As an increasing number of blockchain protocols are launched, each with its own efficiencies, benefits, and areas of focus, there is increased interest from investors and users to move assets and liquidity between them. The implementation of blockchain bridges – also known as token bridges – is essential to create interoperability and allow the exchange and flow of digital assets, enabling greater liquidity between blockchains.
However, with the rush to address the pressure to enable cross-chain liquidity, the security technology underpinning many blockchain bridges was initially relatively weak. Many bridges have a single trusted operator with the power to intercept or intervene in token transfer.
Truly trustless bridges, which do not require users to place trust in a centralized or federated group of operators, can solve the urgent issues around security for bridges and their users. Trustless bridge solutions are critical for the long-term vitality of bridges and blockchains themselves.
Addressing the issue
The main issue with low-security blockchain bridges is that they compromise the benefits of using a transparent, decentralized system, which is what makes blockchain so open, efficient, transparent, and special in the first place. The Wormhole bridge attack in February and the Ronin bridge heist in March compromised a combined $1bn in assets, illustrating what can go wrong when bridges are not architected securely.
Generally, bridges work by locking tokens on one blockchain and minting new equivalent tokens on another, which ensures that tokens do not leave their respective blockchains during a transaction. The tokens are typically deposited into a bridge smart contract on the first blockchain, where they are locked and will be unlocked when the transaction is reversed. The pools of locked tokens represent a honey pot for any hacker, and when compromised, the value of any unbacked wrapped tokens on the destination chain is called into question.
Whilst this issue was raised at Algorand’s latest Decipher conference in November 2021, the extremity of the subsequent Wormhole and Ronin bridge attacks, alongside the fact that the value of assets held on blockchain bridges, has risen to more than $32bn since the beginning of 2021, highlights that rapid action must be taken to implement a more secure bridging solution for the blockchain industry.
Providing a solution
Trustless bridge solutions are the most secure way of designing and building these bridges as they don’t require the participants involved to know or trust each other or a third party for the system to be secure.
For instance, Applied Blockchain and Algorand are collaborating to develop a trustless cross-chain bridge that will initially utilize the security properties of Intel’s hardware security enclave (SGX) and will later use a new cryptography feature called state proofs when this becomes available in Algorand. State proofs are an immutable series of proofs that verify the status of assets held on its blockchain. This enables smart contracts on the target chain to process transactions from the Algorand chain.
Trustless cross-chain technology seek to eliminate the need for intermediaries or third parties to connecting two blockchain networks, thereby improving interoperability and upholding the principle of blockchain technology’s decentralization.
State proofs will help connect Algorand to the broader blockchain world, enabling users to complete cross-chain transactions efficiently, cost-effectively, and securely. Therefore, they will also provide a blueprint for other cross-chain solutions looking to close the security loopholes of more centralized systems.
Next-generation security measures such as the state proofs under development at Algorand (ALGO) will be critical for the long-term viability of blockchain bridge projects. They will solve an urgent security issue and will therefore encourage both users and investors to use these solutions to transfer their assets across chains.
Guest post by Adi Ben-Ari from Applied Blockchain
Adi has over 20 years enterprise software experience, more recently leading major deliveries of production blockchain and advanced cryptography solutions. Adi is widely recognised as an independent thought leader in the industry, a noted speaker at major conferences, and acts as an advisor for a number of startups. His work has been noted by the UK Government, where he was invited to present at Parliament, the House of Lords, and at University College London. Adi has co-invented and designed a number of patents related to confidential computing, cryptography, blockchain and mobile payments.