August Development Update

August 2020 marks a big milestone for RenVM: we have open-sourced our secure multi-party computation primitives. These new codebases have been extracted and improved from our other repositories, and include: a secp256k1 library, a Shamir’s secret sharing library, an MPC library that implements all of the algorithms required to generate ECDSA private keys and produce signatures with them, and an MPC wiki that summarises these algorithms as simply as possible.

Trail of Bits sMPC Audit

We also have a new audit available, thanks to the Trail of Bits team. We engaged Trail of Bits to undertake an audit of all three libraries mentioned above, with the RZL MPC paper and MPC wiki as documentation/guidelines for expected behaviour. In evaluating the code maturity (quoting directly from the audit):

• Arithmetic:
  “Moderate. We reported various findings related to arithmetic. However, these largely represent improvements and are not currently exploitable issues.”
• Function Composition:
  “Satisfactory. We noted a few ways in which the code could be improved (Appendix C), but otherwise, we found the code to be straightforward.”
• Key Management:
  “Strong. We did not report any issues related to key management.”
• Specification:
  “Satisfactory. The supplied documentation was fairly thorough. Additional comments could be added in MPC to improve readability.”
• Testing and Verification:
  “Satisfactory. We found the codebases to have strong testing overall, and we encourage Ren to achieve full testing coverage.”

We would like to extend a huge thanks to Trail of Bits for their hard work, expertise, and diligence in assessing these libraries. Our team is very proud of the results, and has already prepared fixes for all of the reported issues. While this does give us an added level of confidence in the security of RenVM, I also want to remind the community that audits do not always find all bugs, and RenVM is still very new technology.

Open-sourcing the related codebases comes as part of our broader commitment to incrementally open-sourcing the entire RenVM implementation. We believe taking these steps gives the community the opportunity to see/verify critical parts of the implementation and find/report vulnerabilities responsibly, without simultaneously exposing RenVM to an undue amount of risks or incentives to leverage vulnerabilities instead of disclosing them.

We have also been hard at work on other things over the last month.

Multichain

The Multichain has multiple new PRs for new blockchains. It is great to see more and more contributions from other projects to this unified API. The Multichain API also underwent a transformation this month, based on feedback from previous PRs by other communities, making it cleaner, easier to understand, and easier to use.

We also deployed the Multichain to a new staging environment, so that we can begin testing the next major release of RenVM against these new networks. This next release hopes to include support for Acala, Binance Smart Chain, DigiByte, Dogecoin, Filecoin, Solana, and Terra (although, depending on how testing goes, not all of these chains will necessarily make it into the next release).

Transaction Engine

With new chains, comes new execution models that are able to deal with all of the nuances and differences between chains. A big part of the Multichain, and the recent work on RenVM, has been abstracting these nuances and differences away. This month, we continued with this work, and made several improvements to the transaction engine so that it can easily support new chains. Now, all it needs to know is whether the chain is account-based or UTXO-based. We continue to test and refine these changes.

Hyperdrive

The latest version of Hyperdrive includes many simplifications and improvements, and is almost at the end of another round of auditing. This month, the team began experimenting with different ways to integrate Hyperdrive into the next version of RenVM. This experimentation has mostly revolved around how to synchronise blocks and transactions when nodes have been offline for extended periods of time.

We built and deployed an experimental toy blockchain, built using the latest version of Hyperdrive. Not only will this be able to serve as an example of how to use Hyperdrive, but it also serves as a place for us to test ideas before absorbing them into RenVM itself.

As always, the dev team continues to work hard on the technical challenges of bringing RenVM into the next phases of its existence. While we work hard to bring interoperability to this ecosystem, remember to be open to criticism, patient with those that are new to our community, and to be kind. It is not only about the tech!

Onwards and upwards,
— Loong, CTO

About Ren

Ren is an open protocol that enables the permissionless and private transfer of value between any blockchain.

Website | Docs | Telegram | Announcements | Twitter | Reddit | Github