Platform Updates

Asset Management Solutions for Bitcoin Layer 2s

By Safeheron Team - 2024-05-06

Background

With the emergence of the Ordinals protocol, standards and protocols like BRC-20 and ARC-20 have been developed. The glaring issues of high transaction fees and slow speeds on the Bitcoin network are increasingly prominent, further stimulating the prosperity of Bitcoin's Layer 2 projects.

However, behind this growth lies the potential risks of asset management security as Bitcoin’s scripting system is not naturally Turing complete. Various solutions for Bitcoin Layer 2s manage user assets in a custodial manner to facilitate cross-chain transactions.

Ensuring that assets are not maliciously stolen by external or internal threats presents a significant security and trust challenge for the Bitcoin Layer 2 ecosystem. Safeheron has outlined several common Bitcoin-based projects and provides corresponding asset management solutions.

Bitcoin Layer 2

How Bitcoin Layer 2 works
Bitcoin Layer 2 projects map assets such as BTC, BRC-20, and ARC-20 from Bitcoin to Layer 2 networks through Layer 2 bridges, and they face the issue of how to manage the assets on Bitcoin and Layer 2 securely and efficiently.

The main challenges include:

  • Securely and efficiently manage assets on Bitcoin and EVM Layer 2s to prevent internal and external malicious activities that could lead to asset loss.
  • Enhance the transparency of asset management to improve customer trust.
  • Securely and efficiently manage smart contracts on EVM Layer 2s, such as deploying, managing, and upgrading batch transfer contracts, token contracts, etc.

Bitcoin Cross-chain Bridge

What is Bitcoin cross-chain bridge
Bitcoin cross-chain bridges enable the transfer of assets across different blockchains. They facilitate the seamless transfer of assets like BTC, BRC-20, and ARC-20 on Bitcoin, WBTC on Ethereum, and BTC, BRC-20, and ARC-20 on EVM-based Bitcoin Layer 2s.

The main challenges include:

  • Securely and efficiently manage assets on Bitcoin and EVM Layer 2s to prevent internal and external malicious activities that could lead to asset loss.
  • Enhance the transparency of asset management to improve customer trust.
  • Securely and efficiently manage smart contracts on EVM Layer 2s, such as deploying, managing, and upgrading batch transfer contracts, token contracts, etc.

Bitcoin Swap Platform

What is Bitcoin swap platform
Bitcoin swap platforms enable the swapping between pairs like BTC/BRC-20 and BTC/ARC-20, as well as allow liquidity providers (LPs) to add or remove liquidity in pools.

The main challenges when managing assets in the swaps and pools are:

  • Securely and efficiently manage assets on Bitcoin such as BTC, BRC-20, and ARC-20 tokens to prevent internal and external malicious activities that could lead to asset loss.
  • Enhance transparency in asset management to boost customer trust.

EVM L2 dApp

How EVM L2 dApp works on Bitcoin
Projects in EVM Layer 2 that build product features through smart contracts face challenges such as security and efficient development, deployment, management, and upgrading of contracts.

The main challenges in the deployment and management of contracts are:

  • Security of the private keys used for deploying contracts, which require multi-person approval within the team.
  • Automated data updates on a regular basis, along with secure management of the hot wallets’ private keys that have operational permissions.
  • Sensitive management operations require multi-person approval, such as changing owners or upgrading contracts.
  • Eliminate the single point of failure associated with permissions of the owner’s private key.

Solutions

Safeheron has released a self-custody SaaS platform and fully private deployment white-label solution, the MPC Node Suite, based on secure multi-party computation (MPC) and Trusted Execution Environment (TEE) technology. It offers a rich array of solutions for the aforementioned business scenarios for customers to choose from.

The Safeheron self-custody platform is built upon an MPC-TSS 3/3 threshold structure underpinned by TEE to protect cloud-based key shards and Policy Engine. This allows customers to configure simple or complex approval workflows tailored to different business scenarios, supporting automatic cloud-based and manual approvals.

The Safeheron MPC Node Suite provides a fully privatized white-label solution, including a server-side MPC Node middleware, and Embedded MPC Node SDKs for browser, Android, and iOS devices. It supports nearlyanyt of n MPC-TSS threshold for ECDSA, EdDSA, and Schnorr signature algorithms.

TSS: Threshold Signature Scheme

Asset Management Solutions Based on the Safeheron Self-Custody SaaS Platform

Asset management solution based on the Safeheron Self-Custody SaaS Platform
The Safeheron self-custody SaaS platform includes product components such as a web console, a mobile app, Open API, a browser extension, and API Co-Signer. It supports BTC asset management and group sending and will soon support BRC-20 and ARC-20 token asset management.

Securely and Efficiently Manage BTC Assets

The mobile App and Open API support BTC asset management and will soon support BRC-20 and ARC-20 token management. The Open API supports batch BTC transfer, further improving the efficiency of on-chain transfers on the Bitcoin network and lowering transfer costs. Customers can use Open API to complete wallet creation, initiate transfers, approve transfers, and webhook for deposits, satisfying the management of BTC, BRC-20, and ARC-20 tokens.

Securely and Efficiently Manage EVM Assets

The mobile App and Open API support the native token and ERC-20 token management of multiple EVM chains. The browser extension and Open API also support the customization of EVM networks, enabling the management of any EVM Layer 2 asset and contract management.

Approval Flow and API Co-Signer Automatic Approval

The Safeheron self-custody SaaS platform supports setting advanced transaction policies for assets like BTC, ETH, and ERC-20 tokens. Policies can be set based on dimensions such as the wallet in use, asset type, asset amount, target transfer address, and maximum transfer quantity within 24 hours. This implements a mechanism where small amounts go through automatic approval by API Co-Signer and high amounts go through multi-person manual approval, boosting the safety and efficiency of asset management.

Multi-layered Multisig Asset Management Solution Based on the Safeheron Self-Custody SaaS Platform

Multi-layered multisig asset management solution based on the Safeheron Self-Custody SaaS Platform
The Open API included in the Safeheron self-custody SaaS platform provides underlying MPC-TSS signing capabilities to support a more comprehensive range of scenarios. Through this API, customers can retrieve the public key corresponding to a set of key shards for the MPC-TSS, as well as initiate the signing of the raw data.

Securely and Efficiently Manage BTC Assets

Safeheron offers a multi-layered multisig asset management solution. This involves using a Bitcoin native multisig wallet for managing assets like BTC, BRC-20, ARC-20 tokens, etc., which serves as the first multisig layer.

Taking a 2/3 multisig as an example, the native multisig wallet requires three private keys. One of these is managed through Safeheron’s MPC-TSS for 3/3 key sharding and multi-person approval, constituting the second multisig layer.

The other two multisig private keys can be managed by the customer's private key management service, cold storage key manager, or any other trusted service provider. And, the 2/3 threshold design of native multisig wallet addresses business continuity and disaster recovery issues.

The above solution can be realized by utilizing the underlying MPC-TSS signing capabilities of the Open API. Multi-layered multisig not only bolsters security but also improves transparency in asset management. Most blockchain explorers clearly mark a native multisig wallet as a multisig address, displaying its threshold, which in turn also helps foster user trust.

Flexible Support for Various Standards and Protocols

Customers can flexibly support different standards and protocols based on their business needs. With the underlying MPC-TSS capabilities, the customer independently implements wallet-side functionalities, unrestricted by the platform's support speed for blockchains, standards, and protocols. This allows for full independent support of new standards and protocols.

Approval Flow and API Co-Signer Automatic Approval

The signing capability enabled by MPC-TSS allows for the configuration of transaction policies across various dimensions of the wallet. And it provides a strong mechanism for improving the security and efficiency of asset management. In business scenarios, high-frequency foundational operations are subject to automatic approval via API Co-Signer, whereas low-frequency, high-risk operations necessitate the manual approval of multiple personnel.

Multi-layered Multisig Asset Management Solution Based on the Safeheron MPC Node Suite

Multi-layered multisig asset management solution based on the Safeheron MPC Node Suite
Based on the previous solution (Multi-layered Multisig Asset Management Solution Based on the Safeheron Self-Custody SaaS Platform), if a customer wants to have full control over all key shards, deploy privately, and customize the thresholds of MPC-TSS, they can build a multi-layered multisig asset management solution using the MPC Node Suite to implement the second multisig layer.

Fully Private Deployment

The MPC Node Suite includes server-side MPC node middleware, and embedded MPC node SDKs for the browser, Android, and iOS devices. Customers can deploy them 100% privately when integrating and maintaining all data ownership.

Support for Various Protocols and Flexible Thresholds

The MPC Node Suite supports the ECDSA (Secp256k1), EdDSA (Ed25519), and Schnorr (Ed25519) corresponding MPC-TSS protocols, with flexible thresholds that can be customized by the customer, meeting the need to build different security models.

Simple Integration to Seamless Embed in Your Application

The MPC Node Suite offers uniform functionality, interfaces, and integration processes across all endpoints, facilitating developers to deploy and build cross-platform applications rapidly. Customers can seamlessly incorporate MPC-TSS capabilities into their services by leveraging private deployment and flexible interfaces, ensuring secure, efficient, and user-friendly products.

One-Stop EVM Smart Contract Solution

One-stop EVM smart contract solution
In the Safeheron self-custody SaaS platform, the browser extension is fully compatible with MetaMask, and the Open API provides interfaces for creating EVM wallets and signing various types of transactions using EVM wallets. Transactions initiated through the browser extension or Open API are signed with MPC-TSS once approved, preventing the single point of failure on private keys.

Securely and Efficiently Deploy Smart Contracts

To avoid exposing the single private key in development and production environments, developers can deploy smart contracts via the browser extension & Remix or by compiling the contracts and calling the eth_signTransaction method through the Open API for deployment.

Safeheron has open-sourced Hardhat and Truffle extensions, supporting seamless integration with these development frameworks, and thereby optimizing the contract deployment.

Securely and Efficiently Manage and Upgrade Smart Contracts

When calling smart contract methods, transaction policies can be set to establish an approval process. Currently, configurations are supported based on the wallet in use and the smart contract address called. The dimensions of policy configuration will soon support smart contract invocation methods and parameters.

By configuring policies, high-frequency, low-risk contract calls can be automatically approved using API Co-Signer, while less frequent, high-risk operations like 'changeOwner' and contract upgrading are subject to multi-person manual approvals, enhancing the security and efficiency of smart contract management.