Zero Trust Architecture is a secure model that requires continuous verification of every operation, eliminating inherent trust to achieve security and native interaction across the entire Web3.
Zero Trust vs Castle and Moat
Zero Trust Architecture is a modern approach to network security, emphasizing the verification of everything and trusting nothing. This model ensures that every operation, access request, and interaction undergo thorough authentication and authorization, eliminating inherent trust.
The Castle and Moat model is an older approach to network security. In this model, a secure boundary (moat) is established around a trusted internal network (castle). Once inside this boundary, entities can gain broad access without further scrutiny. While effective in simpler network environments, this model proves inadequate in dealing with the complexity and interconnectedness of today’s digital environment. Its main weakness lies in relying on the impenetrability of the “moat” and assuming that threats are always external, ignoring the possibility of internal vulnerabilities or credential misuse.
The development of Zero Trust was in response to the vulnerabilities of the Castle and Moat model. In Zero Trust, every entity, whether inside or outside the network, is considered untrusted unless proven otherwise. This means that every operation, access request, and interaction must undergo strict authentication and authorization processes.
Natural Fit of Zero Trust in Web3
Zero Trust is not new to Web3. Since the birth of Bitcoin, blockchain technology has adopted a Zero Trust approach. In a blockchain network, no entity is trusted. Instead, every user can independently verify each transaction, ensuring that the protocol is followed correctly from start to finish. This verification process eliminates the need for any authority, including trust in the nodes running the network.
In a hypothetical scenario, imagine a blockchain named Castleum that adopts the Castle and Moat model. Here, validators process transactions and update the blockchain state without user verification, potentially creating vulnerabilities if the consensus mechanism is compromised. In contrast, the Zero Trust architecture of Ethereum requires users to sign transactions, which validators include in blocks after verifying their authenticity, a process verified by each user.
Sovereignty and Honey Pot Problem
As Web3 develops, many blockchain networks emerge, each operating within its own domain. While these networks maintain Zero Trust within their boundaries, challenges arise when interoperability between different blockchains is needed. Traditional methods of connecting these networks involve sacrificing Zero Trust principles and reverting to the Castle and Moat model.
The “sovereignty problem” arises from the need to connect independent blockchain networks, requiring trust in third parties to manage cross-chain interactions. This trusted entity (or entities) becomes a single point of failure, compromising the Zero Trust model. Additionally, these solutions become honeypots, attracting attackers, especially as the control of assets increases.
Isolated ZTPs
Zero Trust Protocols (ZTPs) are Web3 protocols that adopt a Zero Trust architecture. They require continuous verification of every operation to ensure that no entity is inherently trusted. In an isolated network, ZTPs set the standard for Web3, maintaining Zero Trust by ensuring that only native assets involving that network are involved. This means that in a single blockchain like Ethereum, transactions involving native assets maintain Zero Trust, creating “isolated ZTPs.”
For example, consider Uniswap, a popular decentralized exchange on Ethereum. When a user wants to exchange two native Ethereum assets such as UNI and ETH, Uniswap operates as a Zero Trust protocol. The protocol inherits Ethereum’s Zero Trust architecture, ensuring that every transaction can be verified by all users.
However, the situation changes when a user wants to exchange ETH and wBTC (Wrapped Bitcoin). wBTC relies on a centralized custodian (BitGo) for BTC derivatives. In this case, Uniswap loses its Zero Trust nature, as the security of wBTC depends on BitGo’s Castle and Moat architecture, requiring users to trust BitGo rather than independently verifying transactions. This makes Uniswap operate as a Castle and Moat protocol (or CMP).
As users cannot directly interact with tokens from other networks (such as BTC or SOL) within Uniswap, they must rely on derivative wrapped assets with Castle and Moat architecture, making Uniswap an isolated ZTP. This often involves traditional cross-chain solutions such as bridging, cross-chain messaging, and joint MPC.
2PC-MPC: The Future of ZTPs
To create ZTPs that are not limited to their deployed networks, the dWallet network uses advanced encryption methods to maintain Zero Trust between different networks. The dWallet network’s 2PC-MPC encryption protocol enables ZTPs to operate in various blockchain ecosystems without compromising their Zero Trust principles. By cryptographically requiring user participation, dWallet ensures that every operation is verifiable and no entity is trusted.
2PC-MPC is an encryption scheme that allows two parties (in this case, users and the dWallet network) to jointly generate signatures for any network, involving hundreds to thousands of decentralized nodes, forming a non-colluding and massively decentralized system. User participation ensures Zero Trust, while the dWallet network’s participation enforces logic through the protocol, creating the infrastructure for ZTPs.
Operation of ZTPs
User and Network Participation: Both users and the dWallet network must participate for any transaction or operation to be verified. User participation is crucial for generating the necessary encrypted signatures.
Decentralized Verification: The dWallet network consists of a large number of nodes, collectively verifying user input and transaction details. This decentralized verification process ensures that no single entity can control or manipulate transactions.
Cross-Chain Interaction: ZTPs allow secure interactions between different blockchain networks. For example, users can interact with assets on Ethereum and Bitcoin without compromising the Zero Trust model. The dWallet network ensures that all operations between these networks are verified and authenticated.
Practical Application of ZTPs
Vitalik Buterin has expressed skepticism about cross-chain applications, mainly due to the inherent security limitations of blockchain bridges, especially when facing 51% attacks on chains with weaker security. He has emphasized the risks of Castle and Moat architecture for these connections, particularly when facing 51% attacks that could compromise the native assets of more secure chains.
ZTPs are necessary for a multi-chain world that does not rely on Castle and Moat architecture. They provide solutions for decentralized custody, multi-chain DeFi, and non-custodial wallet solutions.
Conclusion
Zero Trust Protocols (ZTPs) are crucial for maintaining the security and integrity of the multi-chain Web3. By requiring continuous verification and eliminating inherent trust, ZTPs ensure safe and resilient interactions between different blockchain networks. They make secure interactions across any blockchain possible, paving the way for innovative decentralized applications.
As we continue to explore the potential of blockchain technology, embracing the Zero Trust principles through ZTPs will be essential for building a secure and interoperable Web3 ecosystem.
