The Security Architecture of Rootstock and the Principle of Defense
In the latest episode of Rootstock Fundamentals, we dive into the network’s security architecture — and explore the defense mechanisms deployed to keep assets safe. To do that, we’re joined by Rootstock’s co-founder and Chief Scientist Sergio Demian Lerner.
A long-standing issue across the industry has been something known as the “blockchain trilemma.” This relates to the notion that security, scalability and decentralization cannot all be achieved at the same time without one suffering as a result.
Sergio explains that this trilemma has been a key consideration for the developers building on Rootstock: “You could argue that Bitcoin is highly secure and highly decentralized but struggles with scalability. I’m simplifying here, but that would be one argument. You could argue that Proof-of-Stake blockchains are highly scalable and can be very decentralized, but there are security challenges around that.”
Watch the full episode on YouTube.
Merged Mining – Defense and Profits
By being fully compatible with the Ethereum Virtual Machine, and built as the oldest and biggest Bitcoin sidechain, Rootstock delivers smart contract functionality while being directly secured by BTC miners through an intuitive process called merge mining.
“Having more than 55% of Bitcoin miners mining Rootstock, the amount of hash rate makes it impossible to revert transactions from an outside attack,” he says. “From an inside attack, we have an ad hoc system called Armadillo that monitors any attempt to revert transactions — and is able to alert participants in a decentralized manner to prevent these kinds of attacks.”
Work is continually underway to increase uptake among Bitcoin miners even further: “There are more proposals by the community to improve the security of the merge mining. It’s come to a point where merge mining is highly secure — and obviously, we want to reach 80%, 90% of BTC hashrate because there is money on the table. It’s money that they can take very easily by like starting merged mining today, which is kind of very, very easy.”
Defense In Depth
A guiding principle of Rootstock’s security is known as “defense in depth“, where multiple precautions are enforced to protect assets and infrastructure. In essence, this means that — even if one safeguard is breached, other measures remain in place to prevent malicious actors from achieving a breach. This is a nod to a Roman military strategy that would cede control to enemies by allowing them into space, only for them to be enveloped in a counterattack.
PowHSM
The process of ensuring that BTC can be exchanged for RBTC, a smart version of Bitcoin that unlocks access to DeFi platforms, is governed by an autonomous system called PowPeg. Here, third-party operators known as pegnatories run a dedicated node and also have a tamperproof hardware security module called PowHSM. Crucially, no single pegnatory is in control of locked-up Bitcoin — and even if a majority of pegnatories got together in a room, they would still be unable to release funds.
Rate limits
Other layers of protection include a rate limiter that’s designed to safeguard against denial of service attacks, which caps the amount of messages a single account can create. “If you want to spam the Rootstock network it’s very, very hard,” Sergio explains. “As soon as you start pushing transactions into the network, the network resists the attack and slows you down. This is a means for preventing future attacks — maybe a class of attacks that we’re not aware of — but it’s part of defense in depth.”
Fee limits
Another defense mechanism limits the amount of fees that a user can spend when they’re attempting to send a transaction. “One of the things we saw in Ethereum in the beginning was people spending a huge amount of ETH in fees by mistake,” Sergio says. “Sometimes they were able to recover them, sometimes they were not. And one of our first principles is to protect the user as much as we can. It’s not okay to leave the user as a target for attacks. If we can do something in the consensus layer to protect the users against their own mistakes, let’s do it.”
An advanced Bitcoin bridge
Sergio says RootstockLabs is continually on the lookout for alternative architectures that could be used to create an even more secure and resilient connection with Bitcoin. But after years of experimentation, PowHSM has proven itself to be the best by far.
“It’s the most advanced Bitcoin bridge that exists,” he adds. “PowHSMs provide public attestation to the whole network. There is a page where you can verify for yourself that it’s running the correct version of the firmware. And there’s really no other federated HSM-based system that does that.”
And it’s this infrastructure that helps bring a wave of exciting innovation to Bitcoin: “On top of Rootstock, you have a myriad of new experimental rollups and new systems. State channels, gaming platforms, payment-oriented rollups … whatever you want you can build on top of Rootstock. For me, Rootstock is the root of the tree. That has always been my vision for Rootstock — to be at the center of new ideas and experimentation.”
Put another way, it’s like having your cake and eating it too.
Listen to the full episode of Rootstock Fundamentals with Daniel and Sergio on YouTube — and stay tuned for more interviews coming soon on Spotify.