The Avalanche Bridge nodes perform periodic key rollovers as a routine proactive security measure, including whenever new nodes are added or removed. Today, we are performing a periodic key rollover to bring our Ethereum bridge up to parity with our Bitcoin bridge.
The Avalanche Bridge utilizes SGX so that no one has access to the bridge keys. The keys that facilitate the movement of funds are generated and stored in a secure enclave on special chips where nobody, not even a node admin, can gain access to them. The keys never leave the secure enclave, the execution paths of the bridge code cannot be modified, and attestations are provided to the hash of the code inside the secure enclave. Together, this ensures bridge integrity, confidentiality, and assurance against byzantine behaviors.
Since a single copy of the keys would be vulnerable to a catastrophic hardware failure, the keys are backed up. Ordinary backups, where data is just replicated, are not suitable for cryptographic keys. The Avalanche Bridge employs a state of the art key backup scheme where key material is first split through Shamir’s Secret Sharing and then encrypted. This enables the bridge to be reconstituted on another node following a hardware failure. The reconstituted bridge can gain access to the same keys, so long as the enclave is running the pristine bridge code as attested by Intel SGX. This ensures that the keys are only given to a properly functioning bridge — no human (not even an insider, system administrator, or node administrator) ever has unfettered access to the keys. This property differentiates the Avalanche Bridge from bridges not built on secure hardware.
Until recently, the Ethereum bridge was backed up to 4 nodes, any 3 of which could facilitate the reconstitution of a replacement bridge in the event of a hardware failure. We are now expanding the backups of the Ethereum bridge to 8 nodes, any 6 of which can reconstitute a bridge. The Bitcoin bridge already uses a 6 out of 8 backup strategy and remains unaffected.
This change in backups is a part of the periodic key rollover happening today. This change will improve bridge security in the rare scenario where the bridge hardware fails and a new bridge must be established.
When the key rollover occurs, the nodes rotate their key shares and the bridge collateral is moved to a new address.
IMPORTANT NOTICE REGARDING THE KEY ROLLOVER
As part of the key rollover, the Avalanche Bridge’s Ethereum and Avalanche C-Chain wallet addresses will change, and will no longer be:
As a result, when you view the Bridge wallet address in explorers such as Etherscan or Snowtrace, you will be directed to new Bridge wallet addresses. These new Bridge wallet addresses will not be known until after the key rollover, because they are generated by secure hardware. Once the key rollover is complete, you can view the new Bridge wallet addresses here.
The Avalanche Bridge will be down temporarily while the periodic key rollover is taking place. While the Web and Core UI indicate the Bridge is down, DO NOT use or attempt to use the Bridge until the rollover is complete.
Bridge users should use the bridge through the Web or Core UI to prevent sending funds to the wrong address. Projects should not hardcode the Avalanche Bridge addresses, as these addresses are subject to change due to periodic key rollovers. It is good security practice to rotate keys periodically and proactively, and such rotations will necessarily modify the public bridge addresses.
Because of the upcoming change of address, users must refrain from activities that send funds to the old addresses. FUNDS SENT TO THE OLD ADDRESSES WILL BE LOST AND IRRETRIEVABLE BY ANYONE, INCLUDING AVA LABS OR ANY OF THE OTHER NODES.
To learn more about our latest Bridge SGX technology and see the full list of node partners (previously referred to as “wardens”), check out our technical article here.
If you want to work on cutting edge blockchain technology, such as the technology that powers the Avalanche platform, bridges, wallet, and subnets, we are hiring!
Ava Labs makes it simple to launch decentralized applications on Avalanche, the fastest smart contracts platform in the blockchain industry. We are empowering people to easily and freely digitize all the world’s assets on one open, programmable blockchain platform.
Ava Labs was founded by Cornell computer scientists who brought on talent from Wall Street to execute their vision. The company has received funding from Andreessen Horowitz, Initialized Capital, and Polychain Capital, with angel investments from Balaji Srinivasan and Naval Ravikant.