We’re excited to announce that our Android app is now available! Now you can use the Bitfoo mobile app send and receive bitcoins anytime, anywhere. You can use the app independently or in conjunction with our web app - all of the your favorite Bitfoo functions are baked right in, including:
immediate and free transactions between Bitfoo users
send via email, mobile phone, or Bitcoin addresses (via QR codes)
simple, intuitive interface
Users will be required to set a six-digit payment password to send bitcoins using the app. For additional security, we encourage users to set an unlock code on their phone, install a virus scanner, and to make sure you download the application from a reputable source.
We hope you enjoy the Bitfoo mobile client! As always, let us know if you have any comments.
Bifubao was featured in a CCTV segment on Bitcoin! CCTV paid a visit to our humble office in the video and we were able to chat with them about what we are building and Bitcoin. Two of our cofounders, Li Xiao Lai and Pan Zhi Biao were featured. You can watch the segment here.
Thank you to CCTV for coming by and visiting our offices. Come back anytime!
*To correct a misstatement in the segment, we aren’t quite adding one thousand users per day just yet (although we certainly wouldn’t mind!).
##What are reserves? Reserves refers to the funds held by a business. If a business holds funds on behalf of its customers, and its reserve ratio is 100%, this means that it holds 100% of its customer’s funds in reserve. If its reserve ratio is 10%, that means the business only holds 10%, and 90% of the funds are used elsewhere. This is the mechanism used by many banks - depositors give cash to the bank to hold, and the bank lends out a certain percentage while keeping enough in reserve to satisfy withdrawal requests.
##Why does an off-chain wallet need to prove reserves? In Bifubao’s case, our reserves refer to the bitcoins that Bifubao holds on behalf of our users. Our wallet is off-chain, which means that we hold bitcoins for you, with the data being stored on our database. This has many benefits, but one downside is that it is typically difficult to prove that the platform holds the funds that they say they do. This situation was pronounced in the case of Mt. Gox, and since its demise the bitcoin community has demanded accountability from exchanges and wallets that handle bitcoin deposits in an off-chain manner.
##Method of Proof The easiest method of proof is to publish a flat list of all user accounts, total deposits, and the platform’s deposit addresses. However, this method exposes a great deal of company information. The Merkle Tree technique makes it difficult for a company to falsify data while protecting privacy (although some information is necessarily revealed).
##How We Implement Proof of Reserves
Our implementation is based on a method using Merkle Trees as proposed by Bitcoin developer Greg Maxwell, and as detailed here, with a few modifications. Using this method, a company would be able to prove to a user that its data was taken into account in calculating the total amount of funds held.
###User Information To protect user identities, we can’t very well directly publish a list of our user’s email addresses or ids along with their bitcoin holders. Instead, we create a hash using each user’s user_id. Combining the user_id with their balance and nonce makes the resulting hash value even harder to trace. The user_ids should be unique and immutable, so as to decrease the odds of two users choosing the same user_id. In pseudocode, this would look something like the following: hash_value = HASH(user_id + nonce + balance). Because we only display a hash digest, users can rest assured that their personal information won’t be exposed as part of this proof. Besides calculating a unique user_id for each user, we additionally calculate a new nonce each time.
###Bifubao Information This method exposes some of Bifubao’s data. Users can see the total amount of bitcoins on our system and can estimate the total number of users on our system. However, we believe it is worth the tradeoff to verify to our users that we are operating transparently. We are also opening up our source code for the community to inspect.
##Implementation Details We build up the Merkle Tree by first obtaining the relevant data in our database, and then iteratively running the algorithm to construct the tree to the root node.
User Email/ Mobile Phone
###User Nodes The hash of the user node is calculated according to this algorithm:
###Merkle Tree To build the merkle tree, we recursively use the algorithm above until we get to the root node.
###Cold Storage Addresses Our proof of reserves would not be complete without proving our control of assets. Below are our cold storage addresses, where you can see how much we hold in reserve. Because we hold some bitcoins in our hot wallet, the number indicated in the sum of the two addresses below will not be equal to the amount calculated above, but you can use the data to be sure that we at least hold a large percentage of user funds.