Bitcoin Forum
December 09, 2024, 01:37:42 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3  All
  Print  
Author Topic: [ANN] Kraken Passes Cryptographically Verifiable Proof of Reserves Audit  (Read 40018 times)
btcx (OP)
VIP
Sr. Member
*
Offline Offline

Activity: 302
Merit: 253



View Profile WWW
March 24, 2014, 08:01:29 AM
Last edit: March 24, 2014, 09:47:02 AM by btcx
 #1

https://www.kraken.com/security/audit

Big thanks to Stefan Thomas, CTO of Ripple Labs (founder of WeUseCoins.com, BitcoinJS, and Bitcointalk admin), for being our volunteer auditor.

Timing didn't work out for Stefan to post this himself but he will confirm as soon as he is available:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====BEGIN AUDIT REPORT=====

AUDITOR: Stefan Thomas
AUDITED ENTITY: Payward, Inc., https://www.kraken.com
ROOT HASH: 306daae528dc137c9053554c45e90a631ef859490a3ede651d488135602500a3
BLOCK HEIGHT: 289859
RESULT: >100% reserves


March 22, 2014
San Francisco

This post is to report on an audit I performed for the Kraken Bitcoin exchange on March 11th, 2014 and March 22nd, 2014 at their offices here in San Francisco. I've not received any payment for this audit - my personal goal with this is to help improve the stability of and confidence in the math-based currency industry overall.


Statement
=========

The audit process is designed to allow the auditor - in this case me, Stefan Thomas - to verify that the total amount of bitcoins held by Kraken matches the amount required to cover an anonymized set of customer balances. I am attesting to is the root hash of a merkle tree containing all balances that were considered in the audit. If you are a customer of Kraken, you'll be able to verify using open-source tools that your balance at the time of the audit is part of this root hash. If it is and if you believe that I am trustworthy, then you can be confident that your balance was covered by 100% reserves at the time of the audit.

Compared to audits performed by other exchanges, this approach is very strict while still maintaining absolute privacy for customers. The most difficult part of an audit is normally to verify that the exchange is not under-reporting the number and balances of account holders. With this approach each account holder can verify that they were considered in the audit.

Trust in this type of audit still requires trust in the auditor. For now, this will rest on my shoulders, but Kraken have expressed interest in doing regular audits with different auditors each time. This serves to renew the audit and also to increase the confidence in the audit process and the validity of the result.


Claims
======

Claim 1: Kraken controls a certain amount of Bitcoins.

Proof: Kraken provided a JSON file with a list of their Bitcoin addresses and balances. I used the `cryptoshi audit` command in libcoin to verify the JSON file against a copy of the block chain.

The version of libcoin used was commit f8c66accf2af88c039bd7c6678da7a338b8befa0.

Here is the audit code used:

https://github.com/libcoin/libcoin/blob/f8c66accf2af88c039bd7c6678da7a338b8befa0/applications/cryptoshi/cryptoshi.cpp#L637-691


Claim 2: The amount from claim 1 is greater than the amount contained in the root hash of balances.

Proof: Kraken provided a binary file containing a set of user balances. This binary file can read and manipulated using the tool "krakendb".

The version of krakendb used was commit 78d3504a7d68256a9a664125fa86a224c479ad42

Available at: https://github.com/payward/krakendb

To calculate the sum of all balances in the tree as well as a merkle tree of all balances, I used the "krakendb root" command. The root hash was:

306daae528dc137c9053554c45e90a631ef859490a3ede651d488135602500a3

The actual holdings were very slightly (< 0.5%) above the required holdings, meaning Kraken had greater than 100% reserves at the audit block height.

// Stefan Thomas

=====END AUDIT REPORT=====

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJTLkKtAAoJEMlHNwCksIvzZkkP/04wdVeyYd8kKMJWKl1nP1OG
6PD1C01NdOTvsyrRUd9/h2mRc4xmH+IC5WwjhrTStOiiUIKarGb/MlHC5JsMXbQm
+NtxL8+Kbjk0DITCbydEur9udKIWi/CG/ja4aMT1jfOoMqtCNcRLl/4BjsOKUNXS
GZBP0rZTE1yqqlN/rAulQvqeoytWx6LMl9F2qoJ+EZflIRsykJPt8kXNZJudK3nR
yfNzvqa4gHoD07uIxPzTuQJXX4trGXW9K1mXsNJxqIjbR+seEANJMAS4G367Q7D8
quyhAXH8HEEk+isXHa9YXWAe1wgzV9TCYf5yoM+Ki3iWN+CcqSNAGvRAs11Vwjyt
BplgUeN+yyRLvw4cfhvn7cyBmrDBMsKo9sG5yS+Ql6HC7M4+PXp8UaR+DySgttVS
khRuSyiTssmDr/poUwx4R3jj9sn9QoUXMQTHgY56x0YO2TDHlaW/aA2uE6gSABXG
VPIoCKoukjy+W4Q4FSnpYpAQtmWRnsm63DlsMLDZvVg/45uu3/7AmKxtkvkAwwFA
vMZCIhK+VzEZT59A59JO5w/DMglsEZDXXOPV3/G0bR5+P8bpnH2W9BKOIeXtxFGn
360FF9TP2mMfQUCaqa9piLpNokGs8Nl8fb5S9+lxHkqPgw0ZikbmyLcf1h7bXx4W
ssacpTH1s0f5fAiIR5Uo
=zu+r
-----END PGP SIGNATURE-----

Bitcoin, Ethereum, Litecoin, Namecoin, Dogecoin, Ripple, Stellar, US dollar, euro, British pound, Canadian dollar and Japanese yen exchange:  https://www.kraken.com
bugbounty
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
March 24, 2014, 08:02:24 AM
 #2

Awesome.
ErisDiscordia
Legendary
*
Offline Offline

Activity: 1133
Merit: 1163


Imposition of ORder = Escalation of Chaos


View Profile
March 24, 2014, 08:38:47 AM
 #3

This is why we needed the Gox fiasco to wake us up and demand proof of solvency from exchanges.

This is Bitcoinland. Big Brother won't hold your hand and protect you from evil scammers so you won't have to use your head too much (and then go ahead and scam you himself Cheesy) it is your responsibility and we need to demand high quality services and weed out the bad eggs by not doing business with them ourselves.

Good job Kraken!

It's all bullshit. But bullshit makes the flowers grow and that's beautiful.
sickpig
Legendary
*
Offline Offline

Activity: 1260
Merit: 1008


View Profile
March 24, 2014, 09:11:41 AM
Last edit: March 24, 2014, 11:33:05 PM by sickpig
 #4

amazing!

keep up the good work.

the next step: completely trust-less audit mechanism. I seem to remember that gmaxwell proposed something along this line...

anyway I'm more than happy for this achievement Tongue

edit1: found out gmazwell proposal, https://iwilcox.me.uk/2014/nofrac-orig

Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
romerun
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


Bitcoin is new, makes sense to hodl.


View Profile
March 24, 2014, 09:16:14 AM
 #5

great ! looking forward to use your service one day
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
March 24, 2014, 09:27:19 AM
 #6

Well, "Claim 1" could be improved if the message can be chosen by the auditor (e.g. to being the headline of a large newspaper on audit day + a few random words/numbers that the auditor reveals as close as possible to the audit time (it'll take some time to generate signatures after all)). It is not clear if it was done that way.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
Skinnkavaj
Sr. Member
****
Offline Offline

Activity: 469
Merit: 250


English Motherfucker do you speak it ?


View Profile
March 24, 2014, 09:30:50 AM
 #7

Excellent work btcx

Gaff
Hero Member
*****
Offline Offline

Activity: 924
Merit: 502


View Profile
March 24, 2014, 10:14:48 AM
Last edit: March 24, 2014, 10:35:51 AM by Gaff
 #8

First let me just say I welcome this sort of action. It's what the community needs!

Claim 1: Kraken controls a certain amount of Bitcoins.

Proof: Kraken provided a JSON file with a list of their Bitcoin addresses and balances. I used the `cryptoshi audit` command in libcoin to verify the JSON file against a copy of the block chain.

Ok I'm probably being a noob here - but how dows this proove that Kraken actually control these bitcoins? They could have just given you a list of bitcoins that happen to be in the blockchain. Was there something signed by the private key to prove they actually control these?

*Edit:*
Just looked at the code. It has the following:

Code:
if ( addr.getPubKeyHash() == verifier.verify(address + " " + message, signature) ) {

Where message and signature are provided in the audit file, and verifier does some stuff with public keys that I can't claim to fully grasp but I will trust as being a valid cryptographic check.
 
So the implication is that Stefan provided Kraken with a message and Kraken used the private keys of the corresponding addresses to sign this message to prove Kraken had them. Would be great if this was made clearer.
Aleksei Richards
Newbie
*
Offline Offline

Activity: 38
Merit: 0



View Profile
March 24, 2014, 10:44:25 AM
 #9

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.
Mordan
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
March 24, 2014, 10:52:46 AM
 #10

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.

+1... Kraken proves nothing to the potential customer
minorman
Legendary
*
Offline Offline

Activity: 945
Merit: 1003



View Profile
March 24, 2014, 11:02:36 AM
 #11

Kraken leading the way!! Thanks Stefan.


 ██▄                ██        ▄███████▄        ██                  ██      ▄█████████▄ 
 ████              ██      █                  █      ██                  ██      ██                ██
 ██  ▀█            ██    ▄█                  █▄    ██                  ██    ██                  ██
 ██    █▄          ██    ██                  ██    ██                  ██    ▀█                     
 ██      █▄        ██    ██                  ██    ██                  ██      ██                   
 ██        █▄      ██                                  ██                  ██       ▀████████▄   
 ██          █▄    ██    ██                  ██    ██                  ██                        ██ 
 ██            █▄  ██    ██                  ██    ██                  ██                          ██
 ██              █▄██    ██                  ██    ▀█                  █▀    ▄▄                  █▀
 ██                ███      █                  █        █                  █      ██                ██ 
 ██                  ▀█        ▀███████▀            ▀███████▀         ▀█████████▀   











Nousplatform Youtube     
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
March 24, 2014, 11:06:55 AM
 #12

I think we've missed the point here. By showing me that you have access to every users funds, you show me that at any point you can disappear with those funds.

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.

Sigh, no, you've missed the point.  This wasn't a security audit, this was a cryptographically provable proof of funds.  And no, he didn't have access to the user funds, that's part of the point of doing it this way.

Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
March 24, 2014, 11:16:11 AM
 #13

I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.
How should that be possible in an exchange setting with sub-milisecond response times for trading?

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
samson
Legendary
*
Offline Offline

Activity: 2097
Merit: 1070


View Profile
March 24, 2014, 11:16:23 AM
 #14

I wonder when we will see BTC-e, BitStamp and Cryptsy doing this to verify your funds are safe and secure ? That's never going to happen in my opinion.

Gox and VirCurex have been robbed extensively, I see no reason why the others mentioned above would be immune.

I suspect Bitstamp is going to be the next one.
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
March 24, 2014, 11:20:31 AM
 #15

Bitstamp already did this. (Edit: An audit of their funds and user balances.)

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
amonymous
Full Member
***
Offline Offline

Activity: 1177
Merit: 102


View Profile
March 24, 2014, 11:40:41 AM
 #16

Great stuff.
Elokane
Hero Member
*****
Offline Offline

Activity: 817
Merit: 1000


Truth is a consensus among neurons www.synereo.com


View Profile WWW
March 24, 2014, 11:58:48 AM
 #17

Is this a process that can be automated / carried out without an outside auditor?

Synereo: liberating the Internet from abusive business models.

Beware of he who would deny you access to information, for in his heart, he dreams himself your master.
<br>
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
March 24, 2014, 12:12:05 PM
 #18

Not if they don't want to tell everybody every single Bitcoin address they control. Claim 1 might be possible using the block chain and that info, Claim 2 can be partially verified by Kraken users (actually it can only be falsified by Kraken users - as soon as one single Kraken customer can prove that they had a different balance than what was audited or that they aren't included, the audit can be considered fake).

There could be ways for exchanges to cheat here (e.g. leave out accounts that were not used in months for the account balances) but the more they cheat, the higher the risk that they are caught.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
olalonde
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
March 24, 2014, 12:16:15 PM
Last edit: March 24, 2014, 01:21:43 PM by olalonde
 #19

For those of you who might be considering implementing the scheme, please consider making your implementation compatible with  https://github.com/olalonde/proof-of-liabilities#specification (there are about 3 implementations following this spec now) to allow interoperability with verification tools. Also, see the online tools at http://olalonde.github.io/proof-of-liabilities and higher level description of the scheme at https://iwilcox.me.uk/2014/proving-bitcoin-reserves

We need the proofs to be verifiable automatically (through a browser extension for example) if we ever want this kind of scheme to work in practice.

Regardless, thumbs up to Kraken for being more transparent about solvency.
iwilcox
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
March 24, 2014, 12:23:14 PM
 #20

It's excellent news that Kraken have provided an independently verifiable declaration of liabilities, using the Merkle technique, and provided open source tools to do it.  Let's hope they also progress to independently verifiable proof of assets and adapt their tool to emerging standards, because then they can just automate the whole process and prove reserves daily, and customers can choose any interoperable verifier.

Also to consider: does this qualify for comboy's offer of free promotion at bitcoinity?  Technically I think CryptX.io and peat.io had implementations first, but AFAIK both were pre-launch at the time.
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!