The multichain has always put security as its top priority there wanting to remove obscurity regarding its security model and adopt the same measures for the users.
Its security design makes it resilient to hacks and ensures a robust, solid base model for further development.
Decentralized finance or Defi had grown increasingly in adoption and finance which has led grown in adoption and complexity during the last few years the multichain ecosystem has taken shape. This has driven further growth for cross-chain bridges despite an increase in attacks: Approximately 10 hacks happened in 2021.
This year is no exception, with four attacks on bridges that include Qubit, Wormhole, Meter, and Multichain. There is a need for bridge security and to understand the advancements underway.
Multichain’s Cross-Chain Router Protocol (CRP) is an open-source protocol, free to access and use. The code and its development are on GitHub.
Multichain is open-source. Compared to closed-source code, security concerns can be examined in open-source models and offer transparency to alleviate concerns. Open-source code isn't always perfect, but neither is any software. Being open-source allows hackers to understand how to mount an attack, but the code can eventually become bulletproof through extensive testing.
Multichain ensures that its CRP security issues are disclosed promptly and included in the amendments. An effective bug-fix system promotes active code reviews and exposes vulnerability. Thanks to the public, the forum was informed of contract risks in the January incident and resolved the issues quickly while being able to recover 50% of the loss.
Multichain CRP has a large and seasoned engineer and developers community that integrates code with ever-increasing confidence and trust. The code has been tested by several developers, which reinforces its reliability, and their ideas and suggestions are often added to key project libraries. On the community side, developers and users are discussing CRP and directing new joining projects. That’s the beauty of open-source - where everything is bigger than the total number of components.
More than 30 applications have integrated the Multichain CRP, and more than 20 decentralized and centralized exchanges, wallets, aggregators, launchpads, and index providers are in the process . Some examples are a decentralized autonomous organization represented by SushiSwap, SpiritSwap, SpookySwap, and TokenPocket.
The team looks forward to promoting the CRP alongside more developers.
Secure Multi-Party Computation (SMPC), a basic technology that supports Multichain, emerged from the vision of the world's leading cryptographer. The main algorithm that defines Multichain's cross-chain bridge and the Threshold Signature Scheme (TSS) route.TSS was derived from the groundbreaking research paper “Universal Composability Non-Interactive, Proactive, Threshold EllipticCurve Digital Signature Algorithm with Identifiable Aborts,” known as the GG20theory.
It was published in 2020 at the Association for Computing Machinery’s Conference on Computer and Communications Security (CCS).
The event — one of the industry’s most authoritative — is an annual flagship conference of the Special Interest Group on Security, Audit, and Control (SIGSAC) that invites information security researchers, practitioners, developers, and users globally to explore cutting-edge ideas and results.
The paper was reviewed, validated, and revered for reliability by experienced cryptographers. All current projects for distributed signatures are based on the GG20 theory — and Multichain was among the first to realize this theory.
To achieve cross-chain interaction of digital assets, a multi-party computation network is required — a distributed network that processes cross-chain requests in real-time between chains.
MPC networks comprise a trigger mechanism, where the status on the original chain is detected in real-time and translated into the behavior on the target chain. What happens on the source chain reflects what happens on the target chain.
Multichain’s current MPC network is decentralized. Each node independently verifies the status of the original chain and uses a threshold-distributed signature algorithm between all nodes to reach aconsensus on the verification results.
Based on a cryptographic algorithm , this method can lead to a powerful consensus: It either produces consistently correct results or no results. This ensures that Multichain’s MPCnetwork can accurately process cross-chain requests in real-time without any point of failure.
In addition to integrating TSS into its cross-chain solutions, Multichain has developed SM2 and Schnorr signatures to form the finalMultichain SMPC network that supports more than 96% of cross-chain interactions. The platform’s solution is universally compatible and suitable for non-Ethereum Virtual Machine chains such as Bitcoin and Ripple.
Multichain has faced security incidents and learned and grown stronger as a result. It is dedicated to providing the best cross-chain solutions. Prior security incidents were unrelated to the cryptographic theoryMultichain utilizes nor its underlying SMPC network. The SMPC schemes andMultichain’s network have not been breached.
There are valuable security lessons impossible to learn from even100 attack simulations in every failure. Multichain has also completed multiple governance measures to strengthen its security further.
The external-security audit cycle has been shortened to less than three months, meaning a higher frequency of security checks. The latest audit was conducted by Trail of Bits; Multichain’s team has upgraded its products as recommended and will release its audit report soon.
Multichain has contacted another security audit service provider, PeckShield. This audit is in progress and will be completed soon.
Internal audits are also being performed: A special security risk-control team has been built for this purpose, and cross-functional technical audits are being conducted with higher frequency.
Multichain has initiated a governance proposal for a security fund to identify any possible rescue measures for assets susceptible to lose from potential vulnerabilities in Multichain’s system. The proposal is to add 10% of the monthly cross-chain fee to the security fund.
Multichain encourages the community to continue reviewing its code and security and is working with Immunefi on its Bug Bounty program. This program recognizes the value of independent security researchers and teams.
Multichain values motivating and appreciating honest contributors: The team will reward up to $2 million for discovering and submitting vulnerabilities.
Cryptography is an evolving discipline, and guarding against security attacks is never-ending. Multichain is closely monitoring the advancements of relevant new technologies and investing generously in technological innovation and cybersecurity.
To that end, it’s forging an academic alliance with global cryptography experts who specialize in TSS algorithms and MPC to stay aware of developments in and maintain constant technological innovation.
The team has implemented reliable risk-control measures to detect unusual transactions and send early security warnings.
Multichain is further decentralizing its SMPC network. SMPC nodes are run collaboratively by the Multichain team and trusted community members but will open to partners and later to untrusted networks.