4.3 Cross Chain
DxChain Bridge uses AWS Nitro Enclave to build a fast, safe, and low-cost cross-chain bridge between Ethereum and DxChain.
The DxBridge will be composed of Nitro Enclave and a list of trusted nodes (called Warden). Nitro Enclave will be used to build an isolated execution environment to prevent any centralized interference and reduce the complex steps without sacrificing system security.
DxBridge mainly consists of two parts:
- Nitro Enclave: AWS Trusted Execution Environment solution. By creating an isolated environment, users can use and process private keys with high security while preventing users and applications on the parent instance to views or obtaining information.
- A set of Wardens: third-party searchers and verifiers of transactions. Warden is mainly responsible for retrieving DxChain and Ethereum and submitting legal transactions that need to be processed to Nitro Enclave. First, Warden will look for transactions that have been successfully sent to the Ethereum wallet or transactions that have been retrieved from DxChain. There must be enough funds to pay for related expenses, including the gas fee and cross-chain fees required, otherwise, the transaction will be rejected and Warden will not retrieve these transactions. Nitro Enclave requires a certain number of Wardens to submit the same transaction at the same time, then the bridge will send the corresponding transaction on another chain and submit legal transactions by providing a private key segment.
Figure 5: The Process of DxBridge
Nitro Enclave can directly connect with Warden to obtain on-chain events and send transactions. The private keys of all addresses in the transaction are derived from the master private key generated during initialization that no other party can obtain. The master private key uses the Shamir Secret Sharing algorithm to distribute the private key segments to Warden, and uses TLS communication to verify the identity during the process. Nitro Enclave will ask Warden for private key segments via TLS connection to retrieve the master private key, and distribute new private key segments to Warden again after restart. In addition, transactions confirmed to have been processed by the bridge will be backed up locally.