Solana Founder Anatoly Yakovenko and Vitalik Buterin Engage in Year-Long Debate on Bridge Security

Solana Labs’ co-founder Anatoly Yakovenko has recently resumed discussions with Ethereum creator Vitalik Buterin regarding bridge security after a hiatus of almost a year. In May 2022, blockchain activists were discussing the possibility of detecting and preventing attempts to cheat a system that allows funds to move between different networks by illegally using the same money multiple times.

Yakovenko tweeted that he didn’t understand why Buterin believed bridges would have inadequate security if a light client could confirm that no single node had been able to generate a fraud proof in time T, as it was close to 1/N security guarantees. Buterin responded by mentioning the possibility of a 51% attack.

Solana Labs’ co-founder Anatoly Yakovenko

Yakovenko went on to discuss the possibility of a double spend and how it could be proven. He suggested that if a double spend was proven during a withdrawal period, then there needed to be some social layer on the local side of the bridge to pick which fork became canonical. Buterin questioned what Yakovenko meant by “social layer on the local side,” to which Yakovenko replied that there was no way to avoid adding some majority assumptions.

Buterin then tweeted that bridged assets could not survive 51% attacks, and in the “big chain asset bridges to small chain” case, the thing that needed to be 51% attacked was small. Yakovenko has been thinking about this issue for nearly a year, and today, on April 6, 2023, he tweeted a solution to the problem.

Yakovenko proposed a “trust minimized bridge between independent L1s,” which guarantees that local users can exit their bridged assets back to the local chain even if the remote chain has a dishonest majority, does a 51% attack or withholds data. This guarantee doesn’t depend on an honest majority of the remote chain and only needs 1/N honest remote nodes.

According to Yakovenko’s proposal, local users can post a transaction bundle on the local chain. If it’s not included within time T by the remote chain, the remote chain is considered faulty. Once the remote chain is considered faulty, the right to update the remote chains state root on the local chain is auctioned off on the local chain. Whomever wins the auction can update the last unchallenged root. This can happen on every subsequent block. The bridge must have an exit finality long enough to ensure that local users can issue a data availability challenge.

For confirmations, local users must wait for the remote root to be confirmed on the local chain as well. If the remote chain withholds data from honest nodes, local users can post a DA challenge. The challenge requires the remote chain post its missing data to the local chain. If it doesn’t post the data, the remote chain is considered faulty. Worst case is that users would need to pay for data availability of the remote chain locally. If this becomes persistent, users can exit the bridge.

If the remote chain double signs two different forks, posts fork A on the local chain, and confirms a different sibling fork B remotely, it is not a fault. The locally finalized fork A is the canonical fork. Remote fork B becomes a different L1 altogether and is completely irrelevant to the bridge. Local chain never needs to observe remote fork B and doesn’t need DA for it. In this scenario, users can still post transactions locally and build on top of A. If the majority censors the auction mechanism takes over updating the root. This is why users interacting with bridged assets must wait for the local chain to finalize the root.

Once the invalid root is detected, users would issue a challenge to retrieve the correct data from the remote chain. After obtaining the data, users can then execute an optimistic fraud proof protocol or rely on zero-knowledge proofs (ZKPs) to confirm the real root.

The design proposed by Yakovenko aims to create a trust-minimized bridge between independent Layer-1 networks. The bridge’s design ensures that local users can exit their bridged assets back to the local chain even if the remote chain has a dishonest majority, does a 51% attack, or withholds data. This guarantee doesn’t depend on an honest majority of the remote chain and only needs one in N honest remote nodes.

It’s important to note that this is still a proposed design, and it remains to be seen how it will be received by the wider blockchain community. However, the fact that Yakovenko has resumed the dialogue with Buterin after almost a year indicates that there is a continued interest in developing solutions that can improve the security of blockchain bridges.

The importance of developing secure bridges between different blockchain networks cannot be overstated. As more networks emerge and gain traction, the ability to move assets between these networks becomes increasingly important. However, without secure bridges, the risk of double-spending and other fraudulent activities increases, potentially undermining the trust in these networks and their assets.

Overall, the proposed design by Yakovenko represents a significant step forward in developing secure bridges between independent Layer-1 networks. It remains to be seen how the wider blockchain community will receive the proposal, but it is clear that there is a continued interest in finding solutions to improve the security of these important components of the blockchain ecosystem.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like