OKCoin 100% reserve audit process
OKCoin has a reservation of 100% reserves, and can prove the safety of our users’ assets by adopting an independent audit method of mathematical encryption. Although the public reserve proof mechanism can be realized in technology, there is still risk of user privacy exposure, which makes us think more about the carrying out of 100% reserve system audit. We believe that the exchanges and wallet providers need to win trust by promoting sense of responsibility to meet user expectations for bright transparency. Besides, we hold a belief that the Bitcoin industry has the ability to provide more assurance and responsibility than those traditional financial services industry.
Today, OKCoin became the first Bitcoin exchange which had implemented Merkle Tree certified 100% reserve among China's three major ones, hoping to lead a healthy development of the industry. We were also honored to invite Stefan Thomas, the CTO of Ripple. Stefan Thomas often gets invited to speak at world's major conferences as an industry recognized cryptography and cryptocurrency expert. He was the auditor of Bitfinex and Kraken 100% reserve with rich experience in audit process and is very familiar with Merkle Tree certified technical details. Just like the Audit of Bitfinex and Kraken, in order to ensure a fair and impartial audit, Stefan Thomas made no charge on OKCoin.
Audit Process Overview
1. Auditor verifies OKCoin all wallets assets
OKCoin provides all public address to the auditor and signed them. Block hash will be a part of the signature information, which can be a time stamp to prove signature time. These signed public addresses will be confirmed afterwards, then auditor can obtain the total amount of bitcoins on those address at a time point by Bitcoin block chains.
2. Auditor audits whether the OKCoin users’s account balance is consistent with OKCoin wallet amount.
OKCoin provides every user bitcoin account information to auditors and form up Merkle tree. The auditors will announce the hash on Merkle root node, and confirm the total coin amount of OKCoin wallet is more than all user account coin amount. This process also ensures that OKCoin reserves all user bitcoins.
OKCoin reserve auditor Stefan Thomas audit announcement:
3. Users can confirm by themselves whether their accounts are contained within the audit obtained data
We will provide users with bitcoin quantity in the user account as well as all the nodes hash on the root node. We will also provide a concrete method about how these node hashes generated, then users can know if their bitcoins are included in this audit.
We will introduce the potential disadvantages of this audit method based on the public concerns of transparency.
We can prove we’re the owner of the private key and have full control on our wallet when the audit begins. However, this method can’t prove that we are the only owner of the private key.
Performing the audit requires to use both hot and cold wallet, the process is complex which can’t be audited with high frequency.
Auditor must be credible and be able to handle this work in technology.
No guarantee for exchange’s private key can’t be stolen after audit.
More regular audits are expected in the future. We will invite different auditor or more than one auditors to improve the trust of users.
How to check whether your OKCoin account is contained in this OKCoin audit
These instructions explain how to verify your OKCoin account information and whether it is included in the audit by cryptography methods. This confirmation will reflect your bitcoin amount during the audit.
If you have not logged in yet, please login to your OKCoin account. Go https://www.okcoin.cn/ and ensure your browser address bar section is "https://www.okcoin.cn/".
Click on "Trade Center" menu -> "Asset Audit" secondary menu
View the information of your account that auditors have reviewed during the audit:
Audit time, which is used to display the timestamp audit time.
User ID, a unique identifier for the user in the system.
Random value, which is randomly generated in this audit, user’s node hash will change even if the user account balance unchanged the next time.
Bitcoin amount represents the number of coins in your account when auditing, which was asset information we provided to auditors.
Assets proof is all hashes from your node to the root node, and the adjacent node hash. There is a * symbol when a hash rate was displaying on the direct path, which is used to distinguish the other hash rate from adjacent nodes. Then you can confirm your nodes are included on this root through these hashes.
Notes: root node hash rate information published by the auditor, a detailed report with signature will also be provided.
The first line should match with the root node hash rate auditors published.
If you want to confirm your own node’s hash rate (the last one marked * in the list), run the following code:
Nonce = sha256 (ID || random rate) own node hash = sha256 (nonce || "|" || amount
This rate needs to be consistent with the last hash rate with *
You can fully audit your Merkle branch by generating a hash rate of each pair of hash rate. The format is:
sha256 (left-hash || "|" || right-hash)
There is a * symbol next to the hash rate, which represents the node on you direct path. Black for the left node, gray for the right node. The hash rate of the nodes, all lowercase letters.