Understand the five levels of cross-chain security in one article

Cross-chain bridge attacks have resulted in the cumulative loss of billions of dollars in user funds. These incidents not only caused losses to individuals, but also hindered the development of the entire industry. They also affected Web3's ability to establish a robust on-chain economy and conduct trillions of dollars in daily transaction volume. If the cross-chain bridge of centralization and a single network is abandoned, and instead a "defense in depth" cross-chain solution is adopted, a decentralized architecture is established at multiple levels and on-chain risk control is implemented, the industry can effectively avoid cross-chain attacks.

This article enumerates the five levels of cross-chain security and discusses how Chainlink CCIP develops new cross-chain communication standards for the industry and creates a secure and scalable cross-chain economy for DeFi and traditional finance.

Level 1: Centralization

The most basic cross-chain solution is for a single entity to use a single server and use a single private key to ensure server security. This architecture leads to various key attack vectors and single points of failure, and creates conflicts of interest that seriously threaten the security of user funds. Centralized cross-chain solutions will eventually weaken the advantages of Web3 compared to Web2 solutions.

Centralized networks are highly vulnerable to attacks

Level 2: Superficial decentralization

At this level, decentralization is only superficial. The protocol appears to be decentralized on the surface, but in fact it does not achieve effective decentralization. Typically a single entity is responsible for controlling two or more servers, creating the illusion of decentralization. This cross-chain mechanism is particularly dangerous because it creates a false sense of security and may induce users to use it without full knowledge.

Multichain is a typical case. “The Multichain team previously assured users that the protocol was decentralized, but later revealed that the protocol’s multi-party computing servers and private keys were all controlled by its CEO alone, paving the way for the eventual loss of assets and cessation of operations. The protocol no longer has servers and The private key can only be closed, and the team members are missing.”

A recent case is Mixin Network. The protocol's cloud service was attacked, resulting in the theft of approximately $200 million in funds. This incident further highlights the vulnerability of cross-chain infrastructure with risks of centralization and single points of failure.

Level 3: A monolithic network

At this level, a decentralized network consists of multiple independent nodes, each with an individual private key. Compared with the second layer, the third layer has made significant improvements in security. However, a single network that exists alone cannot expand and cannot support a large-scale cross-chain economy. This is like a blockchain that exists alone cannot support the entire Web3 economy. If one network is used to ensure the security of all cross-chain bridges, once the traffic on one cross-chain bridge surges, it will affect the reliability of all other cross-chain bridges.

In addition, attention needs to be paid to the dependence of decentralized networks on a certain infrastructure provider (such as cloud services). According to research by ThousandEyes, a network intelligence company owned by Cisco, there will be 15,000 cloud service outages in 2022 alone.

Compared with heterogeneous networks, monolithic networks have limited scalability

Level 4: Multiple decentralized networks

This layer leverages multiple independent decentralized networks (DONs) to build cross-chain solutions. This eliminates the risk of single points of failure, allowing the network to handle higher transaction volumes and handle traffic surges. DON's execution of any function requires consensus from a majority of participants in the network. By making cross-chain bridges into independent networks, users can customize and expand the security parameters of each cross-chain bridge. The Chainlink service has been at Level 4 for more than three years, successfully securing more than $8.5 trillion in transaction volume.

However, because cross-chain transfers are very complex and the amount of cross-chain funds is huge, we need to adopt additional risk control technologies and mechanisms to create universal cross-chain standards to support the value transfer of trillions of dollars.

The Chainlink network is composed of multiple decentralized oracle networks (DON)

Level 5: Defense in Depth

Level 5 utilizes multiple decentralized networks to secure every cross-chain transaction, thus achieving an unprecedented level of decentralized security. In addition, this level also uses additional risk control mechanisms to identify risks and proactively take measures to prevent risks, such as emergency closure of cross-chain channels or setting an upper limit on the number of cross-chain tokens (rate limits).

At this level, what users get is not a single network, but multiple networks composed of independent nodes that work together to ensure the security of the cross-chain bridge, specifically for transmitting cross-chain data or messages.

Many cross-chain bridge solutions give a single node or multiple nodes to one person for full custody (such as Multichain), while the fifth level of cross-chain security uses multiple independent nodes, each node has an independent key holder The key holders will even be divided into two different groups of nodes, namely: DON nodes responsible for transactions (transactional DON nodes) and risk management network nodes (Risk Management Network nodes). Another key feature of the independent network in CCIP is that two independent code bases are used to create two completely independent implementation classes. Therefore, CCIP achieves the highest level of client diversification/decentralization in the field of cross-chain interoperability.

With CCIP, the following results can be achieved:

• Multiple independent nodes run by independent key holders.
• Three decentralized networks execute and verify every cross-chain bridge transaction simultaneously.
• Divide the responsibilities to two different groups of node operators, namely: DONs (transactional DONs) responsible for transactions and the Risk Management Network (Risk Management Network), and the nodes in the two groups do not overlap.
• Create two implementation classes based on two independent code bases to improve the level of decentralization. The code is written in two different languages to achieve a level of software client diversity unprecedented in the cross-chain space.
• Achieve an unprecedented level of risk control and quickly adjust to emerging risks or attacks in the cross-chain field.

Chainlink Cross-Chain Interoperability Protocol (CCIP) consists of a Committing DON, Risk Management Network and ution DON. CCIP is the only cross-chain solution that can realize cross-chain token transfer and message transmission at the fifth level. Next, let’s briefly introduce how CCIP sets new industry standards for cross-chain security and reliability by creating multiple decentralized networks.

Step one: Committing DON

Committing DON is a decentralized oracle network (DON) responsible for making commitments to messages, laying a foundation for security. It creates a Merkle tree based on the CCIP message on the source chain and publishes the Merkle root to the target chain to commit to the message.

Create a Merkle tree on the source chain for the CCIP message and publish the Merkle root to the target chain to confirm the message

Step 2: Risk Control Network

Next, use another programming language and create an independent risk control network on another technology stack. This risk control network performs the same task to verify Committing DON. If the Merkle root matches, then the Merkle root on the chain is "blessed". The two networks are independent of each other, each network has its own nodes, and the nodes do not overlap with each other. Messages must obtain commitment and authorization from these two node networks before they can be executed. The risk control network can also set additional conditions based on specific risks, so it can quickly respond to any emerging attacks and threats.

CCIP also contains other in-depth defense mechanisms. For example, when the risk control network detects suspicious activity, it can trigger an emergency shutdown; it can set an upper limit on the number of tokens transmitted within a certain period of time; it can also deploy a time lock contract. When there are a certain number of CCIP node operators, they can directly veto the upgrade proposal or directly upgrade through on-chain configuration.

Risk control network verification CCIP message

Step 3: uting DON

uting DON is responsible for submitting the message to the target chain for execution. At the same time, it also submits a cryptographic proof that the message is contained in an "authorized" Merkle root. CCIP will verify these certificates against the authorized Merkle root, and if the verification is successful, the message will be executed on the target chain.

Chainlink CCIP: Creating Level 5 Interoperability Standards for Web3 and the Global Financial Industry

Level 5 cross-chain security is an integral part of building a robust on-chain economy

"Only CCIP can achieve the fifth level of cross-chain security and achieve decentralization in multiple dimensions. We believe that in the future, financial institutions will need CCIP to securely manage tens of billions of dollars in transactions, and eventually the entire capital market will move On-chain.” —Sergey Nazarov, Co-Founder of Chainlink

Chainlink CCIP can bring cross-chain interoperability with Level 5 security to Web3 protocols and financial institutions. Therefore, top financial institutions such as Swift, DTCC and ANZ, as well as top DeFi protocols such as Aave and Synthetix, have all accessed CCIP to explore cross-chain application scenarios. CCIP achieves unprecedented levels of security and decentralization and is bound to become a universal interoperability standard connecting public and private chains.

If you want to learn more about the underlying architecture and code of CCIP, and start developing safe and reliable cross-chain use cases, please check out the CCIP developer documentation:

(Copy the link and open it in your browser)