a664125fa86a224c479ad42

Available at: https://github.com/payward/krakendb

To calculate the sum of all balances in the tree as well as a merkle tree of all balances, I used the "krakendb root" command. The root hash was:

306daae528dc137c9053554c45e90a631ef859490a3ede651d488135602500a3

The actual holdings were very slightly (< 0.5%) above the required holdings, meaning Kraken had greater than 100% reserves at the audit block height.

// Stefan Thomas

=====END AUDIT REPORT=====

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJTLkKtAAoJEMlHNwCksIvzZkkP/04wdVeyYd8kKMJWKl1nP1OG
6PD1C01NdOTvsyrRUd9/h2mRc4xmH+IC5WwjhrTStOiiUIKarGb/MlHC5JsMXbQm
+NtxL8+Kbjk0DITCbydEur9udKIWi/CG/ja4aMT1jfOoMqtCNcRLl/4BjsOKUNXS
GZBP0rZTE1yqqlN/rAulQvqeoytWx6LMl9F2qoJ+EZflIRsykJPt8kXNZJudK3nR
yfNzvqa4gHoD07uIxPzTuQJXX4trGXW9K1mXsNJxqIjbR+seEANJMAS4G367Q7D8
quyhAXH8HEEk+isXHa9YXWAe1wgzV9TCYf5yoM+Ki3iWN+CcqSNAGvRAs11Vwjyt
BplgUeN+yyRLvw4cfhvn7cyBmrDBMsKo9sG5yS+Ql6HC7M4+PXp8UaR+DySgttVS
khRuSyiTssmDr/poUwx4R3jj9sn9QoUXMQTHgY56x0YO2TDHlaW/aA2uE6gSABXG
VPIoCKoukjy+W4Q4FSnpYpAQtmWRnsm63DlsMLDZvVg/45uu3/7AmKxtkvkAwwFA
vMZCIhK+VzEZT59A59JO5w/DMglsEZDXXOPV3/G0bR5+P8bpnH2W9BKOIeXtxFGn
360FF9TP2mMfQUCaqa9piLpNokGs8Nl8fb5S9+lxHkqPgw0ZikbmyLcf1h7bXx4W
ssacpTH1s0f5fAiIR5Uo
=zu+r
-----END PGP SIGNATURE-----

Bitcoin, Litecoin, Namecoin, Dogecoin, Ripple, Stellar, US dollar, euro, British pound and Japanese yen exchange:  https://kraken.com
1432945029
Hero Member
*
Offline Offline

Posts: 1432945029

View Profile Personal Message (Offline)

Ignore
1432945029
Reply with quote  #2

1432945029
Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1432945029
Hero Member
*
Offline Offline

Posts: 1432945029

View Profile Personal Message (Offline)

Ignore
1432945029
Reply with quote  #2

1432945029
Report to moderator
1432945029
Hero Member
*
Offline Offline

Posts: 1432945029

View Profile Personal Message (Offline)

Ignore
1432945029
Reply with quote  #2

1432945029
Report to moderator
1432945029
Hero Member
*
Offline Offline

Posts: 1432945029

View Profile Personal Message (Offline)

Ignore
1432945029
Reply with quote  #2

1432945029
Report to moderator
1432945029
Hero Member
*
Offline Offline

Posts: 1432945029

View Profile Personal Message (Offline)

Ignore
1432945029
Reply with quote  #2

1432945029
Report to moderator
bugbounty
Newbie
*
Offline Offline

Activity: 3


View Profile

Ignore
March 24, 2014, 08:02:24 AM
 #2

Awesome.
ErisDiscordia
Hero Member
*****
Offline Offline

Activity: 728


Imposition of ORder = Escalation of Chaos


View Profile

Ignore
March 24, 2014, 08:38:47 AM
 #3

This is why we needed the Gox fiasco to wake us up and demand proof of solvency from exchanges.

This is Bitcoinland. Big Brother won't hold your hand and protect you from evil scammers so you won't have to use your head too much (and then go ahead and scam you himself Cheesy) it is your responsibility and we need to demand high quality services and weed out the bad eggs by not doing business with them ourselves.

Good job Kraken!

It's all bullshit. But bullshit makes the flowers grow and that's beautiful.
sickpig
Hero Member
*****
Offline Offline

Activity: 784


View Profile

Ignore
March 24, 2014, 09:11:41 AM
 #4

amazing!

keep up the good work.

the next step: completely trust-less audit mechanism. I seem to remember that gmaxwell proposed something along this line...

anyway I'm more than happy for this achievement Tongue

edit1: found out gmazwell proposal, https://iwilcox.me.uk/2014/nofrac-orig
romerun
Hero Member
*****
Offline Offline

Activity: 854


Bitcoin is new, makes sense to hodl.


View Profile

Ignore
March 24, 2014, 09:16:14 AM
 #5

great ! looking forward to use your service one day
Sukrim
Legendary
*
Offline Offline

Activity: 1400


View Profile

Ignore
March 24, 2014, 09:27:19 AM
 #6

Well, "Claim 1" could be improved if the message can be chosen by the auditor (e.g. to being the headline of a large newspaper on audit day + a few random words/numbers that the auditor reveals as close as possible to the audit time (it'll take some time to generate signatures after all)). It is not clear if it was done that way.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
Skinnkavaj
Sr. Member
****
Offline Offline

Activity: 470


English Motherfucker do you speak it ?


View Profile

Ignore
March 24, 2014, 09:30:50 AM
 #7

Excellent work btcx

Gaff
Jr. Member
*
Offline Offline

Activity: 48


View Profile

Ignore
March 24, 2014, 10:14:48 AM
 #8

First let me just say I welcome this sort of action. It's what the community needs!

Claim 1: Kraken controls a certain amount of Bitcoins.

Proof: Kraken provided a JSON file with a list of their Bitcoin addresses and balances. I used the `cryptoshi audit` command in libcoin to verify the JSON file against a copy of the block chain.

Ok I'm probably being a noob here - but how dows this proove that Kraken actually control these bitcoins? They could have just given you a list of bitcoins that happen to be in the blockchain. Was there something signed by the private key to prove they actually control these?

*Edit:*
Just looked at the code. It has the following:

Code:
if ( addr.getPubKeyHash() == verifier.verify(address + " " + message, signature) ) {

Where message and signature are provided in the audit file, and verifier does some stuff with public keys that I can't claim to fully grasp but I will trust as being a valid cryptographic check.
 
So the implication is that Stefan provided Kraken with a message and Kraken used the private keys of the corresponding addresses to sign this message to prove Kraken had them. Would be great if this was made clearer.
Aleksei Richards
Jr. Member
*
Offline Offline

Activity: 38



View Profile

Ignore
March 24, 2014, 10:44:25 AM
 #9

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.

Mordan
Newbie
*
Offline Offline

Activity: 5


View Profile

Ignore
March 24, 2014, 10:52:46 AM
 #10

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.

+1... Kraken proves nothing to the potential customer
minorman
Full Member
***
Offline Offline

Activity: 160


View Profile

Ignore
March 24, 2014, 11:02:36 AM
 #11

Kraken leading the way!! Thanks Stefan.

“Banking doesn’t involve fraud, banking IS fraud.”
- Tim Madden
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 739



View Profile

Ignore
March 24, 2014, 11:06:55 AM
 #12

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.

Sigh, no, you've missed the point.  This wasn't a security audit, this was a cryptographically provable proof of funds.  And no, he didn't have access to the user funds, that's part of the point of doing it this way.

Sukrim
Legendary
*
Offline Offline

Activity: 1400


View Profile

Ignore
March 24, 2014, 11:16:11 AM
 #13

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.
How should that be possible in an exchange setting with sub-milisecond response times for trading?

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
samson
Legendary
*
Offline Offline

Activity: 882


View Profile

Ignore
March 24, 2014, 11:16:23 AM
 #14

I wonder when we will see BTC-e, BitStamp and Cryptsy doing this to verify your funds are safe and secure ? That's never going to happen in my opinion.

Gox and VirCurex have been robbed extensively, I see no reason why the others mentioned above would be immune.

I suspect Bitstamp is going to be the next one.
Sukrim
Legendary
*
Offline Offline

Activity: 1400


View Profile

Ignore
March 24, 2014, 11:20:31 AM
 #15

Bitstamp already did this. (Edit: An audit of their funds and user balances.)

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
amonymous
Full Member
***
Offline Offline

Activity: 140

Moe


View Profile WWW

Ignore
March 24, 2014, 11:40:41 AM
 #16

Great stuff.

Hi there, I'm organizing the North American Bitcoin Conference. Check it out at http://www.btcchicago.com or https://bitcointalk.org/index.php?topic=645071.new
Elokane
Hero Member
*****
Offline Offline

Activity: 564


Truth is a consensus among neurons


View Profile WWW

Ignore
March 24, 2014, 11:58:48 AM
 #17

Is this a process that can be automated / carried out without an outside auditor?

Beware of he who would deny you access to information, for in his heart, he dreams himself your master.

Meet Synereo: A social network built around the value of your nature. https://bitcointalk.org/index.php?topic=827782.0
Sukrim
Legendary
*
Offline Offline

Activity: 1400


View Profile

Ignore
March 24, 2014, 12:12:05 PM
 #18

Not if they don't want to tell everybody every single Bitcoin address they control. Claim 1 might be possible using the block chain and that info, Claim 2 can be partially verified by Kraken users (actually it can only be falsified by Kraken users - as soon as one single Kraken customer can prove that they had a different balance than what was audited or that they aren't included, the audit can be considered fake).

There could be ways for exchanges to cheat here (e.g. leave out accounts that were not used in months for the account balances) but the more they cheat, the higher the risk that they are caught.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
olalonde
Newbie
*
Offline Offline

Activity: 25


View Profile

Ignore
March 24, 2014, 12:16:15 PM
 #19

For those of you who might be considering implementing the scheme, please consider making your implementation compatible with  https://github.com/olalonde/proof-of-liabilities#specification (there are about 3 implementations following this spec now) to allow interoperability with verification tools. Also, see the online tools at http://olalonde.github.io/proof-of-liabilities and higher level description of the scheme at https://iwilcox.me.uk/2014/proving-bitcoin-reserves

We need the proofs to be verifiable automatically (through a browser extension for example) if we ever want this kind of scheme to work in practice.

Regardless, thumbs up to Kraken for being more transparent about solvency.
iwilcox
Newbie
*
Offline Offline

Activity: 24


View Profile

Ignore
March 24, 2014, 12:23:14 PM
 #20

It's excellent news that Kraken have provided an independently verifiable declaration of liabilities, using the Merkle technique, and provided open source tools to do it.  Let's hope they also progress to independently verifiable proof of assets and adapt their tool to emerging standards, because then they can just automate the whole process and prove reserves daily, and customers can choose any interoperable verifier.

Also to consider: does this qualify for comboy's offer of free promotion at bitcoinity?  Technically I think CryptX.io and peat.io had implementations first, but AFAIK both were pre-launch at the time.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!