Image Credit: whiteMocca/Shutterstock
Were you struggling to attend Transform 2022? Have a look at all the summit sessions inside our on-demand library now! Watch here.
Once in a while we hear a cross-chain bridge has been hacked. In 2022 alone, six bridges have already been hacked, and much more than $1.2 Billion worth of crypto assets have already been stolen.
What exactly are cross-chain bridges? What purpose do they serve? And just why are they such prominent honeypots? Can Confidential Computing be utilized to boost the security of cross-chain bridges?
Cross-chain bridges assist in moving crypto assets in one blockchain to some other. Interesting circumstances are popularizing them. For just one: Older blockchains which have survived through the years find yourself having more valuable assets. But older blockchains tend to be slow, have low throughputs and provide higher transaction fees. On the other hand, newer blockchains or sidechains could be fast, have high throughput and the transaction fees could be extremely low. Cross-chain bridges ensure it is an easy task to move popular assets from older blockchains onto newer blockchains and sidechains where they might be transacted better.
Why don’t we know how a cross-chain bridge works. A crypto asset is locked in a vault smart contract on the foundation blockchain, and a representation of this asset is minted in the peg smart contract on the destination blockchain. A couple of entities which are commonly called guardians have the effect of monitoring the vault smart contract on the foundation chain for new deposits and for creating their representations in the peg smart contract on the destination blockchain.
MetaBeat provides together thought leaders to provide help with how metaverse technology will transform just how all industries communicate and conduct business on October 4 in SAN FRANCISCO BAY AREA, CA.
Conversely, once the representations are destroyed in the peg smart contract, these guardians have the effect of releasing an equivalent level of tokens held in the vault smart contract on the foundation chain.
You can easily note that an attacker can either attack the vault smart contract, the peg smart contract or the guardians. Often, vulnerabilities are located in smart contracts. For instance, the most recent hack on bridge provider Nomad led to the increased loss of nearly $200 million, exploiting vulnerabilities in the smart contract logic on the foundation blockchain. We were holding introduced throughout a smart contracts upgrade process. The attack on Axie Infinitys Ronin bridge resulted in a lack of $625 million; the attack on Horizon Bridge operated by California-based firm Harmony resulted in the increased loss of $100 million. Both of these attacks involved compromising the keys held by guardians.
Harmony didn’t use data in-use encryption. It really is quite possible that the private keys were lost carrying out a memory dump attack. It really is irrelevant if the keys were doubly encrypted when at rest. When these keys are increasingly being used, they’re brought to the primary memory. If the memory of the procedure utilizing the key is dumped, the private key could be extracted.
Enterprise-grade Confidential Computing
Confidential Computing is really a technology that supports data in-use encryption. Simple memory dump attacks usually do not work when working with Confidential Computing technologies such as for example Intel SGX. Additionally it is possible to improve the bar and create an enterprise-grade Confidential Computing platform. This calls for supporting cluster mode operations, high availability, disaster recovery, finding a selection of security certifications, and encasing nodes with tamper-resistant hardware to avoid side-channel attacks. Enterprise-grade Confidential Computing platforms also support quorum approvals for using stored keys. Multiple approvers could possibly be necessary for signing transactions with each key.
Considering that cross-chain bridges store remarkably high sums of cryptocurrencies, enterprise-grade Confidential Computing platforms ought to be utilized by guardians for generating, storing and using keys.
Nonetheless it can be hard for a bridge guardian to totally trust an enterprise-grade Confidential Computing platform. Imagine if the platform operator denies service for reasons uknown? Generating keys that not be determined by a user-provided seed could be dangerous. A DOS attack may lead to the funds being permanently locked.
One solution would be to own the platform also to deploy it yourself in datacenters of one’s choice. Another solution would be to make the platform generate an integral and then ensure it is generate the different parts of the key utilizing a threshold secret sharing scheme. The shares could be encrypted with public keys supplied by the bridge guardians. In this manner, in case a threshold amount of guardians can combine their shares, the main element could be re-generated even though there exists a DOS attack by the provider of the enterprise-grade Confidential Computing platform.
Bridge guardians have to reconsider how they’re managing their keys. We’ve seen way too many attacks which could have already been averted with better key management practices. Keeping keys online and maintaining them securely is really a tough task.
Thankfully, enterprise-grade Confidential Computing can go quite a distance in improving the security of bridge guardian keys.
Pralhad Deshpande, Ph.D. is senior solutions architect at Fortanix.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, like the technical people doing data work, can share data-related insights and innovation.
If you need to find out about cutting-edge ideas and up-to-date information, guidelines, and the continuing future of data and data tech, join us at DataDecisionMakers.
You may even considercontributing articlesof your!