I am here at LaBitConf Buenos Aires with my
good friend Sergio Lerner. Sergio Lerner is a legend. he's the Chief Architect behind
the Bitcoin layer 2 system Rootstock. he's found probably more critical bugs in Bitcoin
than any other person so he saved all of our asses and he does a mean stake right? all right
so now what we're going to do is we're going to ask him about those things maybe we'll get to
the Asado at the end. So Sergio one of the core components of Rootstock is the PowerPeg right? The
ability to securely and in a trust-minimized way tie Bitcoin down on Layer 1 and represent it and
it will make it transferable to Layer 2.
What makes PowPeg superior to other forms of peg?
what makes it better than wrapped bitcoin or other types of two-way Peg? so the rootstock Peg
uses the strategy of defense in depth. defense in depth is a common strategy where you protect one
layer with another layer so if and for any reason one layer fails and this can be you know because
human errors humans make mistakes and you have to protect yourself from your own mistake from new
classes of bugs new classes of vulnerabilities that you don't even know they exist. so we put
layers on top of layers, and each layer protects you know the other layers. So basically you have
the pegnatories you have a kind of a federation but even if all these Federation members go rogue
and become malicious they couldn't even access the private keys to steal the Bitcoins. So in order to
corrupt the system and steal funds Not only would I need to corrupt the majority of the pegnatories
but I would also need to corrupt the majority of the hardware secure devices which probably means
each device individually.
Exactly that's what you need and you know maybe the governments I
don't know the CIA I don't know maybe some of them will be able to corrupt one device but
to get access to the device they need also to corrupt the pegnatory so it becomes really really
hard to corrupt both. the honesty you know of the pegmatories and also these devices. And we plan
to add more layers for example we don't want to stick with a single uh Hardware manufacturer.
we've discussed why stealing from powpeg very difficult.
But recently we had a different
kind of exploit which people don't talk about as much right? we had peg out was halted right now
I always imagined pegout could be halted because maybe the pegnatories go offline but we actually
saw a different way that this happened today. How should we think about this risk and mitigating
it? yeah so first some words about what what actually happened we have a number of integration
tests that the core developers run uh before they make any change to the bridge – this bridge is
the most delicate part of the of the rootstock blockchain for sure uh delicate in terms of
complexity not delicate because it's going to break but but really really it's it's really it's
really well I mean you know we've seen bridges are always among the most if not the most
vulnerable systems out there it's kind of amazing that POWPeg has held up as well as it
is right I mean that's that's the that's the magnitude of the challenge yeah five years and and
it's been you know no hack at all and almost 100% until this event it was a hundred percent uptime.
so what happened is that we because of the will of the community we wanted to add an emergency
signature an emergency Federation to be able to in any event because these devices really have
full control of the private key I don't know if if any other uh project in the ecosystem is under
this stress that's if the device has any bound you know the funds are locked there's no one that
you you can call.
So so we wanted to make sure that in that particular event we would be able to
recover the funds one year later I mean after a lot of discussion with the community and how this
process will be done, we wanted to make sure that that we would be able to recover These funds. so
we added the emergency multisig in a very similar way that it was added by Liquid but Liquid uses
a two-week period and we put a one year period this is this changes. so uh Lliquid is using
SegWit which allows them to have in this in this um in this script a number of um of uh signatures
well we've tested this on on testnet and it worked perfectly but we when we move it to mainnet
we realized that there was kind of a bug in the Bitcoin core that when it enforces is this
bug number 10 that you're finding? yeah but it's it's not actually a bug but essentially when
you execute this script on SegWit it works but when you execute this in a in a pathos
script hash it doesn't work because it counts more signatures than there are actually been uh
verified.
So you mentioned liquid they also have um a federation they also have hsms they also have
a similar idea of emergency uh withdrawal how do you see POWPeg being different from what uh liquid
have? okay so liquid design is closed source okay? the hardware the hardware boxes is that they sell
or they they yeah they sell them to the to the to the functionaries it's closed source so that's a
radical difference. all our design is open source you can go to the repo check the firmware report
vulnerability if you find one uh look at the audits that we made with different companies and
it's all open source. um also they what as far as we know because it is closed source they are not
using secure elements because they are running a full Bitcoin inside these boxes and you cannot do
that with a secure element so all the security is based on more like being tamper-proof than being
tamper resistant so essentially if someone tries to Tamper one of their boxes probably they will
notice but it's not resistant to tampering which means that someone could take a private key and
run away right? so that's another huge difference. um that I would say that the third difference
and this is going to be more important in the in the following years is that we use off the
shelf uh a hardware wallet made by one of one of the main manufacturers of Hardware wallets so that
everyone will be able to participate in the POWPeg just by buying one of these devices plugging into
the computer and installing the correct and do you imagine that uh that is up like what would
we need to do in order to make that a reality? well I think that there is a two researchers
working in AI relapse research and Innovation team that they are working on moving the all the
script to segwit and then to top root so they they uh published like three articles about how they
Envision this to happen to be the minimum risk for roostock so one we move this to taproot, uh then
we are free to add more pegnatories.
Awesome all right this is Sergio he and his team have built
what is probably right now the most secure not just Peg but bridge in the world. the reason I
hesitate around most secure bridge is because I think there's one type of bridge which might be
more secure zero knowledge proofs totally though they're essentially the zero knowledge proof is
a what is called a consensus Bridge a consensus Bridge is a bridge where you have two chains and
each one of them understand the consensus of the other essentially running a like client inside
consensus essentially the problem is that the standard consensus the bridge requires a lot of
gas to verify the the other blockchain blocks that's where zero knowledge proofs of proof of
computation Integrity which is basically the property that we want can help to shrink these
products and and make it more make it cheaper obviously this is Bitcoin soft fork and that's
a tricky part you know there are a lot of people that don't like that is working on on roll ups
for for Bitcoin and I hope this gets you know developed And discussed in the Bitcoin community
and that would be really awesome to to be really trusted Bridge but you know we try to build
a fully consensus Bridge with ethereum in the past and we found it also very difficult because
other chains changed their consensus algorithms too fast they're not permaware Yeah so basically
why would you build a you know a permanent fully decentralized bridge that you basically have
to throw away or upgrade which means there's someone having a private key uh if the consensus
changes? so in terms of consensus we have in the in the case of rootstock we are very very aware
of not changing any part of you know the block heater anything that can essentially prevent any
other automated system for working for roostock essentially the HSM has a rootstock likee
client so we cannot change anything so we've become essentially kind of as a conservative as
Bitcoin to not to you know to be compatible with the Power HSS if we break compatibility
with the power HSS it's game over right right so uh yeah so I'm super excited about uh
xenological computational Integrity proof apply to the Bitcoin good fantastic thank you very much
Sergio looking forward to what you guys do next
