DLT Interoperability and More ⛓️#9 ⛓️ — Security and Privacy Challenges in Blockchain Interoperability A Multivocal Literature Review
In this series, we analyze papers on blockchain and interoperability (and both).
This edition covers a recent paper on cross-chain security.
➡️ Title: Security and Privacy Challenges in Blockchain Interoperability A Multivocal Literature Review
➡️ Authors: Terje Haugum, Bjørnar Hoff, Mohammed Alsadi, Jingyue Li
➡️ Paper source
Cross-chain interoperability and security are emerging research topics, paramount for several reasons discussed here.
This study is one of the first to provide academic studies with an overview of cross-chain security. I also advise the reader to take a look at this presentation on cross-chain security.
- The authors propose to analyze 16 scientific and 30 grey literature on security and privacy challenges in blockchain interoperability. The study output points to the following objectives: 1) identify the main security and privacy vulnerabilities targeting blockchain interoperability, 2) identify mitigations to address these vulnerabilities, and 3) highlight the challenges associated with these mitigations.
💪 Strong points:
- The authors used an MLR. As the authors point out, an “MLR is a form of Systematic Literature Review (SLR) which includes grey literature (GL), while a typical SLR uses academic peer-reviewed papers only”. Examples of grey literature include blog posts, technical reports, presentations, white papers, etc. MLRs are extremely important in our field because 1) blockchain research is progressing at an insane speed, and often the only way to keep up is to rely on grey literature (e.g., blog posts summarising a technology); and 2) many the work that is being conducted is expressed in grey literature. People are usually more concerned with building solutions than formalizing them in academic papers.
- The blockchain interoperability framework used in this work is obsolete. Although we used a superset of this framework in our own survey, it is not difficult to argue that interoperability comprises more than notary schemes, side chains, and HTLCs. Besides, some categories are not mutually exclusive: side chains need trusted third parties to relay proofs to side chains; side chains are not relays. However, the framework is relatively simple and the classification fair.
-More modern alternatives are, for example, our most recent work in ACM DLT which simplifies the number of technical solutions, but elaborates on connection modes and interoperation modes:
- Unfortunately, the explored attacks are very tied to specific solutions and are not generalizable. For example, could we have a DoS in the three categories, and not only on HTLCs? Probably. This is a consequence of focusing on the solution type rather than the technical implementation of the interoperability solutions.
- The mitigation section seems very short compared to the number of attacks detected.
- Unfortunately, no real-world attacks were shown.
🔥 Points of interest:
- The dataset is very significant: “a total of 489 scientific papers and 333 grey literature was found in December 2021, almost one year ago. This set was reduced to 16 and 30 in scientific and grey literature respectively after paper filtering.”. The authors could easily have captured many more papers and grey literature hits if they included keywords such as “cross-chain”, “bridge”, and “hack”. The amount of available information (and how quickly it becomes obsolete) shows how challenging working in cross-chain security is.
- “Interchain Security Hub is introduced in Cosmos to share its set of validators with participating (child) chains.”. This seems like a very promising feature. How would it help mitigate cross-chain attacks?
- “Without further investigation, we cannot reach a conclusion that the proposed mitigation implied further security and privacy challenges.” — this basically means that we have a lot of work to do in the area.
- The authors refer to the blockchain trilemma (security, scalability, decentralization) as being influenced heavily by security, which is a good point. In fact, the trade-off does not often sacrifice security. Yet, many attacks on bridges are prevalent. Please refer to our most recent paper that discusses this.
🚀 How does it relate to our work at Técnico Lisboa, INESC-ID, and Blockdaemon? (views are my own and do not necessarily reflect the opinions of my employer)
- Enabling secure, scalable interoperability is an important part of what we do at Blockdaemon. Studying cross-chain security allows a better understanding of the technology, and therefore more secure implementations of protocols.
🚀 What are the implications for our work?
- This work helps us build more secure blockchain interoperability middleware.