Versions Compared

Old Version 5

changes.mady.by.user Vladislav Markushin

Saved on

compared with

New Version Current

changes.mady.by.user Vladislav Markushin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Register a bridge that will be associated with a specific network (e.g. Etherium Ethereum network);
  2. Register external asset (token) on an existing bridge (e.g. ETH20 ERC20 token);
  3. Be able to transfer all of 3rd-party and Iroha blockchain tokens;
  4. Lock/demint funds for sending external tokens;
  5. Mint/unlock funds for receiving external tokens.

To implement these functions, a few new Iroha instructions and a bridge module need to be added, those will be accessible behind the "bridge" feature.

Implementation 

The purpose is to not bring any new bridge-specific entities into the Iroha. In this case, asset stores can be used to save some specific information about bridges.

  1. An Iroha administrator should create a "bridge" domain and separate domains for each bridge, which will consist of all information about the bridge and its external entities.
  2. This account (and only it) should be able to add multi-signature accounts of concrete bridges, which will be administered by the bridge clients.
  3. Only bridge accounts should be able to register and transfer new assets (those will represent external assets or tokens) and accounts (external accounts or wallets) based on bridge-clients quorum.

All the restrictions should be implemented using permissions.

Bridge registration

A bridge can be constructed from 3 parameters (BridgeDefinition):

  • Bridge type (kind). An enumeration of supported communication protocols (for now it's only IClaim).
  • Bridge name. A string. It should be unique. OR Bridge domain. This domain will store domain name that stores all bridge accounts.
  • Creator account (maybe should be eliminated in the future)Bridge owner account ID. A common Iroha account that owns administrates the bridge.
  • Maybe: Bridge account.

This operation can be represented as a composition of ISIs:

If(

    ExecuteQuery(GetAccount(owner_account_id)),
    // then
    Sequence([
        AddDomain(bridge_name),

        RegisterAccount(bridge_account, bridge_name),

        Mint(("bridge_definition", bridge_definition_bytes), bridge_asset_definition_id())
    ]),

    // else

    Fail("Account not found.")

)


Notice, that 3 new ISIs were added. Sequence for sequential execution of an arbitrary number of ISIs (an extended version of Compose), ExecuteQuery for sending Iroha queries, and Fail for explicit errors.

First, ISI checks if the given owner account exists, then We assume, that every bridge will be a part of the Peer state. It means that for bridge registration, a new variant of the `PeerInstruction` should be added (RegisterBridge(BridgeDefinition, PeerId) with a corresponding generic Register<Peer, BridgeDefinition> instruction). This instruction should be called only with minimal required bridge parameters (definition). This ISI creates a domain with a bridge account named 'bridge' and sets the with related permissions and without a public key for this account, and finally it creates a new bridge entity based on these parameters. The public key for the bridge account is generated from a hash of the bridge definition (seed). To generate determined public keys for bridge accounts, a new crypto function for generating keypairs from a given seed should added: generate_key_pair_from_seed(Hash) → Result<(PublicKey, PrivateKey), String>. 

So, the final bridge should contain the following (Bridge):

  • All data from the bridge the definition.
  • Bridge account.

Permissions:

  • CanRegisterBridge. By default allowed to the network admin.

Also, there will be added a 'bridges' map (String → Bridge) in the Peer and three new helper-methods to the WorldStateView:

...

, it mints an asset that stores bridge-related information (like bridge owner ID and kind). The signatories for the bridge account can be added later by the bridge owner.

This ISI can be executed multiple times for one bridge type and different bridge domains. So one bridge type can be used to create a bridge with multiple third-party networks.

Unresolved questions

...

.

...

Bridge client registration

Command to register an external bridge component account. From here, a new set of Iroha instructions should be added (BridgeInstruction).

For example, we have Polkadot parachain as a connector to the Iroha bridge module for Polkadot. Then we have to register a parachain node as an external validator for this bridge. So it can start using Bridge API with its own signature. This instruction should create an external bridge client component account in a bridge domain and let the bridge know that this account should sign MST token transfer commands from the external blockchainadd a signatory (a public key) to the bridge account. So for every transfer, this bridge should collect quorum of 2/3(make it configurable in future versions) client bridge components to process further actions in Iroha.

ISI parametersOperation parameters:

  • Bridge ID. A title . Identifies of the bridge to which this external component belongs and the domain in which this account will be created.
  • (not sure) Account name. A name for this external bridge component.
  • Public key. A public key for the external account.

Permissions:

    CanRegisterClientBridge. By default allowed to bridge owner
  • .

External asset registration

When a bridge is registered, external tokens may be added to it. For example, one may add a new ERC-20 token from Ethereum. The corresponding Bridge ISI (RegisterExternalAsset) should create a mapping between an external token ID (which can be used in ExternalTokenTransfer instructionexternal transfers) and a mirror token in Iroha. The asset should be created in the bridge's domain with the specified name. Also, a mapping between this asset and the name of the external token should be created using the "external_asset" asset.

ISI argumentsOperation arguments:

  • Bridge nameID.
  • Token title. It should be unique.
  • External token ID. A token identifier in an external network. Used by client bridge functionality when it will send transfer information from the external network.

Permissions:

  • AddExternalTokenToBridge(bridge_name). By default assigned to the bridge owner (admin) account.

External asset transfers

To Iroha

  • Only external bridge validator accounts can use this function.

External asset transfers

To Iroha

This instruction used to send a token from foreign blockchain or external bridge to Iroha. Also, we should offer a possibility to double-check the source of a transaction in a foreign blockchain (probably by storing some transactions in Bridge or making the additional field in Transaction).

Operation arguments:

  • Asset ID - identification of an asset from an external blockchain.
  • External transaction ID - some identifier of a transaction from an external blockchain
  • Amount - number of tokens transferred to Iroha2

Permissions:

  • Only external bridge validator accounts can use this function

...

  • .

Within Iroha

Like regular transfer in Iroha (AssetTransfer)

From Iroha

TODOA regular asset transfer to a bridge account.

Bridge protocol

As the first protocol for interoperability between blockchains, there will be a slightly modified version of XClaim, that we call IClaim (Iroha Claim). 

...

  1. Transfer from third-party blockchain to Iroha.
    1. Alice sends TOK to vault
    2. Alice sends proof of transaction inclusion in block to a bridge client
    3. Bridge contract unlocks & transfers tokens to Alice on Iroha
  2. Transfer from Iroha to third-party blockchain
    1. Alice sends TOK-asset to bridge contract
    2. Bridge contract signals to vault
    3. Vault observes the command, releases and transfers TOKs to Alice
    4. Vault finishes the process by proofing the transfer to bridge contract, then bridge contract releases the collateral to the vault in Iroha
    5. Otherwise, the locker receives his tokens back

Anchor
trustless
trustless

Making bridges trustless

In order to make the functionality described above trustless, we need to have the following on Iroha:

1. Asset-store data structurization/verification

Description

Bridge-related data is encoded and placed in the asset KV-store. Currently, there is no way to restrict the format of data being saved. Therefore, anyone who has permission to mint asset parameters for the bridge domain is also able to store incorrect information about the bridge. Another example can be swapping assets on DEX: to make a deal one needs to be sure that the exchange rate placed in a store is correct. Thus, we need the ability to validate such data.

Possible solution

Using permissions. Make permissions for minting special asset parameters (value types) by defining the format type either in the asset definition or in the permission ISI itself.

2. Persistence of the algorithms

Description

The bridge registration process consists of many steps like register a domain, register bridge account, make a record in an asset-store, etc. These steps form an algorithm, that needs to be persistent for everyone who tries to register a bridge. Currently, it's hard or inconvenient to do in Iroha.

Possible solutions

1. Use separate ISI. It's the easiest solution, but it requires Iroha to depend on external entities.
2. Store predefined compositions of ISIs as procedures (or functions) on the Iroha's state. A procedure can be stored as an asset within a separate account with its own rights (permissions) or in an account directly. The main question here is how to prevent the user with a procedure executing other instructions (not saved as the procedure) to be sure that the contract (procedure) won't be violated.

These features should help in making bridges more safe and trustless.