Author: wallet Source: dWallet Labs Translation: Shan Ouba, Golden Finance
Zero Trust Architecture is a security model that requires continuous verification of each operation, eliminating inherent trust, thereby enabling secure, native interactions across the entire Web3.
Zero Trust Architecture is a modern approach to network security that emphasizes verifying everything and trusting nothing. The model ensures that every operation, access request, and interaction is thoroughly authenticated and authorized, eliminating inherent trust.
The castle and moat model is an older approach to network security. In this model, a secure perimeter (moat) is established around a trusted internal network (castle). Once within this perimeter, entities can gain broad access without further review. While this model works in simpler network environments, it is inadequate when dealing with today's complex and interconnected digital environments. The main weakness of this approach is that it relies on the impenetrability of the "moat" and assumes that the threat is always external, ignoring the possibility of internal vulnerabilities or compromised credentials.
Zero Trust was developed in response to the vulnerabilities of the castle and moat model. In Zero Trust, every entity, whether inside or outside the network, is considered untrusted unless proven to be trusted. This means that every action, access request, and interaction must go through a rigorous authentication and authorization process.
Zero Trust is not new in Web3. Blockchain technology has been using a Zero Trust approach since the creation of Bitcoin. In a blockchain network, no entity is trusted. Instead, every user can independently verify each transaction, ensuring that the protocol is followed correctly from beginning to end. This verification process eliminates the need to trust any authority, including the nodes running the network.
In a hypothetical scenario, imagine a blockchain called Castleum that adopts the castle and moat model. Here, validators process transactions and update the blockchain state without user verification, which creates potential vulnerabilities if the consensus mechanism is compromised. In contrast, Ethereum's zero-trust architecture requires users to sign transactions, and validators include them in blocks only after verifying their authenticity, and this authenticity is verified by each user.
With the development of Web3, many blockchain networks have emerged, each operating within its own domain. While these networks maintain zero trust within their boundaries, challenges arise when interoperability between different blockchains is required. Traditional methods of connecting these networks involve sacrificing zero trust principles and returning to the castle and moat model.
The "sovereignty issue" stems from the need to connect independent blockchain networks, requiring trust in a third party to manage cross-chain interactions. This trusted entity (or entities) becomes a single point of failure, sacrificing the zero trust model. Additionally, these solutions become bait for attackers, known as the “honeypot problem.” The more assets controlled, the greater the incentive for malicious actors to break through their defenses.
ZTPs (Zero Trust Protocols) are Web3 protocols that adopt a zero trust architecture. They require continuous verification of each operation, ensuring that no entity is inherently trusted. In an isolated network, ZTPs are the standard for Web3 and maintain a zero trust model by ensuring that only assets native to that network are involved. This means that in a single blockchain like Ethereum, zero trust can be maintained for transactions involving the native assets of that chain, thus achieving “isolated ZTPs.”
Take the example of Uniswap, a popular decentralized exchange on Ethereum. When a user wants to swap two Ethereum native assets, such as UNI and ETH, Uniswap operates as a zero trust protocol. The protocol inherits Ethereum's zero-trust architecture, ensuring that every transaction can be verified by all users.
When interacting with wBTC, Siled ZTP (Uniswap) operates as a CMP. wBTC/ETH is currently the largest mining pool on Uniswap.
However, if a user wants to exchange ETH and wBTC (Wrapped Bitcoin), the situation changes. wBTC is a BTC derivative that relies on a centralized custodian (BitGo). In this case, Uniswap loses its zero-trust nature because the security of wBTC relies on BitGo's castle and moat architecture, requiring users to trust BitGo instead of independently verifying transactions. This makes Uniswap operate as a castle and moat protocol (or CMP).
Since users cannot interact with tokens from other networks (such as BTC or SOL) directly within Uniswap, they must rely on derivative wrapped assets that rely on the castle and moat architecture, making Uniswap an isolated ZTP. This typically includes traditional cross-chain solutions such as bridging, cross-chain messaging, and joint MPC.
In order to create ZTPs that are not limited to the network on which they are deployed, the dWallet network uses advanced encryption methods to maintain zero trust between different networks. The dWallet network's 2PC-MPC encryption protocol enables ZTPs to operate in a variety of blockchain ecosystems without compromising its zero trust principles. By cryptographically requiring user participation, dWallet ensures that every operation is verifiable and no entity is trusted.
2PC-MPC is a cryptographic scheme that allows two parties (in this case, users and the dWallet network) to jointly generate signatures for any network, involving hundreds to thousands of decentralized nodes, forming a non-collusive and massively decentralized system. The participation of users ensures zero trust, while the participation of the dWallet network creates the infrastructure for ZTPs by enforcing logic through the protocol.
User and network participation: For any transaction or operation to be verified, both the user and the dWallet network must participate. User participation is essential to generating the necessary cryptographic signatures.
Decentralized verification: The dWallet network consists of a large number of nodes that work together to verify user input and transaction details. This decentralized verification process ensures that no single entity can control or manipulate transactions.
Cross-chain interaction: ZTPs allow secure interaction between different blockchain networks. For example, users can interact with assets on Ethereum and Bitcoin without compromising the zero-trust model. The dWallet network ensures that all operations are verified and authenticated between these networks.
Vitalik Buterin has expressed skepticism about cross-chain applications, mainly due to the inherent security limitations of bridging between blockchains, especially in the face of a 51% attack on the chain with weaker security, highlighting the risks of these connected castle and moat architectures, especially in the face of a 51% attack on the chain with weaker security, which would jeopardize the native assets on the chain with stronger security.
ZTPs are necessary for a multi-chain world that does not rely on castle and moat architecture. Providing decentralized custody, multi-chain DeFi, and non-custodial wallet solutions.
Zero Trust Protocols (ZTPs) are essential to maintaining the security and integrity of multi-chain Web3. By requiring continuous verification and eliminating inherent trust, ZTPs ensure that interactions between different blockchain networks are secure and resilient. Enabling secure interactions across any blockchain paves the way for innovative decentralized applications.
As we continue to explore the potential of blockchain technology, embracing zero-trust principles through ZTPs will be critical to building a secure and interoperable Web3 ecosystem.