Repairing Inter-Chain Bridges with Confidential Computing

Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.


Every once in a while we hear that a cross chain bridge has been hacked. In 2022 alone, six bridges were hacked and over $1.2 billion worth of crypto assets were stolen.

What are cross-chain bridges? What are they for? And why are they such important honeypots? Can confidential computing be used to improve the security of cross-chain bridges?

Cross-chain bridges help move crypto assets from one blockchain to another. Interesting circumstances popularize them. For one thing: older blockchains that have survived over the years end up having more valuable assets. But older blockchains are often slow, have low throughputs, and offer higher transaction fees. On the other hand, new blockchains or sidechains can be fast, have high throughput, and transaction fees can be extremely low. Cross-chain bridges make it easier to move popular assets from older blockchains to newer blockchains and sidechains where they can be transacted more efficiently.

Let’s understand how an inter-chain bridge works. A crypto asset is locked into a vault smart contract on the source blockchain, and a representation of that asset is minted into the peg smart contract on the destination blockchain. A set of entities commonly referred to as “gatekeepers” are responsible for monitoring the vault smart contract on the source chain for new deposits and creating their representations in the peg smart contract on the destination blockchain.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.

register here

Conversely, when representations are destroyed in the smart contract peg, these guardians are responsible for releasing an equivalent amount of tokens held in the smart contract vault on the source chain.

Figure 2: A schematic showing how inter-chain bridges work.

It’s easy to see that an attacker can either attack the chest smart contract, the ankle smart contract or the keepers. Often, vulnerabilities are found in smart contracts. For example, the latest hack of bridge provider Nomad resulted in the loss of nearly $200 million, exploiting vulnerabilities in smart contract logic on the source blockchain. These were introduced during a smart contract upgrade process. Axie Infinity’s Ronin Bridge attack resulted in a loss of $625 million; the attack on Horizon Bridge operated by California-based Harmony resulted in the loss of $100 million. Both of these attacks involved compromising the keys held by the guards.

Figure 3: Tweets by Harmony founder Stephen Tse, describing that the private keys were indeed compromised. It also describes the system used to store the private keys. This level of security is not sufficient.

Harmony did not use in-use data encryption. It is quite possible that the private keys were lost due to a core dump attack. It is irrelevant that the keys were double-encrypted at rest. When these keys are used, they are brought into main memory. If the memory of the process using the key is cleared, the private key can be extracted.

Figure 4: Enterprise-Grade Confidential Computing

Enterprise-Grade Confidential Computing

Confidential Computing is a technology that supports encryption of data in use. Simple memory dump attacks do not work when using confidential computing technologies such as Intel SGX. It is also possible to raise the bar and create an enterprise-grade confidential computing platform. This involves supporting cluster-mode operations, high availability, disaster recovery, obtaining a variety of security certifications, and protecting nodes with tamper-proof hardware to prevent side-channel attacks. Enterprise-grade confidential computing platforms also support quorum approvals for the use of stored keys. Multiple approvers may be required to sign transactions with each key.

Since cross-chain bridges store remarkably large sums of cryptocurrencies, confidential enterprise-grade computing platforms should be used by custodians to generate, store, and use keys.

But it’s also difficult for a bridgekeeper to fully trust an enterprise-grade confidential computing platform. What if the platform operator refuses service for any reason? Generating keys that do not depend on a user-provided seed can be dangerous. A DOS attack could cause funds to be permanently locked.

One solution is to own the platform and deploy it yourself in the data centers of your choice. The other solution is to have the platform generate a key and then have it generate components of the key using a threshold secret sharing scheme. Shares can be encrypted with public keys provided by bridge keepers. This way, if a threshold number of guardians can combine their shares, the key can be regenerated even in the event of a DOS attack by the vendor of the enterprise-grade confidential computing platform.

Bridge keepers need to reconsider how they manage their keys. We’ve seen too many attacks that could have been avoided with better key management practices. Keeping the keys online and keeping them safe is a difficult task.

Fortunately, enterprise-grade confidential computing can greatly improve the security of bridge guardian keys.

Pralhad Deshpande, Ph.D. is a Senior Solutions Architect at Fortanix.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.

If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider writing your own article!

Learn more about DataDecisionMakers

About Andrew Miller

Check Also

Malaysia harnesses the digital nomad sector

PETALING JAYA: Malaysia has joined the list of countries that issue visas for digital nomads, …