Back

Building Surge's MPC-TSS Bitcoin Bridge

Aug 30, 2024

Our initial goal was to create a Bitcoin bridge that facilitates seamless token transfers between Bitcoin and L2 networks. This bridge aims to simplify the development process and enhance the support for L2 in asset transfers.

Before diving into the specifics, let's address the elephant in the room -

Why did we choose MPC-TSS?

In our quest for a robust and secure solution, we evaluated multiple options, ultimately deciding that MPC-TSS (Multi-Party Computation Threshold Signature Scheme) vaults offer distinct advantages over traditional multi-signature vaults.

Here are the key reasons:

  1. Enhanced Security: MPC-TSS enhances security by eliminating the need for any party to hold a full private key. Instead, the private key is never fully assembled; each party only holds a share of the key, and signatures are generated collaboratively without ever exposing the complete key. This significantly reduces the risk of key compromise.

  2. Dynamic Flexibility: MPC-TSS provides greater flexibility as the threshold (number of required signatures) can be adapted dynamically based on the operational requirements.

  3. Scalability and Efficiency: MPC-TSS high scales. The signing process remains lightweight even as the number of participants grows, keeping transaction sizes small and costs low and signing process is very fast.

Core Components of the Bitcoin Bridge

To get the bridge up and running efficiently, we’ve focused on integrating essential security features such as SPV (Simplified Payment Verification), MPC TSS, and basic proof validation. While this initial setup does not yet include advanced verifier networks or zero-knowledge proof (ZKP) validations for withdrawals, these features are planned for future phases.

Technical Architecture of the MPC TSS Bridge

Dual MPC TSS Vault Setup

In the bridge setup, we implement a dual MPC-TSS vaults to maximize security and prevent unauthorized access.

  1. Bitcoin Deposit Vault: This vault serves as the bridge address for Bitcoin deposit. Secured by MPC TSS, it ensures that no single entity has complete control over the private keys, thus reducing the risk of compromise. The distributed nature of MPC-TSS enhances the security of the deposited Bitcoin, safeguarding it within the bridge.

  2. Signature Generation Vault: This vault is responsible for generating signatures required for contract calls within the bridge. Leveraging MPC TSS, the signing process remains secure and resistant to tampering. This vault also incorporates a Permission Management System (PMS), which enforces predefined permissions before allowing any signatures to be generated. This additional layer of validation ensures that only authorized transactions are signed and processed.

Both vaults governed by their respective Permission Management Systems, ensuring a secure and flexible transaction process that aligns with the bridge’s overall security framework.

Bitcoin Lite Client and SPV Proof Validation

To validate Bitcoin transactions within the bridge, we utilize two key contracts: the Lite Client contract and the Bridge contract. The Lite Client contract stores all block hashes and block headers from the Bitcoin blockchain, playing a critical role in SPV (Simplified Payment Verification) proof validation. This setup ensures that only legitimate transactions are processed by the bridge.

SPV Proof Workflow

  1. Input Collection: The SPV proof takes as inputs the transaction hash, block hash, and relevant block headers stored in the Lite Client contract.

  2. Merkle Path Construction: A Merkle path is constructed using the transaction hash, which is essentially a chain of hashes linking the transaction to the block’s Merkle root.

Example:

Merkle Root
     |
 ------------
 |          |
H(A)       H(B)
 |          |
Tx A      Tx B

  • Tx A and Tx B represent two transactions.

  • H(A) and H(B) are the hashes of Transaction A and Transaction B, respectively.

  • The Merkle Root is derived from hashing the concatenation of H(A) and H(B).

  1. Validation The constructed Merkle path is compared against the Merkle root derived from the block hash and stored block headers. A match confirms that the transaction is valid and included in the block.

This lightweight validation process allows the Lite Client contract to efficiently and securely verify Bitcoin transactions without requiring the full Bitcoin blockchain, making it an integral component of our bridge.

Final Steps and Future Enhancements

Once the SPV proof validates that the transaction, we proceed with additional proof validations to ensure the authenticity. Currently, to verify the source of the transaction and prevent potential hacks, we use a straightforward method where specific values are inscribed during the Bitcoin transaction, which are then cross-verified against the Bridge contract.

These specific values ensure the transaction originates from a trusted source. While effective for the current phase, we plan to enhance this with zero-knowledge proofs (ZKPs) in the future, enabling users to prove the authenticity of their inscriptions using ZKPs within our own verifier network. This approach will significantly enhance security and trust in the bridge.

Upon successful proof validation, the Bridge deposits the corresponding BTC to the recipient address inscribed during the initial Bitcoin transaction on L2, ensuring a secure and seamless transfer. This lays the groundwork for more sophisticated validations in future phases.


Checkout the working POC of our Bridge

You can test it out here: BTC Bridge

Written by

Written by

Surge Devs

Surge Devs

About Surge:

Surge is a Bitcoin MetaLayer for scaling. A decentralized network that enables dApps and rollups to anchor directly to Bitcoin security with permissionless DKLs signature scheme while maintaining block consensus, interoperability, and data availability on the Bitcoin base layer.

Learn more about us

:

X (Twitter)

|

Telegram

|

Docs

|

Blog

|

Github