Stroom Network's Security Fortress: A Closer Look

In this blog post, we delve into the architectural and operational pillars of Stroom Network, spotlighting our strategic approach to security, transparency, and trust, which we believe will ultimately redefine the standards of DeFi security.

In a world where systems are constantly under threat, vulnerabilities frequently make headlines, and yet, there's a perennial hope that the next product, upgrade, or patch will be the definitive answer to security challenges. This cycle of anticipation and, often, disappointment, was probably best described by renowned security expert Bruce Schneier, who once said: “Security is a process, not a product.”

Schneier's words, dating back to 2000, also remain relevant today in the context of Decentralized Finance (DeFi) and the broader digital assets landscape. While blockchain-based products and applications do offer a degree of protection, they are not infallible. The recurring narrative of “this time it’s secure” has been repeatedly disproven as new vulnerabilities in smart contracts are discovered and exploited.

According to a recent Chainalysis report, the value lost in DeFi hacks declined by 63.7% year-over-year in 2023, totaling $1.1 billion. Despite this significant decrease in value, the number of attacks increased, rising from 219 in 2022 to 231 in 2023, with both on-chain and off-chain vulnerabilities driving the majority of DeFi hacking activity last year.

There are surely a bunch of factors to consider before making a decision to invest in DeFi projects, but those related to security, transparency, and trustworthiness are arguably of utmost importance. At Stroom Network, we have taken several steps to fortify these aspects within our ecosystem.

But first, let’s take a look at Stroom’s protocol architecture, which will help you understand the associated security challenges and how we seek to overcome them. 

Stroom Network - Overview

Stroom integrates with three major networks: Bitcoin, Ethereum, and the Lightning Network (LN), aiming to ensure secure and trustless operations by facilitating reliable communication among them.

To engage with Stroom, participants are required to deposit their Bitcoins into the project's treasury. Subsequently, users have the option to mint either stBTC or bstBTC – both of which are liquid ERC-20 tokens that can be used across various DeFi protocols.

While stBTC maintains a fixed balance, it's important to note that staking rewards are not available until you convert stBTC into bstBTC.

This functionality is underpinned by three foundational elements to facilitate the system’s operations.

Firstly, there's an integration with Ethereum, chosen for its prominence as the premier DeFi blockchain, with plans to broaden support to more blockchains down the line. Secondly, the platform utilizes Stroom-supported LN nodes, or hubs, pivotal in managing transactions. Lastly, the setup includes Stroom validating nodes, indispensable for the seamless and secure operation of the DAO. These integral components allow Stroom to merge the functionalities of Bitcoin and Ethereum, offering a novel bridge between these two leading digital asset ecosystems.

Stroom connects Bitcoin and Ethereum through a bridge; however, bridge hacks have historically presented a major challenge for DeFi. To enhance the security of this setup, both the Stroom Bridge and the treasury operate on a K-of-N multisig model, where each member monitors both the ETH and BTC blockchains. This means that no single party can execute a transaction without the consensus of the others, ensuring greater transparency and security for all involved.

Securing Stroom-Enabled Lightning Network Hubs 

Within the Stroom system, all LN nodes are required to conform to the Stroom protocol, ensuring they meet specific standards for operation. Crucially, these nodes won't have access to the Bitcoin stored within their channels, safeguarding the assets against unauthorized transactions. Any modification to the channel's state mandates approval from the system's validating nodes, enhancing the security framework.

Moreover, it's mandatory for LN nodes within Stroom's network to report any revoked channel states, verified by the channel's counterpart, to the validating nodes' databases. This procedure enables the Stroom-enabled hub to serve as a secure link to the federated Lightning Network Node, which is managed by the validating nodes. This arrangement also embeds a Stroom Watchtower functionality that vigilantly oversees the channel states for compliance. Should any LN node deviate from the federation's rules, the federation has the authority to close all channels linked to that node and exclude it from the network, ensuring the integrity and security of the system remain intact.

Stroom Validating Nodes

The consensus mechanism among Stroom validating nodes employs the FROST algorithm, a practical Schnorr threshold signature scheme. This allows validating nodes to independently verify and approve various operations, ensuring no dependency on the consensus of other nodes for validation. Achieving an approval consensus requires at least a two-thirds majority plus one of the validating nodes' votes.

Within the scope of Stroom's operational framework, the management of current channel states, revocation keys, and updates to LN state signatures are crucial. For activities such as stroomBTC minting and redemption, multi-party signatures are produced by the validating nodes and stored within their local databases for quick access by LN-enabled hubs.

These local databases achieve synchronization through a method akin to a Practical Byzantine Fault Tolerance (pBFT)-style consensus mechanism. This setup allows each validating node within the Stroom network to access information from others, ensuring censorship resistance. 

To facilitate the bridging process between Bitcoin and Ethereum, each validating node incorporates full nodes for both blockchains. This integration enables the collective functioning as a DAO-managed LN Watchtower, with validating nodes overseeing LN channels via Bitcoin nodes and securely storing revocation keys in their databases, further bolstering the network's security and integrity.

Stroom DAO

For the trustless staking of liquidity in Lightning Network channels, a mechanism for multi-party signature computation is essential to manage user funds securely. To that end, Stroom is adopting a DAO structure for distributed governance that enhances transparency, allowing for community involvement in decision-making. 

Through this structure, the community gains the ability to set and adjust incentives encouraging honest behavior among signature holders, replace a validating node if necessary, and propose as well as implement changes to the underlying protocols. in addition to managing the funds accrued from service fees, the community can allocate funds for the development of the protocol and its core functionalities using the DAO treasury. 

What's Next for Stroom Network

We strongly believe that Stroom Network is poised to set a new standard in the DeFi landscape. In addition to the already deployed industry-standard encryption methods, secure smart contract coding practices and advanced security measures, plans are underway for regular audits by reputable third-party security firms, complemented by dynamic bug bounty initiatives.

These strategic efforts are aimed not just at identifying and correcting potential weak spots but also at nurturing a culture of perpetual vigilance and enhancement within the Stroom platform.

*****
We hope you've found this article helpful. To learn more about Stroom, access detailed information about our technology, or explore how you can join the ecosystem, visit the following resources:

Official website: https://stroom.network/
Whitepaper: https://stroom.network/Primer.pdf
Twitter (X): https://twitter.com/StroomNetwork
Discord: https://discord.gg/DZ53WjDXz9
Telegram: https://t.me/stroomnetwork