Paper 2021/1077

MProve+ : Privacy Enhancing Proof of Reserves Protocol for Monero

Arijit Dutta, Suyash Bagad, and Saravanan Vijayakumaran


Proof of reserves protocols enable cryptocurrency exchanges to prove solvency, i.e. prove that they have enough reserves to meet their liabilities towards their customers. MProve (EuroS&PW, 2019) was the first proof of reserves protocol for Monero which provided some privacy to the exchanges’ addresses. As the key images and the addresses are inherently linked in the MProve proof, an observer could easily recognize the exchange-owned address when a transaction spending from it appears on the blockchain. This is detrimental for an exchange’s privacy and becomes a natural reason for exchanges to not adopt MProve. To this end, we propose MProve+, a Bulletproofs- based (S&P, 2018) NIZK protocol, which unlinks the key images and the addresses, thus alleviating the drawback of MProve. Furthermore, MProve+ presents a promising alternative to MProve due to an order of magnitude smaller proof sizes along with practical proof generation and verification times.

Note: This is the full version of the original paper published in IEEE Transactions on Information Forensics and Security.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE Transactions on Information Forensics and Security
CryptocurrencyMoneroProof of Reserves
Contact author(s)
arijit dutta67 @ gmail com
2021-08-23: received
Short URL
Creative Commons Attribution


      author = {Arijit Dutta and Suyash Bagad and Saravanan Vijayakumaran},
      title = {MProve+ : Privacy Enhancing Proof of Reserves Protocol for Monero},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1077},
      year = {2021},
      doi = {10.1109/TIFS.2021.3088035},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.