Bridge Nodes

Bridge nodes implement p-of-n Schnorr signatures and FROST (Flexible Round-Optimized Schnorr Threshold Signatures) as a TSS to hold bridged BTC assets on Bitcoin L1.

Threshold signature schemes allow participants to produce signatures over a transaction using their secret shares such that anyone can validate the integrity of the message, without ever reconstructing the secret.

FROST allows for Distributed Key Generation (DKG). This ensures that every participant contributes equally to the generation of the shared secret so that each participant holds only a share of the corresponding secret such that no subset of participants smaller than the threshold knows. At the end of running the protocol, all participants share a joint public key Y.

FROST allows aborting if there is a misbehaving participant. This participant can be identified and will be excluded from future signing

Additionally, there are two defense mechanisms that Yona uses to secure the bridge:

I. Yona’s L2 bridge contract implements a Bitcoin Light client and verifies ZKPs for the light node proofs. This allows Validator nodes to participate in securing the BTC peg in two different ways:

1. Execute L1->L2 deposit transactions. A light client verifies a ZKP before minting BTC on Yona.

2. Ensure that the amount of BTC minted on Yona is always equal to the amount of BTC bridged through the canonical bridge. On any successful deposit or withdrawal, Bridge nodes must send a ZKP proof of balance held by the multisig. Yona L2 Bridge contract checks that the amount of BTC minted on Yona is equal to the amount of BTC bridged through the canonical bridge. If this invariant is broken, the bridging is automatically paused.

II. Yona mandates that Bridge nodes are executed in TEE and pass remotely attestation to verify their code and data integrity. This forces nodes to check that there was a L2->L1 withdrawal transaction before signing. In other words, a Bridge node cannot sign an L1 (Bitcoin) transaction that does not have a corresponding withdrawal transaction in L2 (Yona), assuming a TEE is not compromised.