Fixing cross-chain bridges with confidential computing

Had been you unable to attend Remodel 2022? Take a look at the entire summit periods in our on-demand library now! Watch right here.

Once in a while we hear {that a} cross-chain bridge has been hacked. In 2022 alone, six bridges have been hacked, and greater than $1.2 Billion price of crypto belongings have been stolen.

What are cross-chain bridges? What objective do they serve? And why are they such outstanding honeypots? Can Confidential Computing be used to enhance the safety of cross-chain bridges?  

Cross-chain bridges assist in transferring crypto belongings from one blockchain to a different. Attention-grabbing circumstances are popularizing them. For one: Older blockchains which have survived through the years find yourself having extra worthwhile belongings. However older blockchains are sometimes sluggish, have low throughputs and supply greater transaction charges. On the flip aspect, newer blockchains or sidechains may be quick, have excessive throughput and the transaction charges could also be extraordinarily low. Cross-chain bridges make it straightforward to maneuver widespread belongings from older blockchains onto newer blockchains and sidechains the place they might be transacted extra effectively.  

Allow us to perceive how a cross-chain bridge works. A crypto asset is locked in a vault good contract on the supply blockchain, and a illustration of that asset is minted within the peg good contract on the vacation spot blockchain. A set of entities which might be generally referred to as “guardians” are liable for monitoring the vault good contract on the supply chain for brand new deposits and for creating their representations within the peg good contract on the vacation spot blockchain.


MetaBeat 2022

MetaBeat will convey collectively thought leaders to present steering on how metaverse know-how will rework the way in which all industries talk and do enterprise on October 4 in San Francisco, CA.

Register Right here

Conversely, when the representations are destroyed within the peg good contract, these guardians are liable for releasing an equal quantity of tokens held within the vault good contract on the supply chain.  

Determine 2: A schematic displaying how cross-chain bridges work. 

It’s straightforward to see that an attacker can both assault the vault good contract, the peg good contract or the guardians. Typically, vulnerabilities are present in good contracts. For instance, the most recent hack on bridge supplier Nomad resulted within the lack of almost $200 million, exploiting vulnerabilities within the good contract logic on the supply blockchain. These had been launched throughout a wise contracts improve course of. The assault on Axie Infinity’s Ronin bridge led to a lack of $625 million; the assault on Horizon Bridge operated by California-based agency Concord led to the lack of $100 million. Each of these assaults concerned compromising the keys held by guardians.  

Determine 3: Tweets by Concord founder Stephen Tse describing that personal keys had been certainly compromised. He additionally describes the system used to retailer personal keys. This stage of safety is just not adequate. 

Concord didn’t use knowledge in-use encryption. It’s fairly doable that the personal keys had been misplaced following a reminiscence dump assault. It’s irrelevant if the keys had been doubly encrypted when at relaxation. When these keys are getting used, they’re delivered to the principle reminiscence. If the reminiscence of the method utilizing the secret’s dumped, the personal key may be extracted.  

Determine 4: Enterprise-grade Confidential Computing

Enterprise-grade Confidential Computing

Confidential Computing is a know-how that helps knowledge in-use encryption. Easy reminiscence dump assaults don’t work when utilizing Confidential Computing applied sciences equivalent to Intel SGX. It is usually doable to lift the bar and create an enterprise-grade Confidential Computing platform. This entails supporting cluster mode operations, excessive availability, catastrophe restoration, acquiring a wide range of safety certifications, and encasing nodes with tamper-resistant {hardware} to stop side-channel assaults. Enterprise-grade Confidential Computing platforms additionally help quorum approvals for utilizing saved keys. A number of approvers may very well be required for signing transactions with every key.  

On condition that cross-chain bridges retailer remarkably excessive sums of cryptocurrencies, enterprise-grade Confidential Computing platforms must be utilized by guardians for producing, storing and utilizing keys.  

However it’s also arduous for a bridge guardian to fully belief an enterprise-grade Confidential Computing platform. What if the platform operator denies service for some purpose? Producing keys that don’t rely on a user-provided seed may be harmful. A DOS assault may result in the funds being completely locked.

One answer is to personal the platform and to deploy it your self in datacenters of your selection. The opposite answer is to make the platform generate a key after which make it generate parts of the important thing utilizing a threshold secret sharing scheme. The shares may be encrypted with public keys offered by the bridge guardians. This manner, if a threshold variety of guardians can mix their shares, the important thing may be re-generated even when there’s a DOS assault by the supplier of the enterprise-grade Confidential Computing platform.  

Bridge guardians must rethink how they’re managing their keys. Now we have seen too many assaults that might have been averted with higher key administration practices. Conserving keys on-line and sustaining them securely is a tricky process.

Fortunately, enterprise-grade Confidential Computing can go a good distance in bettering the safety of bridge guardian keys. 

Pralhad Deshpande, Ph.D. is senior options architect at Fortanix.


Welcome to the VentureBeat group!

DataDecisionMakers is the place specialists, together with the technical folks doing knowledge work, can share data-related insights and innovation.

If you wish to examine cutting-edge concepts and up-to-date data, finest practices, and the way forward for knowledge and knowledge tech, be part of us at DataDecisionMakers.

You may even contemplate contributing an article of your individual!

Learn Extra From DataDecisionMakers

Leave a Reply

Your email address will not be published.