Introduction
LCP (Light Client Proxy) is a middleware that performs light client verification for a chain to be verified (Upstream) on behalf of a verifying chain (Downstream) and generates proof that enables the Downstream side to verify the validity of Upstream at a low cost.
There are various verification schemes for cross-chain communication, including:
- The HTLC method for an atomic swap of tokens.
- Trusted External Validators scheme that consists of single or multiple off-chain parties.
- The Light Client method that verifies the consensus of each chain.
#1 is specialized for atomic swaps and is not versatile. #2 has many variants such as using collateral or Oracle. Still, they all require additional trust assumptions for off-chain parties. #3 is superior in terms of applicability and does not require additional trust assumptions, but it suffers from low scalability due to high implementation costs and high verification costs.
The verification cost of the light client scheme depends on the consensus algorithm for each chain and the availability of support for the cryptographic primitives required for verification. For this reason, the high execution cost (gas cost) of the verification process is often a problem especially for EVM-based chains. In addition, light client implementation is required for each combination of chains, making it difficult to scale.
One effort to improve the above issues is ibc-proxy, which introduces a Proxy chain that verifies an Upstream on behalf of a Downstream, and the Downstream verifies the Proxy chain. Thus, each chain does not need to implement a light client of its communication target. However, this architecture requires an additional trust assumption for the Proxy chain.
TEE (Trusted Execution Environment) is an isolated environment on a processor, also called an Enclave. Developers can configure arbitrary programs and execute them in the Enclave. Intel SGX and AMD SEV, two implementations of TEE, also provide a function called Remote Attestation, which allows third parties to verify the execution environment, including hardware and its programs.
We propose Light Client Proxy (LCP) as a new proxy scheme that performs light client verification in the Enclave using TEE and enables low-cost verification of a target chain. This scheme requires only one light client implementation for each target chain in the Enclave, thus increasing extensibility. In addition, instead of light client verification on-chain, a verifier chain only performs signature verification using keys generated in the Enclave. This can significantly reduce the cost of normal on-chain verification. Furthermore, by using TEE as a Proxy instead of an intermediate chain, you can minimize the trust assumption.