RSK PowHSM is Now Open Source
TL; DR. RSK’s PowHSM firmware has been open-sourced and is available at the following GitHub repo: https://github.com/rsksmart/rsk-powhsm.
Since the RSK network launched in early 2018, the RSK’s 2-way peg protocol has evolved from a federated model to what we call a PowPeg. One of the most distinctive characteristics of the PowPeg is the introduction of special purpose hardware devices, called PowHSMs, to protect private keys.
The goal of the PowHSMs is to remove any human control of the private keys comprising the federation multi-sig holding the Bitcoins locked in the RSK’s 2-way peg. The members of the PowPeg -the Pegnatories- can no longer manually sign a transaction, extract the private keys, or back them up, even in an encrypted form, as was possible before. Additionally, the PowHSMs follow a subset of Rootstock’s chain consensus rules, often referred to as SPV validation, and therefore signatures can only be commanded by cumulative proof of work.
Today, we are happy to announce that the PowHSM firmware has been open-sourced and is available under the MIT License at the following GitHub repo: https://github.com/rsksmart/rsk-powhsm. This is a significant milestone that continues to align the RSK ecosystem with Bitcoin’s values of transparency and decentralization.
PowHSM Security Assessment and Security Bounty Program
Together with the open sourcing of the PowHSM code, a security assessment report prepared by NCC Group is now available at https://research.nccgroup.com/2022/10/05/public-report-iov-labs-powhsm-security-assessment/. The assessment uncovered some low severity findings that have already been addressed, as described in the report.
Additionally, the PowHSM is now part of IOVlabs’ security bounty program scope. This program rewards security experts and software developers who dedicate time and effort to improving and protecting the RSK platform.
The process used during the development of the PowHSM follows the RSK core developers’ security-first approach to software development, where releases are multi-party signed and deterministically built, as described in the PowHSM repo releases page.
Having the PowHSM firmware open source is a step forward in decentralization and constitutes a critical step to support firmware public attestation: a message signed by the device that proves the firmware running on the hardware corresponds to a specific binary. This way, anyone can certify that the PowPeg keys are stored in authentic hardware devices that run a publicly known version of the firmware.
Releasing a PowPeg firmware attestation to the general public is our next significant milestone and the top priority now.
The RSK 2-Way peg has been steadily maturing since 2018. With the open sourcing of the PowHSM firmware code, the RSK platform is improving security and decentralization. We encourage the whole RSK community to review the PowHSM code and provide feedback.