Building With Modular Security Legos
Despite bumpy market conditions, debate over the optimal blockchain architecture continues to rage on. Scaling research has produced blockspace kingdoms that reflect increasingly divergent values. As an alternative, modular blockchain frameworks offer a spectrum of tradeoffs at each layer, leveraging the best available tech while avoiding maximalism. The Ethereum ecosystem is galvanized around rollup frameworks like the OP Stack with market leaders Coinbase (Base) and Zora recently launching production networks. The Cosmos SDK has been validated by DeFi giants DYDX and Circle (Noble USDC) launching novel app-chains, and is integrating emerging tech like Celestia’s data availability. Modularity has clear advantages in sovereignty and revenue capture.
The Clone Wars
As an application developer, choosing from this endless menu of chains is difficult and can drastically compromise market reach. In response, developers either clone their dapp on every chain, augment it to function across chain boundaries, or spin up their own chain. Cloning is simple and allows a trusted brand to expand their reach, but network effects cannot be cloned and must repeatedly overcome the cold-start problem. DeFi protocols deploy liquidity incentives for growth on new chains, but these programs are subject to mercenary capital and can be parasitic to existing deployments, causing liquidity fragmentation. In a fully decentralized context, crosschain governance presents another problem. The only viable approach to sustain network effects and reach new users is to embrace interoperability.
Interchain or Bust?
Unfortunately, due to $2.6B+ lost in exploits and complicated user experience, bridging is borderline gambling. Even worse, there is no sign that the market has matured at all. Many of the most trusted “native” bridges require entirely independent integration work. The top four rollups by TVL all have separate bridge interfaces, capabilities, and semantics.
Downstream of this, DAOs spend scarce governance bandwidth on lengthy deliberations for each pair of chains. DeFi blue chips struggle to justify the counterparty and code risk of adopting bridges despite fervent campaigning over the “best” security model. In January of this year, the Uniswap Foundation established a crosschain bridge assessment committee following contentious debate over the governance of Uniswap on BSC. After months of research, the committee published the Bridge Assessment Report in June that recommends a multi-bridge architecture for crosschain governance. The conclusion is essentially none of the existing bridges are satisfactory. In July, Aave announced the Aave Delivery Infrastructure which takes a similar approach of aggregating security from several bridges. We have been in close collaboration with both communities since they began exploring this problem and are thrilled to be integrated in Aave’s final solution.
Modular Security Legos
We spent the last year pioneering a more general solution for developers: modular security. Instead of imposing some monolithic security model, we built a framework for applications to specify their own security preferences. Developers can integrate the messaging API once and independently configure security for messages as their applications evolve and available technology improves. The protocol defers to the message recipient’s Interchain Security Module for message verification. If verification passes, the message is handled by the recipient. If verification fails, the message can not be delivered. Message relayers are agnostic to the security module applications are using, yet there is a consistent message dispatch and handling interface. This means the transport layer and application layer are entirely independent. For the most common security modes, we provide several modules for use without any code changes required.
Aggregation Module
To generalize the Uniswap and Aave solutions for crosschain governance, we built an aggregation module that can leverage many independent submodules to verify and come to agreement on message content. If liveness or censorship are a concern, this module can be configured with a subset threshold of modules.
Application Specific Security
These modules are quite extensible: requirements can be dynamic with semantic message content. Consider a module that scales security with the amount of monetary value attached to a message, analogous to wire transfer limits on traditional banking rails. Different models can be composed which represent sophisticated risk tolerances.
Alternatively, if you want to use a different security model for each pair of chains, use a routing module to select the best available verifier for that pathway. This module can be configured with new origin chains to expand connectivity over time. As more and more rollups settle to Ethereum, this will be necessary. In the long term, some shared sequencer or superchain protocol might be built on top of this module type.
Economic Security
Not satisfied with reputational security? Me neither. Economic security can provide stronger guarantees on the cost to attack the system with slashing. Use a threshold signature module with a validator set configured by our proof of stake protocol. If validators commit fraud (even in the presence of dishonest majority), verify fraud proofs on the origin chain against the originating mailbox and slash the misbehaving validators. Alternatively, use an Eigenlayer Hyperlane restaked validator set for similar guarantees at no additional cost of capital. One especially exciting prospect is using a single pool of economic security on Ethereum for fast rollup to rollup messaging with delayed slashing. It’s worth noting that other protocols which have staking and slashing on chains that messages did not originate from make an honest majority assumption.
Future Proof
If none of the eixsting modules satisfy your use case, simply implement a new module and configure it onchain to upgrade security in place. Consensus and execution light clients, made possible by recent zero knowledge techniques and advancements, are in progress for many origin chains. However, production grade implementations often don’t exist or may be yet unaudited. With Hyperlane’s modular security architecture, seamlessly adopt these technologies as they become available and as risks are mitigated.
More about Hyperlane
Hyperlane is the first Permissionless Interoperability layer, enabling anyone to bring the Hyperlane interoperability stack to any blockchain, out-of-the-box. With Hyperlane, developers can build Interchain Applications, apps that abstract away the complexity of interchain interactions and serve users on any connected chain. Additionally, Hyperlane’s modular security stack gives developers the power to customize their interchain security. Hyperlane development is open-source and led by core developers at Abacus Works.
Go Interchain with Hyperlane
Start building with our Docs.
Experiment with Hyperlane in 5 minutes with our Quickstarts.
Join our Discord if you have any questions.
Apply to join our crew Here.
Find us on Twitter.
