Succinct’s Ethereum ZK Light Client and the Road to Trust Minimzed Bridges with Hashi

July 3, 2023
/
Gnosis

This article is about the visionary roadmap of the Gnosis Chain native bridges.

The first section is dedicated to the landmark announcement that Succinct's Ethereum ZK Light Client has been officially integrated to secure the Gnosis OmniBridge on Mainnet!

The second section deals with Hashi, an EVM Hash Oracle Aggregator, and the future of bridges on Gnosis Chain.

Succinct’s Ethereum ZK Light Client Securing $40M+ TVL on Gnosis Chain's OmniBridge

Blockchain technology allows people to interact and transact with each other without the need of a trusted central authority or intermediary. It eliminates the reliance on intermediaries by using cryptographic techniques and consensus protocols to establish a high level of trust in the network.

Yet, hacks are frequent and bridges are especially vulnerable with billions of dollars drained from users pockets each year. Trust is an essential part of any technology and its broader adoption. In order for blockchain networks to scale, users must trust that their funds will remain secure even when executing cross-chain transactions.

Gnosis has always sought to protect users in all the products that it's incubated from the Safe (Multi-sig Wallet) to the Cow Protocol (DEX aggregator with MEV protection). Today, we are still guided by the same concern on Gnosis Chain.

In June of 2022, Succinct published GIP-57: Should the GnosisDAO support research of a zkSNARK-enabled light client and bridge on the Gnosis Forum. Eight months ago, Succinct announced the first demo application that uses their unique implementation of “proof of consensus” for Ethereum: a bi-directional bridge between Goerli testnet and Gnosis Chain.

Almost a year later, we are extremely excited to announce the significant security upgrade for Gnosis Chain's OmniBridge. Succinct’s Ethereum ZK light client has officially been integrated to secure the Gnosis OmniBridge on Mainnet! Over $40M TVL and >$1.5B in stablecoin asset flow to date are now secured by Succinct’s ZK Proof of Consensus for Ethereum.

What does this mean for users?

While plans are in place to upgrade all of our native bridges, only OmniBridge users need to be aware of the zk light client integration.

The Price of Security

Transactions will now be verified by the zk light client on the OmniBridge. Ethereum finality and proof of generation will take approximately 20 minutes for each bridged transaction. Users requiring faster transaction times should seek 3rd party bridge solutions.

👉🏽 Connext https://bridge.connext.network/
👉🏽 Hop
https://hop.exchange/
👉🏽 LiFi
https://jumper.exchange/

Users can now feel more confident about bridging their assets into the Gnosis ecosystem. Before, the OmniBridge was secured by a 5/7 multi-sig of validators. Users who bridge assets or data from Ethereum to Gnosis Chain will now have additional security from Succinct’s OmniBridge ZK Validator Smart Contract. Succinct’s validator relies on their on-chain light client to get Ethereum state and verify that messages were sent on Ethereum. As a result, the Succinct validator borrows security from Etheruem consensus itself.

For a more detailed explanation of the technical architecture of Succinct’s zk light client and how they seamlessly integrate it with the existing OmniBridge, please check out their blog post.

We share Succinct’s belief that the next era of cross-chain bridging between different L1 blockchain ecosystems will be powered by zk light clients. We are excited to implement their zero-knowledge proof technology to secure the Gnosis Chain OmniBridge. If you love zero-knowledge proofs and bridges, go try out the OmniBridge and bridge to Gnosis Chain!

👉🏽 OmniBridge: https://omnibridge.gnosischain.com/bridge
👉🏽 Open Source Repo:
https://github.com/succinctlabs/telepathy-contracts

Hashi: Additive Security for Cross-Chain Bridging

At the beginning of this article we discussed the importance of trust and why Succinct’s Ethereum zk light client is critical to the security of Gnosis Chain’s OmniBridge. The integration means that users can trust, with a high degree of certainty, that their assets will remain safe while using the bridge.

Yet, no complex system is perfectly secure. This is especially true of the kind of novel cryptographic, social, and game-theoretic systems that we use to build our cross-chain bridges.

Every bridge is based on one specific security mechanism on the verification layer be it a multi-sig or committee based, Optimistic, or zk light client based (the OmniBridge). The root cause of bridge hacks are the result of either social engineering, compromised private keys or smart contract bug.

None are completely secure; none should be trusted completely. Even a trust-minized system, where trust is shifted from centralized authorities to the underlying technology and the network consensus, contains vulnerabilities if trust is reliant on a single point of failure.

Hashi is an additive security approach to cross-chain bridges. When designing bridges, we must trust bridge mechanisms in a way that is commensurate with their risk. This means not completely trusting ANY bridge mechanism and, instead, distributing our trust among many parallel mechanisms.

As an industry, we have mostly learned this lesson for individual and organizational asset custody; assets are more secure when one account cannot unilaterally control them. It’s why we see over ~$40B held in SAFE multi-sigs today.

But we have not yet learned this lesson for bridges; bridges and bridged assets are more secure when one mechanism cannot unilaterally control them.

With Hashi, users choose which combination of bridges to trust and how many must agree.

Hashi is an EVM Hash Oracle Aggregator, designed to facilitate a principled approach to cross-chain bridge security.

How It Works

Hashi is a system designed to make cross-chain bridges more secure. It works by using multiple independent mechanisms to validate messages instead of relying on just one. This setup is called a Redundant Array of Independent Hash Oracles (RAIHO).

With Hashi, users can build custom oracle adapter contracts for different hash oracle mechanisms. An oracle is like a trusted source that provides information about a specific block on a blockchain. Hashi allows users to query an oracle for the hash of a block on a particular chain. Hashi can be used to secure any form of cross-chain communication from bridges, to governance or NFTs.

Hashi comes with a number of components, namely ShoyuBashi and GiriGiriBashi. ShoyuBashi allows the owner to define an instance of Hashi and a set of oracles for each domain. A domain can be thought of as a specific blockchain. The owner can also set a threshold, which is the number of oracles that must agree on a hash for it to be considered valid. Any user can then query for a unanimously agreed-upon hash from the set of oracles.

GiriGiriBashi is another component that allows the owner to initialize oracles and their threshold for each domain. It also provides the ability to replace quarantined oracle adapters and handle challenges to an oracle’s reported hash. Additionally, GiriGiriBashi aims to minimize the power of governance after initialization to reduce the amount of trust placed on a governance multi-sig. GiriGiriBashi governance has the power to intervene and add/remove oracles only when an oracle has been quarantined. In the scenario where everything runs as expected, the governance multi-sig cannot introduce changes.

Yaho is a feature that enables users to dispatch arbitrary messages through Hashi. These messages are stored and can be relayed to message adapters. Yaru is a function that allows the owner to execute these stored messages.

Hashi also includes the Zodiac Module, which allows users to control an avatar (like a Safe) on one chain from a controller address on another chain using messages passed over Hashi.

It’s important to note that Hashi’s additional redundancy comes with a higher gas cost, meaning it requires more computational resources and may be slower due to the slowest oracle in the set. However, the increased security provided by Hashi outweighs these trade-offs, considering the past security incidents related to cross-chain bridges.

The Future of Bridges on Gnosis Chain

In the near future, the native bridges on Gnosis Chain will integrate Hashi.

As part of a larger vision, we see Hashi as a core component of Beacon Chain-based EVMs and Ethereum trustlessly connecting to each other in a model similar to Cosmos.

Gnosis sees itself as part of a larger Etherverse that marries the best ideas of Cosmos’ internet of sovereign chains with the battle-tested technology and infrastructure of Ethereum with more Beacon Chain-based EVMs to follow on the footsteps of Gnosis Chain.

In the coming weeks we’ll publish more detailed info about the Etherverse and how Gnosis Chain figures in as a core component.

In the meantime, give Hashi a try by developing a new application!

👉🏽 Hashi 橋 GitHub
👉🏽 Gnosis Chain’s OmniBridge

Read original article on mirror.xyzRead original article on substack