In wake of the collapse and bankruptcy of Mt. Gox, which was once the biggest Bitcoin exchange, many commentators have proposed potential solutions to the problem. One of the primary solutions proposed is the cryptographic proof of solvency, whereby an exchange would offer cryptographic proof of sum of account balances without revealing participant's balance via hash-tree.
This solution would be far superior to what we have today, which led to the fact that Mt. Gox became insolvent. However, this solution stems from a view of the old world of finance where clearing firms must hold funds to ensure trades can be executed and that the market functions. In this brave new world of Bitcoin, that is no longer the case. Individual participants can hold onto their own bitcoins and transfer at precisely the moment the trade executes. In fact, the typical mechanisms provided by a brokerage can be executed without the broker, clearing firm, or exchange ever touching the participant's bitcoins. Unfortunately, if you are trading dollars for bitcoins, the same does not apply to your dollars. They would need to be held in the same way that traditional clearing firms, brokers, and exchanges hold assets today. But bitcoins (or other virtual currencies) would not need to be held at all for market orders and only for the period of time while a limit order has been placed but not yet executed. In fact there are even some solutions to giving up control of bitcoins when placing a limit order that I will discuss later.
First, lets discuss market orders. Lets say a participant has some amount of bitcoin that he/she would like to trade. At the time of the trade, the participant has that amount of bitcoin in an address that he controls. He is trading with another participant who has some form of fiat currency which is already ensured to be in their account through the standard mechanisms used by securities and commodity exchanges today to ensure that funds are available. The actual process of making a market order can be consummated with the bitcoin owner signing the transaction in which he sends the bitcoin to the participant(s) that the exchange has instructed him to send it to with his private key and submitting it to the block chain. A commission in which the participant sends bitcoin to the exchange can also be required as part of this transaction. Once the exchange confirms this transaction in the block chain it can debit the purchaser of the bitcoin's fiat currency account and credit the seller of the bitcoin's fiat currency account at the same time. Thus, with market orders, the exchange never even touches the bitcoin at all.
Things get a little more complicated with limit orders, but there are a number of workable solutions that at least reduce the risk of the exchange making mistakes. One solution is that the exchange participants be required to hold a balance in fiat to secure any amount of bitcoin that they wish to trade. Then, the exchange participant can make a trade for bitcoin using a limit order and the exchange can transfer a bitcoin on behalf of the participant when that trade finally executes. The exchange participant is then required to transfer the bitcoin to the exchange, but if that user does not make the transfer, the exchange is protected by the fact that it holds the participant's funds in fiat currency. With such an arrangement, brokers could grant credit facilities to allow for more flexibility in trading and you can picture an environment where this is not a significant limitation.
Alternatively, if the exchange does not want to require all participants to hold fiat currency equal to the amount of bitcoin, exchanges could also setup an escrow scenario whereby in order to initiate a limit order a participant transfers bitcoin into an escrow account that is controlled by the exchange. The user would be able to verify at all times that their money is in the escrow account because each participant would have their own assigned escrow address which no one else would know about and they could verify the balance at all time through the block chain. Once the limit order is triggered, the bitcoins would be transferred from the escrow account to the other market participant. In this scenario, the exchange only holds the bitcoin during the time while the limit order is open which substantially reduces the risk both to the market participant and the exchange. One could come up with ways to implement a multiple signature escrow account that must be signed by the exchange and the participant in order to consummate the transaction as well, but that goes beyond the scope of this blog and may be a topic for the future.
So, in conclusion, while cryptographic proof of solvency is an interesting concept and better than what we have today, there are a number of ways in which exchanges can be avoid holding bitcoins in the first place.