Zcash Elastic Subnet Bridge on Avalanche

Hello! An update on the ZavaX bridge is overdue, but before this, we did not have much more to report than, “We’re continuing to work on combining technologies into a new bridge design.” Building ZavaX is a creative process. We are building on the shoulders of giants, but a bridge exactly like this one has not yet been built. It’s taking some time to think through the design particulars carefully.

Now we have a finding that is worth sharing: after careful consideration, we will not be using Intel SGX technology in the ZavaX bridge. It is not needed, and as such, using it would be adding a bit of “security theater” to the bridge while actually slightly harming its security.

The design of the ZavaX bridge is inspired by Ava Labs’ Bitcoin-Avalanche bridge which uses SGX, so that is why we had initially thought that we would use SGX for ZavaX. But the Bitcoin-Avalanche bridge is a centralized bridge running on one computer that was created before Avalanche subnets existed. Its designers wanted to decentralize its operation somewhat for added security in spite of subnets not yet being available, so they leveraged SGX secure enclave technology to accomplish this task.

Their bridge consists of one centralized computer with an Intel SGX enclave that runs the bridge code. The bridge computer cannot move funds on its own; it requires the signatures of six out of eight trusted bridge Wardens. None of the Wardens have direct access to the bridge computer, and yet each needs to be sure that it is indeed communicating with the real bridge, and that the bridge computer’s code has not been compromised.

This is where SGX technology is useful. The Bitcoin-Avalanche bridge’s SGX enclave signs each request to Wardens, proving that the code it just used to make the request is the same trusted code that has made previous requests (this is called “remote attestation”). The Wardens can then accept or reject each bridge transaction, assured of its integrity.

The ZavaX bridge, however, while inspired by the Bitcoin-Avalanche bridge, will use an Avalanche elastic subnet for decentralized security, and as such does not need SGX at all. Design elements:

  1. Every subnet validator is a Warden, and there is no centralized bridge computer.
  2. With the ZavaX bridge, any Warden can be a transaction Initiator, proposing a transaction to the ZavaX bridge subnet, and because the Wardens are in a subnet together, they are already authenticated to each other.
  3. Every Warden is running both Avalanche and Zcash nodes, so each has equal knowledge of what has transpired on both platforms.

Since the ZavaX bridge is a subnet—a mini proof-of-stake blockchain—it inherits all the security properties of blockchains. As with all PoS blockchains, there is no need for any validator/Warden to trust the code running on any other validator/Warden’s computer because as with all PoS blockchains, a super-majority rules, and the subnet’s transaction valid/invalid decision can only produce wrong answers if a super-majority of validators/Wardens are byzantine and cheat.

Because there is no centralized computer in the ZavaX bridge, no one computer needs to attest to the others that it is running trusted code. If one Warden does run rogue code that produces false results, the subnet’s other Wardens will simply overrule it, and punitive measures may be taken by the subnet (such as temporarily banning, slashing, and/or permanently banning).

Since SGX is not needed for security, avoiding using it has three advantages:

  1. Simple and clean bridge design is key—for pragmatic reasons. Clean code is easier to audit; each added technology and complexity brings with it risk. Bridges are inherently high-risk. KISS.
  2. Intel SGX technology is not perfect. There are known side-channel attacks that can steal private keys under some circumstances. Not including SGX removes the possibility of these attacks.
  3. This means that the ZavaX bridge won’t have dependence on a single corporation (Intel) for it to remain functioning. A ZavaX bridge validator/Warden will be able to run on any computer—with some minimum system requirements of course—that can run Linux.

We considered including Intel SGX technology in the ZavaX bridge design with the best of intentions, based on its use in the Bitcoin-Avalanche bridge. However, we have concluded that because of ZavaX has evolved past centralized security to using blockchain security, the right path forward is to exclude it and build a better bridge. Onward!