certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update assumptions.md

This commit is contained in:
Leo 2020-11-27 19:31:11 +01:00
parent c2c50b3326
commit 8c0c902b42
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/assumptions.md
View File

@ -98,9 +98,12 @@ causing irreversible damage with a single signature. It merely complicates the a
For some use cases, like PoS validation, the risk of host compromise can be fully mitigated by running a smart HSM like
[SignOS](https://certus.one/sign-os). In these cases, the smart HSM can parse the signature payload and apply
constraints like "a given block height may only be signed once", which can be independently verified in a secure
enclave. In the case of on an oracle like Wormhole, this constraint is "only finalized events may be certified", which
is impossible to verify without verifying block headers. Therefore, in the case of Wormhole, the entire Wormhole
instance would have to run inside a smart HSM, including light clients for the chains it supports.
enclave.
In the case of an oracle like Wormhole, this constraint is "only finalized events may be certified", which is impossible
to verify without verifying merkle proofs and syncing at least a sparse header chain. Therefore, in the case of
Wormhole, the entire Wormhole instance would have to run inside a smart HSM/SignOS, including light clients for the
chains it supports.
## Third-party libraries