Paper 2015/1008

Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges

Gaby G. Dagher, Benedikt Buenz, Joseph Bonneau, Jeremy Clark, and Dan Boneh


Bitcoin exchanges function like banks, securely holding their customers' bitcoins on their behalf. Several exchanges have suffered catastrophic losses with customers permanently losing their savings. A proof of solvency demonstrates that the exchange controls sufficient reserves to settle each customer's account. We introduce Provisions, a privacy-preserving proof of solvency whereby an exchange does not have to disclose its Bitcoin addresses; total holdings or liabilities; or any information about its customers. We also propose an extension which prevents exchanges from colluding to cover for each other's losses. We have implemented Provisions and show that it offers practical computation times and proof sizes even for a large Bitcoin exchange with millions of customers.

Available format(s)
Publication info
Published elsewhere. Major revision. ACM CCS
Bitcoinproof of solvency
Contact author(s)
jbonneau @ cs stanford edu
2015-10-26: last of 2 revisions
2015-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gaby G.  Dagher and Benedikt Buenz and Joseph Bonneau and Jeremy Clark and Dan Boneh},
      title = {Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1008},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.