How can CEXs pursue safe practices? Ethereum co-founder shares insights

The FTX collapse has raised significant questions about the credibility of centralized crypto exchanges (CEX). FTX was indeed one of the most popular exchanges in the crypto space, and its meltdown has left a painful burn mark on the entire crypto market.

The entire crypto community is now asking, how can users ensure the safety of their exchanges and hold them accountable for making better practices. This is also a concern for other legitimate crypto exchanges. Such platforms do not and should not function like banks, and therefore they can’t solely rely on regulated methods like government licenses and governance audits to prove their credibility.

Ethereum’s co-founder Vitalik Buterin has shared critical insights on how CEXs can pursue safe practices and build credibility using on-chain cryptographic methods. Here are some of the key points from Buterin’s recent blog:

The old-school proof-of-solvency methods that still work 

Balance sheets are the oldest technique in the books to prove an exchange’s solvency cryptographically. Centralized exchanges can effectively show that they have enough funds to cover customer liabilities, by publicly releasing the transaction reports of their locked assets. This was done by MTGox, one of the earliest Bitcoin exchanges in 2011. The company demonstrated its proof of solvency by moving 424242 BTC to a pre-annouced address.

Although effective, the balance sheet approach creates a problem in terms of determining the total amount of user deposits. For instance, in the case of MTGox, how can one confirm that the platform’s user deposits do not exceed its total funds on the balance sheet?

According to the Ethereum co-founder, the simplest way to address this concern is by publishing a full list of (Username, Balance) pairs. This solves the problem of proving solvency but creates a new problem of privacy.

The Merkle tree technique for preserving user privacy

According to Buterin, the Markle tree technique can bring ‘proof-of-solvency’ and user privacy under one unified model. This technique includes establishing a table of customer balance into a Markle sum tree, where each node is a (balance, hash) pair.

The bottom-layer nodes represent user balances and username hashes of each individual customer. The balance in the higher nodes includes the sum of the two balances below. Users can hierarchically calculate their balances from the bottom node to the highest node, and if the sum is correct, it means their balance is correctly included in the total amount.

While the Markle tree approach provides a certain level of privacy, while also demonstrating proof-of-liabilties, it still doesn’t guarantee maximum security of user information.

ZK-SNARKs – a robust model for centralized exchanges

According to Buterin, the most powerful method for ensuring proof-of-liability and upholding user privacy is the ZN-SNARKs technology. It stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.

ZN-SNARKs is a way for transactions to be private and fully encrypted on the blockchain while still being validated using the network’s consensus rules. This approach can show that the sender has the amount of funds they want to transfer without making that information public. For example, given the hash of a random number, an exchange could convince the user that there indeed exists a number with this hash value, without revealing what it is.

More detailed information about this technology can be found in the official Ethereum foundational documents.

Other advice for CEXs from Vitalik Buterin

The Ethereum co-founder further suggested CEXs should keep a few public long-term-use addresses as proof-of-assets. Exchanges can either generate a few public addresses and prove their ownership once, or have many addresses and randomly prove ownership from time to time.

They should also adopt more complicated zero-knowledge proof options. For instance, an exchange set all of its addresses to be 1-of-2 multisigs, where one of the key will be different per address.

Going forward, these practices can help centralized exchanges to effectively demonstrate their proof-of-liability, and increase their credibility among users. Most importantly, these measures can help to prevent another catastrophic event like FTX.