HomeCoinsAvalanche (AVAX)Avalanche Bridge: Secure Cross-Chain Asset Transfers Using Intel SGX | by Conor...

Avalanche Bridge: Secure Cross-Chain Asset Transfers Using Intel SGX | by Conor Leary | Avalanche | Aug, 2021

- Advertisement -


The Intel SGX application consists of a trusted codebase that runs within an enclave, and an untrusted codebase that runs outside. The untrusted code is responsible for initializing and starting the enclave as well as running the remote attestation server. Remote attestation is the process by which a third party can attest to a remote entity that it is trusted, and establish an authenticated communication channel with that entity. As part of attestation, the enclave proves its identity, that the source code hasn’t been tampered with, that it’s running on a genuine SGX enabled platform, and that it has the latest security updates. Within the Bridge Architecture, each warden will perform attestation upon startup and post the report to a public JSON file.

The enclave communicates directly with the wardens to learn about on-chain events and send signed transactions. Signed transactions include the creation of smart contracts on the Avalanche C-Chain for wrapped ERC20s, minting assets on Avalanche, and releasing assets on the Ethereum EVM to designated addresses.

All private keys for the addresses used by the enclave on both Ethereum and the Avalanche C-Chain are derived from a single master secret generated on the initial startup within the enclave. At no point does the Bridge operator have access to this secret. Within the enclave, the secret is split into shares using Shamir secret sharing and distributed to a collection of 4 wardens. The sharing process starts with the enclave using TLS to verify the identity of each warden. Each time the enclave starts up or the wardens receive a request for their shares, each warden performs remote attestation with the enclave to verify its status and establish a shared session key. The enclave uses this shared key (unique to each warden) to individually encrypt each share before sending them to the wardens.

On restart, the enclave requests the shares from the wardens over a TLS connection, requiring 3 of 4 to recompute the master secret. After attestation, the warden encrypts and returns its secret share using the shared session key generated during remote attestation. The Bridge reconstructs the master secret from a threshold of secret shares and uses the master secret to rederive the private keys for an Ethereum address (used to hold funds) and Avalanche address (used to deploy the smart contracts and mint new assets).

The Warden instances consist of three main components, a Golang server used to index ETH and Avalanche transactions and communicate with the Bridge, an AvalancheGo node, and an Ethereum Geth node. The Wardens’ responsibilities are broken down below:

  1. Storing secret shares: Each warden gets a single secret share from the enclave when the enclave first initializes. A set threshold of these shares is sufficient to regenerate the enclave’s “master secret”. If the enclave ever restarts, it will query the Wardens to get their secret shares and recompute its master secret value. All keys used by the enclave are deterministically derived from the master secret.

As announced previously, the AEB relayers will sunset their bridge during the week of August 9th in favor of the new Avalanche Bridge. The sunset process will consist of the AEB bridge being shut down. Asset transfers across the AEB bridge will be disabled permanently. Once the Bridge has been shut down and any pending transactions finalized, the AEB relayers will come together to transfer all ERC20s on the Ethereum side to the Avalanche Bridge Wallet. The Avalanche Bridge has been configured to ignore transfers coming from the AEB contract addresses so no funds will be minted in response. Once the transfer has finished, a new enclave build will be pushed enabling swaps on the Bridge token contracts. At this point, the Bridge frontend will enable token swaps and a set of token conversion tutorials will be released.

The Avalanche Bridge makes use of Intel SGX to create a quick, secure, and low cost bridge between the Avalanche and Ethereum Networks. It consists of a secure SGX enclave and a collection of trusted partners running warden nodes. The design enables the Bridge to reduce the on-chain requirements to a single action (smart contract call or ERC20 transfer) without sacrificing security. As a result, the Avalanche Bridge provides one of the cheapest, fastest and easiest to use cross-chain transfer processes available today.

Project Contributors



Source link

- Advertisement -
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,549FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 57,458.00
ethereum
Ethereum (ETH) $ 4,486.85
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 573.02
litecoin
Litecoin (LTC) $ 205.30
eos
EOS (EOS) $ 4.01
okb
OKB (OKB) $ 24.37
tezos
Tezos (XTZ) $ 5.55
leo-token
LEO Token (LEO) $ 3.42
cardano
Cardano (ADA) $ 1.60
monero
Monero (XMR) $ 234.16
stellar
Stellar (XLM) $ 0.335484
chainlink
Chainlink (LINK) $ 25.16
huobi-token
Huobi Token (HT) $ 9.98
tron
TRON (TRX) $ 0.09715
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 181.52
neo
NEO (NEO) $ 38.54
iota
IOTA (MIOTA) $ 1.41
nem
NEM (XEM) $ 0.175336
zcash
Zcash (ZEC) $ 234.05
maker
Maker (MKR) $ 3,096.11
paxos-standard
Pax Dollar (USDP) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 48.04
vechain
VeChain (VET) $ 0.122022
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 51.58
kucoin-shares
KuCoin Token (KCS) $ 25.26
waves
Waves (WAVES) $ 21.56