Cross Chain Attestations

Ever since the dawn of blockchain systems, developers and users alike have faced the dilemma of data storage and availability, where data stored on one blockchain is completely inaccessible from another blockchain. Sign Protocol faces a similar challenge, where attested data simply isn’t available across different blockchains, even if they share a common key derivation algorithm. At the very least, data that’s digitally signed and attested on Base should be just as valid on BNB Chain, for example.

There are plenty of existing mature cross-chain solutions, such as Chainlink CCIP and LayerZero, but none of them satisfy the flexibility that Sign Protocol requires (e.g. pulling and validating data from atypical blockchains such as Arweave). As such, we have partnered with Lit Protocol to present a TEE-based cross-chain attestation verification solution.

What is a TEE?

A Trusted Execution Environment (TEE) is a secure part of a device's main processor that provides a protected space for sensitive operations. It ensures that sensitive data and code are stored, processed, and executed in a way that is isolated from the rest of the system, including the main operating system and applications. This isolation helps prevent unauthorized access or tampering, even if the primary system is compromised.

The TEE operates alongside the main environment but remains insulated from potential vulnerabilities or threats present in the general computing environment. It allows only trusted applications to execute within this secure space, ensuring the confidentiality and integrity of operations like cryptographic computations or secure key management. TEEs are commonly used in scenarios requiring high security, such as mobile payments, digital rights management, and authentication services.

Examples of TEEs include ARM's TrustZone, Intel's SGX, and AMD's ASP, which powers Lit Protocol's decentralized hardware TEE offering. Sign Protocol uses decentralized TEE to ensure the integrity of cross-chain attestation data and each cross-chain verification result is attached with a digital signature signed by at least 2/3 of the entire Lit network using threshold cryptography to prove consensus. You can read more about it here.

Workflow

1. The requester makes an attestation on an official cross-chain schema created by Sign. The attestation contains the target chain ID, target attestation ID, and encoded data to verify, all of which is encoded in extraData for gas efficiency (since extraData is only passed to the hook and emitted as an event instead of being stored, which makes it ~95% cheaper).

   1. We also support navigating a JSON path to make it possible to verify a particular field within a piece of large sized JSON data on Arweave.

2. The schema hook charges a fee to cover the cross-chain verification cost and emits a special event that makes extraData available for the Lit nodes.

3. Lit Action is triggered by this event.

4. Lit Action independently:

   1. Fetches the event and decodes extraData.

   2. Fetches the target attestation on the target chain.

   3. Compares target attestation data against decoded data.

   4. Returns a signed (with Lit key) delegated attestation signature based on the official cross-chain response schema that includes the comparison result boolean.

5. Sign Protocol makes the delegated attestation on behalf of the Lit nodes.

6. The cross-chain verification process is now complete.

Roadmap

Cross-chain attestations will be available in Q1 2025. Stay tuned!