RenBTC, a project that has just launched their mainnet, claims pretty much native integration of bitcoin into ethereum by connecting the two blockchains through RenVM, a network of nodes.
That network connects bitcoin and ethereum in a decentralized way, they say, getting rid of custodians who might run with the funds or might not give them to you as here it’s the RenVM nodes that hold your bitcoins.
Their wiki paints a technical picture of network nodes runnable by anyone who has 100,000 ren tokens ($8,700), with these nodes being the custodians of the deposited bitcoins.
So you need 1/3rd of them to cheat for your coins to be stolen or indeed for the renBTC potentially to be printed out of thin air.
“RenVM replaces the role of the trusted custodian with a decentralised custodian. This decentralised custodian is implemented using the RZL MPC algorithm, which can generate and manage ECDSA private keys without ever exposing them (not even to the machines that power RenVM,” they say.
On the surface, the process looks very smooth. You have a click and go website where you say how much bitcoin you want to send to this network to tokenize on ethereum, and that’s it. You now deposit to the newly generated address:
Above is our mini test, with a new bitcoin address given. The deposited bitcoin’s are then consolidated to the node’s public address with the first deposit being on June the 1st.
“User deposits BTC into a gateway address which is a Bitcoin script that can only be spent by RenVM, and RenVM immediately consolidates the BTC into its address,” Loong Wang, Ren’s CTO, says.
The first question is of course how exactly do these Ren nodes talk to the bitcoin blockchain, to the bitcoin nodes.
We’re told that’s through an API currently run by the Ren project that looks at the bitcoin blockchain and tells the nodes there has been a deposit.
The nodes then provide you a signature which now can be sent to the ethereum smart contract, giving you permission to mint an equivalent amount of renbtc tokens.
The API here therefore is doing a lot of work, and if you control it, you can tell the nodes 100 btc has been deposited when it hasn’t.
However, “Darknodes can be configured to look at any API, including their own, or a third-party one,” Wang says before adding:
“We’re also building a very light weight client for various chains that syncs/stores only the exact information needed for RenVM to function (which is less than the usual SPV client).”
That presumably then means you can kind of integrate the API to ‘talk’ to bitcoin nodes directly. A difficult task, but if you can choose your API, then this project starts looking a lot more promising.
But there’s a second fundamental question. How on earth are these nodes generating the keys, storing the coins, with no one apparently having the key – as in being able to see it.
Asked for example who has the key to the ren nodes public address, Wang says: “No-one. This is part of what makes RenVM secure.”
“The RZL MPC algorithm is a cryptographic protocol that allows nodes to jointly generate keys and use them without being able to see them, and they cannot use the keys unless there is consensus amongst the nodes that this is ok to do,” he says.
We haven’t heard of this algo before, but Wang says: “MPC is not a new concept, and RZL MPC builds on very well established, long standing work in that space. But, we make it appropriate for use in decentralised networks where the participants are anyone in the world.”
With this algo being crucial to the workings of this whole project, the rest of the interview follows below in a transcript format:
Right, obviously I’m no expert in algos, but am told there has been a code audit, is that the case and if so can you link the report as I couldn’t find it.
Wang: Those audits are all the ones publicly available. The implementation of the algo is not yet open-sourced, as it is still undergoing more auditing, and we would like to reach uptime/adoption milestones before making it public for security and defence against copy-cats.
Isn’t the algo in the nodes? So how is it not open sourced, I thought the nodes code is on github?
The majority of it is, but not the RZL MPC algo. In the current phase of the rollout plan, public Darknodes are not yet running this algo.
Our medium blog has posts talking to the multiple phases of the Mainnet rollout. We are currently in the first phase: SubZero.
This allows us to rollout responsibly, keeping the system semi-centralised initially to ensure that we can quickly identify and respond to any bugs that might be discovered.
The next phase will involve more contribution from the Darknodes, and all code + more audits will be made public before that phase begins.
When might we expect the next phase?
This largely depends on the completion time of more audits. The time required for this is unfortunately out of our hands.
It also requires sufficient adoption to ensure that a stable base of fees is being generated to incentive a few hundred Darknodes (this is also out of our hands, but we are already seeing good adoption that is well on the way to bringing profit to hundreds of nodes).
Given this, it is impossible to give precise time frames. Having said that, I am reasonably confident that we will see the progression to Phase Zero happen this year, but that’s only an estimate.
Have these audits been commissioned, who is doing the audits?
We have begun the process with an auditor, and we will make more information about the next audits available to everyone soon.
We’d like to do this officially though, to make sure we can minimise the spread of misinformation.
So this is more a work in progress project, with the algo apparently some sort of trade secret, at least for now.
That means realistically we have no basis to evaluate the claims of this project as currently Wang says it is semi-centralized.
In addition, without public scrutiny of the algo, we obviously have no basis to take at face value any of the claims of this project, but they say the algo will eventually be published and audited when perhaps even renowned world experts might bother to have a look.
Because the claims are significant, if they stand up scrutiny, with this integrating not just bitcoin into the ethereum network, but also bch, zec, and they could integrate even dogecoin.
Were the decentralized nature of it to be shown eventually, then all these other blockchains would become just sidechains to the ethereum network with tokenization rising as another innovative and dynamic space.
Yet we’re naturally skeptical of their claims and even if we weren’t, this is a very new project so as we always say hacks should be expected especially once it moves towards more decentralization.
Currently it hosts ‘only’ 54 bitcoins, worth half a million dollars, but the growing defi space can add market pressure and very quickly. So security here is crucial.
Meaning anyone who wants to tokenize has to evaluate for themselves what kind of risk they want to take with there being other options of course, like the defi consortium ‘run’ wbtc and quite a few others.
All showing there’s on-going significant innovation in the tokenization of cryptos themselves, something that may even lead to a breakthrough in connecting different blockchains as here there are clear incentives.
The incentive being that a lot of money can be made through fees and the rest, all just through some code that any kid can write provided they have the skills to do what so far no one has quite managed to do in a provably decentralized way.