BTC Cross-Chain Bridge

OpenBit's innovative cross-chain bridge for BTC assets is the industry's first truly secure BTC asset cross-chain bridge. Its security relies on TEE (Trusted Execution Environment) and ZKP (Zero-Knowledge Proof) technologies, rather than the committee model adopted by most current solutions. The core idea is that the deposit address for BTC assets is generated within the TEE's enclave, and the corresponding private key cannot be exported from the enclave. The control program for the private key is also within the enclave, and a transfer operation through the private key will only occur upon the genuine monitoring of corresponding on-chain events. The control program for the private key is open-source and undergoes remote attestation through TEE, allowing anyone to ensure the legitimacy and integrity of the deposit address and control program by examining the source code and remote attestation certificate. The overall structure is illustrated in the diagram below.

Figure : BTC assets cross-chain bridge

As shown in the diagram, there are two programs within the enclave: the Address Generate Program and the Key Control Program. The Address Generate Program is responsible for randomly generating the deposit address and private key for BTC, as well as the public-private key pair for the BTC-ETH conversion contract. The Key Control Program monitors deposit events on the BTC chain. When a deposit event occurs, it calls the BTC-ETH conversion contract using the private key of the contract to mint the corresponding BTC assets on the ETH side for the respective user. It also monitors events of the BTC-ETH conversion contract. When BTC assets on the ETH side are destroyed through this contract, it sends the corresponding assets to the user on the BTC chain. Since both programs are located within the TEE's enclave, a remote attestation certificate can be generated via the CPU, indicating the hash of these two programs, as well as the generated deposit address and public key. The remote attestation certificate, along with the program's source code, deposit address, and public key, will be publicly available on the OpenBit website. Anyone can obtain the remote attestation certificate and interact with the Intel TEE server to verify the authenticity of the certificate. Once the remote attestation certificate is successfully verified, it means that the private key corresponding to the deposit address published by OpenBit is sealed within the enclave and can only be operated by the open-source Key Control Program. No one, including OpenBit's operators, can tamper with the logic of the Key Control Program or obtain the private key for the corresponding address. The BTC-ETH conversion contract's destruction event is only called after the verification of the ZKP proof. Therefore, the combination of TEE and ZKP ensures the security of OpenBit's BTC asset cross-chain bridge.