Fix cross-chain bridges with confidential computing

Every now and then we hear that a cross-chain bridge has been hacked. In 2022 alone, six bridges have been hacked and more than $1.2 billion of crypto assets have been stolen.

What are cross-chain bridges? What purpose do they serve? And why are they such prominent honeypots? Can Confidential Computing be used to improve the security of cross-chain bridges?

Cross-chain bridges help move crypto assets from one blockchain to another. Interesting circumstances make them popular. First, older blockchains that have survived over the years eventually have more valuable assets. But older blockchains are often slow, have low throughput and offer higher transaction costs. On the other hand, newer blockchains or side chains can be fast, have high throughput and transaction costs can be extremely low. Cross-chain bridges make it easy to move popular assets from older blockchains to newer blockchains and sidechains where they can be handled more efficiently.

Let’s understand how a cross-chain bridge works. A crypto asset is locked in a vault smart contract on the source blockchain and a representation of that asset is punched into the peg smart contract on the destination blockchain. A set of entities commonly referred to as “guardians” are responsible for monitoring the smart vault contract in the source chain for new deposits and for creating their representations in the peg smart contract on the destination blockchain.

Conversely, when the representations are destroyed in the smart peg contract, these guards are responsible for releasing an equivalent number of tokens in the safe’s smart contract on the source chain.

It’s easy to see that an attacker can attack either the vault smart contract, the peg smart contract, or the guards. Vulnerabilities are often found in smart contracts. For example, the latest hack on bridge provider Nomad resulted in the loss of nearly $200 million, exploiting vulnerabilities in the smart contract logic on the source blockchain. These were introduced during a smart contract upgrade process. The Attack on Axie Infinity’s Ronin bridge led to a loss of $625 million; the attack on Horizon Bridge managed by the California-based company Harmony led to the loss of $100 million. In both attacks, the guards’ keys were compromised.

Harmony did not use data encryption during use. It is very possible that the private keys were lost after a memory dump attack. It is irrelevant whether the keys were doubly encrypted at rest. When these keys are used, they are moved to main memory. If the memory of the process using the key is dumped, the private key can be extracted.

Enterprise Confidential Computing

Confidential Computing is a technology that supports encryption of data in use. Simple memory dump attacks will not work when using Confidential Computing technologies such as Intel SGX. It is also possible to raise the bar and create an enterprise-level Confidential Computing platform. This includes supporting cluster mode operations, high availability, disaster recovery, obtaining a variety of security certifications, and encasing nodes with tamper-resistant hardware to prevent side channel attacks. Enterprise-grade Confidential Computing platforms also support quorum approvals for using stored keys. Multiple approvers may be required to sign transactions with each key.

Given that cross-chain bridges store remarkably large sums of cryptocurrencies, administrators should use Confidential Computing platforms to generate, store, and use enterprise-level keys.

But it is also difficult for a bridge operator to rely completely on a confidential enterprise-level computing platform. What if the platform operator refuses the service for some reason? Generating keys that do not rely on a user-provided seed can be dangerous. A DOS attack can lead to the money being locked permanently.

One solution is to take ownership of the platform and deploy it yourself in data centers of your choice. The other solution is to have the platform generate a key and then have it generate components of the key using a threshold secret sharing scheme. The shares can be encrypted with public keys provided by the bridge operators. In this way, if a certain number of guardians can combine their shares, the key can be regenerated even if there is a DOS attack by the provider of the corporate Confidential Computing platform.

Bridgekeepers need to rethink how they manage their keys. We’ve seen too many attacks that could have been prevented with better key management practices. Keeping keys online and keeping them safe is an arduous task.

Fortunately, enterprise-level Confidential Computing can go a long way in improving the security of bridge guard keys.

Pralhad Deshpande, Ph.D. is senior solutions architect at Fortanix.