\ In simple terms, we’ve developed a commitment tree with a specific leaf structure that allows us to make the following proof statement: ”I know a Merkle tree with a public root and nodes, the leaves of which contain data about my user balances. The last right leaf in this tree contains data about the total sum of my liabilities per asset.”

\ There are two important aspects of this proof statement:

\ • I have a Zero-Knowledge Proof (ZKP) for this tree that demonstrates that the data in the last leaf is calculated correctly and that there is no negative balance in any leaf. This ZKP proof allows me to verify the integrity and correctness of the total liabilities without having to reveal the actual amounts.[6]

\ • My users can download the snapshot related to their balances from the website and also get the path to verify that their balances are included in the total liabilities. This allows users to independently confirm that their balances have been taken into account in the proof of liabilities.

\ Based on this approach, as a business, I only need to publish the Merkle root and nodes, not the leaf data. With the ZKP, I prove that my total obligations are included in the last right leaf without having to make this data public. This maintains the privacy of the total liabilities while still allowing users and auditors to verify the correctness of the proof of liabilities.

\ In the Proof of Solvency section, we will revisit the last right leaf and discuss how it aids us in maintaining the privacy of the total liabilities while enabling efficient and correct verification.

\ Note: In implementation, it is advisable to use a Merkle Sparse Tree. This reduces some complexity and makes the circuit process more efficient.

:::info This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license.

:::

Feed: Hacker Noon - Medium

View: Original article

Tags: bitcoin