MProve+: Privacy Enhancing Proof of Reserves Protocol for Monero

Proof of reserves protocols enable cryptocurrency exchanges to prove solvency, i.e. prove that they have enough reserves to meet their liabilities towards their customers. $\textsf{MProve}$ (EuroS&PW, 2019) was the first proof of reserves protocol for Monero which provided some privacy to the exchanges’ addresses. As the key images and the addresses are inherently linked in the $\textsf{MProve}$ proof, an observer could easily recognize the exchange-owned address when a transaction spending from it appears on the blockchain. This is detrimental for an exchange’s privacy and becomes a natural reason for exchanges to not adopt $\textsf{MProve}$ . To this end, we propose $\textsf{MProve}$ +, a Bulletproofs-based (S&P, 2018) NIZK protocol, which unlinks the key images and the addresses, thus alleviating the drawback of $\textsf{MProve}$ . Furthermore, $\textsf{MProve}$ + presents a promising alternative to $\textsf{MProve}$ due to an order of magnitude smaller proof sizes along with practical proof generation and verification times.