In the age of information technology, you can never be too sure of your safety protocols in place because cyber safety is not an end product but a process. The concept of Zero Trust has emerged from the notion that the “internet is the first thing developed by humanity that humanity doesn’t understand”.
To explain it to beginners, Zero Trust is a security model that is built around the assumption that no person or device can be trusted, even if they are on an organization’s network. Remember, it takes decades to build trust but only seconds for malicious software to penetrate and ruin your organization’s repute.
Zero Trust protocols (ZTPs) offer a way to address legacy challenges in blockchain interoperability, eliminating the need for centralized bridges and old-fashioned workarounds.
In this article, we will explain how a Zero Trust architecture works and how ZTPs in Web3 deliver truly decentralized, trustless interoperability.
What is Zero Trust?
As explained earlier, Zero Trust is a security protocol built around the notion that no human or device should be trusted completely and no absolute power should be granted to centralized systems.
Zero Trust is an alternative network security model based on the principle “never trust, always verify.” This means that each interaction must be independently verified, and trust is never given based on past interactions. As the digital environment becomes increasingly complex and interconnected, Zero Trust is becoming a more widely used standard for network security.
Modern systems rely on systems of user verification, but the extent to which this is applied can vary depending on the type of network security model in place. One model is the “castle and moat,” which relies on users verifying themselves to be permitted across the organization’s “moat.” Once they’ve passed this hurdle, users can move around systems within the moat perimeter without further need for authentication.
While this model offers some security guarantees in a straightforward setup, it comes with several challenges. The perimeter must be defended against external attackers, but a more problematic issue is internal attacks. Once someone is on the inside, they can more easily compromise the system – for instance, by leaking data or succumbing to a phishing attack, opening the perimeter to external attackers.
Castle-and-moat is also least effective in more complex systems and networks, as the perimeter becomes more difficult to define and maintain. As such, it’s becoming an increasingly redundant approach as enterprises and organizations move to a more siloed, cloud-based architecture.
Zero Trust in Web3
The idea of trustless interactions is deeply embedded within the Web3 space and has been a core design principle of blockchain networks since Bitcoin’s genesis. When considered as sovereign systems, the Bitcoin or Ethereum blockchains are both exemplars of Zero Trust Protocols (ZTPs) since every user interaction must be authenticated using a unique cryptographic signature and is verified publicly by the respective network.
However, the castle-and-moat approach is still very commonplace in the Web3 space. This isn’t only a problem related to defending the perimeter against attackers; users cannot verify what happens within the perimeter. Instead, trust has to be assumed and cannot always be taken for granted. From centralized exchanges to centrally-issued stablecoins, Web3 is still far from a zero-trust environment.
However, interoperability has arguably emerged as the biggest challenge to the established ZTPs in Web3. The push for interoperability has led to a proliferation of cross-chain protocols that don’t meet the threshold of Zero Trust, instead requiring that the user trusts the consensus of a group of nodes to relay messages or assets without any ability to verify at each step of the process. The inability to protect the perimeter of these systems resulted in bridges becoming the biggest security risk in the sector at one point, with the funds locked in them proving to be a honeypot to hackers.
Another example is the issuance of wrapped assets, such as Wrapped BTC (WBTC), which depend on the presence and trustworthiness of the entity in control of the smart contract. While these assets provide an effective workaround for the lack of interoperability, they also compromise the zero-trust nature of the DeFi dApps on which they’re traded.
If the issuer of a given wrapped asset was to go out of business tomorrow, the respective liquidity pool on Uniswap or any other DEX would immediately drain of value once it became evident that the issuer can no longer be trusted to redeem the asset.
2P-MPC – Leveraging Cryptography for Zero Trust Interoperability
The absence of any other viable solution means that, until now, users and developers have had no choice but to accept the risks of castle-and-moat models compromising the zero-trust principle of a blockchain system. However, 2PC-MPC (which stands for 2-Party Computation-Multi-Party Computation), developed by Pera, now offers a breakthrough in the ability to maintain zero trust across sovereign blockchain networks.
The name refers to the signature mechanism, with the user and the Pera network acting as the first two-party signatories. The Pera network comprises hundreds or even thousands of decentralized nodes that can enforce any given protocol logic as a collective. This refers to the “multi-party” element of the signature. With the authentication and approval of the user, alongside that of a decentralized network that publicly verifies the transaction, the zero-trust principle is maintained across networks.
This development is a significant game-changer since, for the first time, it enables developers to program native blockchain assets, such as BTC or ETH, as part of their ZTPs without reliance on a third-party issuer or sacrificing the zero-trust setup of the connected blockchain networks and the dApps running on them.
Conclusion
If the Web3 sector truly values the principles of decentralized security, then ZTPs are a must-have to prevent projects and developers from defaulting to the easy workarounds of castle-and-moat solutions. Given the risks involved, natural selection is likely to see development and adoption trend towards ZTPs as the more secure and sustainable solution for the long term.
