Bifubao unveils first production-scale Proof of Reserves

(By: Tim Swanson) In the aftermath of Mt. Gox’s collapse, the Bitcoin community has clamored for more accountability from exchanges and wallets that held bitcoin on behalf of its users.  Several weeks ago, Bitcoin developer Greg Maxwell proposed a method (detailed in this post) using Merkle trees that allows users to verify that sites hold the bitcoins in reserve without revealing too much customer information.  This method is called Proof of Reserves (PoR).

This past week, a bitcoin wallet company in China called Bifubao became the first company to implement a proof of reserves system.  Users can check that the funds exist using a graphical tree interface.

bitcoin Bifubao proof reserves

Join CCN for $9.99 per month and get an ad-free version of CCN including discounts for future events and services. Support our journalists today. Click here to sign up.

Bifubao’s executive team includes CEO, Jack Wang and CTO, Kevin Pan.  Wang graduated with a BS/MS in Electrical Engineering from Stanford and is a former technology lawyer in the Bay Area.[1]  Pan formerly worked at Baidu, and is one of China’s leading Bitcoin developers.  Li Xiao Lai, one of China’s most influential bitcoin commentators, is also a cofounder.[2]

Two weeks ago I spoke with Wang and Pan about their motivation for building and releasing a PoR system.  According to Wang, “We think this proof of reserves system is a great way to show users that we are committed to transparency.  We’re hoping that other companies follow suit, because it benefits the bitcoin community generally to have more reputable organizations. We have open-sourced our code, and users and other companies are welcome to inspect and even use it.”

To show that his wallet holds the amount indicated in the root node, Bifubao provides links to two cold storage addresses.  Wang said “We’ve signed a message using the private key of each of those addresses to prove ownership.  Since the cold storage addresses won’t contain 100% of the bitcoins we hold, the bitcoins stored at these addresses will differ from the bitcoins we report that we hold.  However, this should reassure users that we control at least the vast majority of those funds.”

Kevin Pan thought that the Merkle Tree concept was an elegant way to protect user privacy.  “We discussed whether or not we wanted to show the world the amount of bitcoins we held in our wallets, but in the end we decided it was worth the tradeoff for us as a company and for the bitcoin ecosystem.

One of the reasons this issue is important to many customers is that several exchanges, including notably Mt. Gox, appear to have been operating under a fractional reserve system in which the exchange only holds a partial amount of the assets they claim to have had.[3]  While the legal issues are still being sorted out through bankruptcy courts, if true this would amount to fraudulent claims.  Other potential solutions to mitigate such risks include independent auditing, which Bitstamp and Coinbase undergo, and insurance, which Xapo recently announced it is covered by Meridian.[4]

Bifubao’s online wallet allows users to send and receive bitcoins using email addresses and mobile phone numbers, and includes support for merchant payment buttons and an API for application integrations.  The code for Bifubao’s proof of reserve system is located on github, and they have also written a technical blog post on their implementation.


[1] Jack Wang has previously provided a legal analysis of the December 5th statement from the People’s Bank of China, see China’s Statement on Bitcoin is Open to Interpretation from CoinDesk

[2] See Bitcoin Market Gets a Lift From China from The Wall Street Journal and Li Xiaolai, Bitcoin millionaire from Danwei