Coinlive- We Make Blockchain Simpler
Download and install the Coinlive app
Open

How Zero Trust Protocol (ZTP) works and why it is important

Author: wallet Source: dWallet Labs Translation: Shan Ouba, Golden Finance

Zero Trust Architecture is a security model that requires continuous verification of each operation, eliminating inherent trust, thereby enabling secure, native interactions across the entire Web3.

Zero Trust vs Castle and Moat

Zero Trust Architecture is a modern approach to network security that emphasizes verifying everything and trusting nothing. The model ensures that every operation, access request, and interaction is thoroughly authenticated and authorized, eliminating inherent trust.

The castle and moat model is an older approach to network security. In this model, a secure perimeter (moat) is established around a trusted internal network (castle). Once within this perimeter, entities can gain broad access without further review. While this model works in simpler network environments, it is inadequate when dealing with today's complex and interconnected digital environments. The main weakness of this approach is that it relies on the impenetrability of the "moat" and assumes that the threat is always external, ignoring the possibility of internal vulnerabilities or compromised credentials.

Zero Trust was developed in response to the vulnerabilities of the castle and moat model. In Zero Trust, every entity, whether inside or outside the network, is considered untrusted unless proven to be trusted. This means that every action, access request, and interaction must go through a rigorous authentication and authorization process.

A Natural Fit for Zero Trust in Web3

Zero Trust is not new in Web3. Blockchain technology has been using a Zero Trust approach since the creation of Bitcoin. In a blockchain network, no entity is trusted. Instead, every user can independently verify each transaction, ensuring that the protocol is followed correctly from beginning to end. This verification process eliminates the need to trust any authority, including the nodes running the network.

pduo3e60etSAkxhCOX8Ez2XVfCOSEZpfbNABMy0O.png

In a hypothetical scenario, imagine a blockchain called Castleum that adopts the castle and moat model. Here, validators process transactions and update the blockchain state without user verification, which creates potential vulnerabilities if the consensus mechanism is compromised. In contrast, Ethereum's zero-trust architecture requires users to sign transactions, and validators include them in blocks only after verifying their authenticity, and this authenticity is verified by each user.

dVRg08P0xdrKQ6Z7ZKFrwRLYHFxasVVPXUU4VjVf.png

Sovereignty and Honeypot Issues

With the development of Web3, many blockchain networks have emerged, each operating within its own domain. While these networks maintain zero trust within their boundaries, challenges arise when interoperability between different blockchains is required. Traditional methods of connecting these networks involve sacrificing zero trust principles and returning to the castle and moat model.

The "sovereignty issue" stems from the need to connect independent blockchain networks, requiring trust in a third party to manage cross-chain interactions. This trusted entity (or entities) becomes a single point of failure, sacrificing the zero trust model. Additionally, these solutions become bait for attackers, known as the “honeypot problem.” The more assets controlled, the greater the incentive for malicious actors to break through their defenses.

Isolated ZTPs

ZTPs (Zero Trust Protocols) are Web3 protocols that adopt a zero trust architecture. They require continuous verification of each operation, ensuring that no entity is inherently trusted. In an isolated network, ZTPs are the standard for Web3 and maintain a zero trust model by ensuring that only assets native to that network are involved. This means that in a single blockchain like Ethereum, zero trust can be maintained for transactions involving the native assets of that chain, thus achieving “isolated ZTPs.”

Take the example of Uniswap, a popular decentralized exchange on Ethereum. When a user wants to swap two Ethereum native assets, such as UNI and ETH, Uniswap operates as a zero trust protocol. The protocol inherits Ethereum's zero-trust architecture, ensuring that every transaction can be verified by all users.

pjtX5hW5bYzczuijfIhB4nNtiaeoOCEGwlgmNQHC.png

When interacting with wBTC, Siled ZTP (Uniswap) operates as a CMP. wBTC/ETH is currently the largest mining pool on Uniswap.

However, if a user wants to exchange ETH and wBTC (Wrapped Bitcoin), the situation changes. wBTC is a BTC derivative that relies on a centralized custodian (BitGo). In this case, Uniswap loses its zero-trust nature because the security of wBTC relies on BitGo's castle and moat architecture, requiring users to trust BitGo instead of independently verifying transactions. This makes Uniswap operate as a castle and moat protocol (or CMP).

Since users cannot interact with tokens from other networks (such as BTC or SOL) directly within Uniswap, they must rely on derivative wrapped assets that rely on the castle and moat architecture, making Uniswap an isolated ZTP. This typically includes traditional cross-chain solutions such as bridging, cross-chain messaging, and joint MPC.

1hAKcEhG6NxWNbPbKnzsDAiWREJTEKdhEEvg3ED6.png

2PC-MPC: The Future of ZTPs

In order to create ZTPs that are not limited to the network on which they are deployed, the dWallet network uses advanced encryption methods to maintain zero trust between different networks. The dWallet network's 2PC-MPC encryption protocol enables ZTPs to operate in a variety of blockchain ecosystems without compromising its zero trust principles. By cryptographically requiring user participation, dWallet ensures that every operation is verifiable and no entity is trusted.

2PC-MPC is a cryptographic scheme that allows two parties (in this case, users and the dWallet network) to jointly generate signatures for any network, involving hundreds to thousands of decentralized nodes, forming a non-collusive and massively decentralized system. The participation of users ensures zero trust, while the participation of the dWallet network creates the infrastructure for ZTPs by enforcing logic through the protocol.

g3lWBEFEWu7yUgWUaElu3Pprcw6uDiRVBKJW1zoN.png

How ZTPs work

  • User and network participation: For any transaction or operation to be verified, both the user and the dWallet network must participate. User participation is essential to generating the necessary cryptographic signatures.

  • Decentralized verification: The dWallet network consists of a large number of nodes that work together to verify user input and transaction details. This decentralized verification process ensures that no single entity can control or manipulate transactions.

  • Cross-chain interaction: ZTPs allow secure interaction between different blockchain networks. For example, users can interact with assets on Ethereum and Bitcoin without compromising the zero-trust model. The dWallet network ensures that all operations are verified and authenticated between these networks.

sFfOR1k2VPFPlc3gg3fglrUqv8Ltfyxb32huWpJ3.png

Practical Applications of ZTPs

Vitalik Buterin has expressed skepticism about cross-chain applications, mainly due to the inherent security limitations of bridging between blockchains, especially in the face of a 51% attack on the chain with weaker security, highlighting the risks of these connected castle and moat architectures, especially in the face of a 51% attack on the chain with weaker security, which would jeopardize the native assets on the chain with stronger security.

FsHgTfrl3UiYQ4DOPnV4E1ObadkDQ54jPUDQhTgu.png

ZTPs are necessary for a multi-chain world that does not rely on castle and moat architecture. Providing decentralized custody, multi-chain DeFi, and non-custodial wallet solutions.

Conclusion

Zero Trust Protocols (ZTPs) are essential to maintaining the security and integrity of multi-chain Web3. By requiring continuous verification and eliminating inherent trust, ZTPs ensure that interactions between different blockchain networks are secure and resilient. Enabling secure interactions across any blockchain paves the way for innovative decentralized applications.

As we continue to explore the potential of blockchain technology, embracing zero-trust principles through ZTPs will be critical to building a secure and interoperable Web3 ecosystem.

More news about "secure perimeter"

  • May 23, 2024 8:16 pm
    Sushi Announces Collaboration With GoPlus Security, Integrates Token Security API
    According to Odaily, Sushi has announced a partnership with GoPlus Security. The collaboration will see the integration of GoPlus Security's Token Security API into Sushi's platform. This move is aimed at protecting users from honey pots and fraudulent tokens, thereby assisting them in identifying and assessing the risks associated with new tokens. The integration of the Token Security API is a significant step towards enhancing user security on the platform. This partnership is expected to provide a safer environment for users, shielding them from potential scams and fraudulent activities associated with new tokens. The collaboration between Sushi and GoPlus Security is a testament to their commitment to user safety and security.
  • Apr 17, 2024 10:35 pm
    Security Alliance launches encrypted threat sharing platform SEAL-ISAC
    The white hat hacker group Security Alliance announced the launch of a free information sharing and analysis center SEAL-ISAC (ISAC), which is specifically designed for the encryption field and aims to prevent cyber attacks and financial crimes by providing security intelligence and connections with experts. The platform's features include information sharing, threat analysis and alerts, best practices, incident coordination and response, and education on security best practices and threats. (Cointelegraph)
  • Mar 11, 2024 7:29 pm
    Vitalik Buterin's Strategy for Secure Blockchain
    Ethereum co-founder Vitalik Buterin unveils quantum-proof security measures to protect blockchain source: https://coinpaprika.com/news/vitalik-buterin-s-strategy-for-secure-blockchain
  • Feb 15, 2024 7:41 am
    Secure Digital Markets – The Institutional Choice
    Mostafa Al-Mashita, is co-founder, and Yacine Ouldchikh is a Senior Trader at Secure Digital Markets (SDM), a digital asset brokerage firm that offers institutional, high net worth, and corporate clients access to spot trading, derivatives, and lending services. source: https://bravenewcoin.com/insights/secure-digital-markets-the-institutional-choice
  • Oct 27, 2023 8:05 am
    Citadel Securities Denies Terraform Labs' Accusations of Market Manipulation
    According to Foresight News, Citadel Securities has denied allegations made by Terraform Labs that it was behind the collapse of UST in May last year. The firm claims that Terraform Labs is using these accusations to divert attention from its own charges and force people to pursue baseless conspiracy theories. The requested time frame is irrelevant, and the theory is unfounded, according to Citadel Securities.Foresight News previously reported that Terraform Labs had issued subpoenas to Citadel Securities and Citadel Enterprise Americas for trading data related to the May 2022 UST depegging. Terraform Labs stated that public evidence suggests that Ken Griffin, the head of Citadel entities, intended to short UST during or around the May 2022 depegging period.
  • Oct 16, 2023 7:03 pm
    Nethermind Security has completed 6 audits of Worldcoin
    According to official news, Nethermind Security has completed 6 audits of Worldcoin, including World ID contract, World ID status bridge, World ID sample airdrop contract, WLD grants contract, etc.
  • Oct 08, 2023 3:47 pm
    Circle statement: Perimeter Protocol did not copy the code of any other project
    Odaily Planet Daily reported that a Circle spokesperson said: “Circle Research built its first open source contribution Perimeter Protocol from scratch without copying any project’s code, providing a new standard for others to build an on-chain credit market. Perimeter 's open source code is available for everyone to view and verify." Previously, crypto credit protocol Maple Finance stated that Perimeter Protocol’s code was forked from its project. Maple Finance co-founder Sid Powell posted on the X platform: "Imitation is the sincerest compliment." (DL News)
  • Sep 30, 2023 12:03 pm
    Circle announces the establishment of Circle Research and the launch of the open source protocol Perimeter Protocol
    Odaily Planet Daily News According to official news, Circle announced the establishment of Circle Research, aiming to accelerate and expand technological innovation in the fields of cryptocurrency, blockchain and Web3 through open source research. In addition, Circle Research launched a smart contract code library called Perimeter Protocol as an open source foundation for building a tokenized credit market. The protocol can support a variety of credit use cases, including invoice factoring, salary advances, instant settlement for merchants, and credit transactions for institutional investors; its white paper is public and developers can freely copy the code base and build products on top of it.
  • Sep 08, 2023 9:01 am
    Cobo cooperates with BlockSec to launch DeFi security preemptive bot
    Odaily Planet Daily News Cobo, a digital asset custody solution provider, announced a cooperation with BlockSec, a blockchain security company, and improved the financial security of Cobo Argus users through product integration. The two parties combined BlockSec attack monitoring and automatic blocking capabilities with Cobo Argus' smart contract-based on-chain decentralization function, and launched a preemptive bot that can warn and deal with attacks in advance. Additionally, by enabling pre-authorized access control rules, Cobo Argus allows automatic withdrawals to be performed without going through lengthy multi-signature operations. Cobo Argus is an institutional-level DeFi investment management platform under Cobo, providing services such as role-based on-chain access control, parameter-level risk control management, and automated operation bots for DeFi interactions. (Globe Newswire)
  • Oct 04, 2022 4:13 pm
    Mastercard plans to launch crypto-related fraud prevention solution Crypto Secure
    According to CNBC reports, Mastercard plans to launch Crypto Secure, an encryption-related fraud prevention solution for banks and card issuers. The new software uses artificial intelligence algorithms and relies on data on the chain. Blockchain security startups acquired by Mastercard CipherTrace provides support to assess risks associated with crypto transactions on the MasterCard network.

More news about "secure perimeter"

0 Comments
Earliest
Load more comments