Update assumptions.md
This commit is contained in:
parent
c2c50b3326
commit
8c0c902b42
|
@ -98,9 +98,12 @@ causing irreversible damage with a single signature. It merely complicates the a
|
|||
For some use cases, like PoS validation, the risk of host compromise can be fully mitigated by running a smart HSM like
|
||||
[SignOS](https://certus.one/sign-os). In these cases, the smart HSM can parse the signature payload and apply
|
||||
constraints like "a given block height may only be signed once", which can be independently verified in a secure
|
||||
enclave. In the case of on an oracle like Wormhole, this constraint is "only finalized events may be certified", which
|
||||
is impossible to verify without verifying block headers. Therefore, in the case of Wormhole, the entire Wormhole
|
||||
instance would have to run inside a smart HSM, including light clients for the chains it supports.
|
||||
enclave.
|
||||
|
||||
In the case of an oracle like Wormhole, this constraint is "only finalized events may be certified", which is impossible
|
||||
to verify without verifying merkle proofs and syncing at least a sparse header chain. Therefore, in the case of
|
||||
Wormhole, the entire Wormhole instance would have to run inside a smart HSM/SignOS, including light clients for the
|
||||
chains it supports.
|
||||
|
||||
## Third-party libraries
|
||||
|
||||
|
|
Loading…
Reference in New Issue