xCross: DeFi Cross-Chain Bridge Security

The Bridge Problem

Cross-chain bridges are the number one DeFi attack vector. Bridge signing keys held by single validators or small multisig groups have enabled over $2.5 billion in exploits since 2021.

Cross-chain bridges transfer assets between blockchains by locking tokens on one chain and minting equivalent tokens on another. The bridge's signing keys authorize these transfers. When these keys are compromised, attackers can mint unlimited tokens or drain locked funds.

The Ronin Bridge ($625M), Wormhole ($320M), and Nomad ($190M) exploits all targeted bridge key management. Traditional multisig provides some protection but is computationally secure, not information-theoretically secure. A multisig key exists as a complete key that is checked against multiple signatures. xCross provides a fundamentally stronger guarantee: below-threshold shares reveal zero information about the key regardless of the attacker's computational power.

The Old Way

The xCross Solution

xCross splits bridge signing keys and swap secrets across independent validators using XorIDA K-of-N threshold sharing. No validator can act alone. HMAC verification ensures integrity before every reconstruction.

Bridge keys are split via splitSecret() into K-of-N shares distributed across independent validators operating in different jurisdictions, on different infrastructure, with different security teams. Atomic swaps via initiateSwap() and completeSwap() collect K threshold shares, verify HMAC integrity, ephemerally reconstruct the secret, authorize the transaction, and immediately destroy the reconstructed secret material.

Unlike traditional multisig, XorIDA provides information-theoretic security: below-threshold shares reveal zero information about the swap secret. This is mathematically provable and holds even against quantum computers or unbounded computational resources. The implementation is blockchain-agnostic and works with any chain supporting hash-time-locked contracts (HTLCs).

The New Way

Architecture

Atomic swap lifecycle: initiation (create HTLC + split secret), completion (threshold reconstruct + claim + destroy), and refund (timelock expiry recovery).

Core Types

SwapConfig: Configuration for atomic swap (sourceChain, destChain, amount, recipient, timelockSeconds, optional fee).

SwapSecret: XorIDA-split swap secret (preimage, shares[], hmacs[], hash). Below-threshold shares reveal zero information.

SwapShare: Single XorIDA share (index, total, threshold, data, hmac). Distributed to independent validators.

SwapState: Current swap state (swapId, config, secretHash, expiry, initiator, status, optional proof, optional completedAt).

SwapProof: xProve verification proof (tier T1/T2/T3/T4a/T4b, proof data, publicInputs, timestamp).

Benchmarks

XorIDA splitting and reconstruction are sub-millisecond operations for typical 32-byte secrets. HTLC creation and claim times depend on blockchain confirmation speed.

Performance Characteristics

xCross cryptographic operations are negligible overhead compared to blockchain confirmation times. The security gain is substantial: information-theoretic protection against validator compromise.

Security Analysis

xCross provides information-theoretic security for swap secrets. Below-threshold shares reveal zero information regardless of computational power. HMAC integrity verification protects against tampering.

Blockchain-Agnostic Design

xCross works with any blockchain that supports hash-time-locked contracts (HTLCs). The XorIDA secret splitting is chain-agnostic and operates at the cryptographic layer, not the consensus layer. Supported chains include:

• Ethereum and EVM-compatible chains (Polygon, Arbitrum, Optimism, BSC, Avalanche)
• Bitcoin via Lightning Network HTLCs or on-chain scripts
• Cosmos ecosystem chains via IBC HTLC modules
• Polkadot parachains with XCMP HTLC support
• Cardano via Plutus HTLC scripts
• Solana via Sealevel HTLC programs

Adding support for new chains requires only a chain-specific HTLC adapter. The core XorIDA splitting, HMAC verification, and secret reconstruction logic is universal.

Integration

xCross provides a simple API for atomic swaps: initiate, complete, refund. All operations return Result<T, E> for explicit error handling.

import { initiateSwap, completeSwap, refundSwap } from '@private.me/xcross';
import type { SwapConfig, SwapProof, ProgressCallback } from '@private.me/xcross';

// Configure atomic swap
const config: SwapConfig = {
  sourceChain: 'ethereum',
  destChain: 'bitcoin',
  amount: '1000000',        // 0.01 BTC in satoshis
  recipient: 'bc1q...',
  timelockSeconds: 86400,   // 24 hours
};

// Progress callback for long-running operations
const onProgress: ProgressCallback = (stage, percent) => {
  console.log(`${stage}: ${percent}%`);
};

// Initiate swap (creates HTLC + splits secret across validators)
const initResult = await initiateSwap(config, 'initiator_eth_address', 2, 3, onProgress);

if (initResult.ok) {
  const { state, secret, htlcAddress } = initResult.value;
  // Deploy HTLC on Ethereum with secret.hash
  // Distribute secret.shares to 3 validators (need 2 to complete)
  console.log(`Swap ID: ${state.swapId}`);
  console.log(`HTLC: ${htlcAddress}`);
}

// Complete swap (collects K shares, reconstructs secret, claims funds)
const shares = [secret.shares[0]!, secret.shares[1]!]; // 2-of-3
const proof: SwapProof = {
  tier: 'T3',
  proof: '...',
  publicInputs: [state.secretHash, config.amount],
  timestamp: new Date().toISOString(),
};

const completeResult = await completeSwap(state, shares, proof, onProgress);

if (completeResult.ok) {
  const { preimage, txHash } = completeResult.value;
  // Use preimage to claim funds on destination chain
  console.log(`Swap completed! Tx: ${txHash}`);
}

// Refund if swap fails (after timelock expiry)
const refundResult = await refundSwap(state, onProgress);
if (refundResult.ok) {
  console.log(`Refunded: ${refundResult.value.txHash}`);
}

API Reference

Core Functions

Error Handling

import { ERROR_DETAILS, toXcrossError } from '@private.me/xcross';

const result = await completeSwap(state, shares, proof);

if (!result.ok) {
  // Get actionable error details
  const details = ERROR_DETAILS[result.error.code];
  console.error(details.message);
  console.error('Recovery hint:', details.hint);

  // Convert to typed error class for try/catch patterns
  const error = toXcrossError(result.error.code);
  console.error(error.docUrl); // Link to docs
}

UX Enhancements

xCross provides progress callbacks and comprehensive error handling to make long-running swap operations transparent and debuggable.

Progress Callbacks

Monitor long-running operations with the optional ProgressCallback parameter. All core functions (initiateSwap, completeSwap, refundSwap) support progress tracking.

const onProgress = (stage: string, percent: number) => {
  console.log(`[${percent}%] ${stage}`);
};

await initiateSwap(config, initiator, 2, 3, onProgress);

// Output:
// [5%] validating
// [15%] generating-secret
// [25%] splitting-secret
// [60%] generating-hmacs
// [75%] creating-htlc
// [100%] complete

Error Details Map

Every error code has an entry in ERROR_DETAILS with a human-readable message and actionable recovery hint. Error classes (XcrossConfigError, XcrossIntegrityError, XcrossExecutionError, XcrossProofError) provide documentation URLs.

Verifiable Swap Execution

Every swap operation in xCross produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that secrets were split, stored, and reconstructed correctly — without accessing the secrets themselves.

Use Cases

Ship Proofs, Not Source

xCross generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify swap integrity using zero-knowledge proofs — no source code required.

Use Cases

Honest Limitations

xCross is not a complete bridge implementation. It provides the cryptographic foundation for information-theoretically secure atomic swaps. Blockchain integration, HTLC deployment, and validator coordination are out of scope.

What xCross Does NOT Do

• HTLC Deployment: xCross does not deploy HTLC contracts. You must integrate with chain-specific HTLC implementations.
• Validator Selection: xCross does not choose or manage validators. You must select independent validators with geographic/jurisdictional diversity.
• Share Transmission: xCross does not transmit shares to validators. You must encrypt and send shares via secure channels (TLS 1.3+, Xlink, Signal Protocol).
• Timelock Enforcement: xCross does not enforce timelocks. The blockchain HTLC contract enforces timelock expiry.
• Fee Calculation: xCross does not calculate optimal swap fees or gas costs. You must determine appropriate fees based on current network conditions.
• Liquidity Provision: xCross does not provide liquidity pools or market makers. It is a security layer, not a liquidity protocol.

Production Considerations

Custodian Independence: Validator independence is critical. Validators must not share infrastructure, management, or ownership. Geographic diversity across jurisdictions reduces correlated failure risk.

Share Encryption: Shares MUST be encrypted during transmission. xCross provides integrity (HMAC) but not confidentiality during transit. Use TLS 1.3+ for HTTPS, Xlink for E2EE channels, or Signal Protocol for asynchronous messaging.

Timelock Selection: Timelock duration must account for worst-case blockchain confirmation times plus validator coordination overhead. Too short = refund before completion. Too long = capital inefficiency. Recommended: 24 hours for high-value swaps, 6-12 hours for routine swaps.

Testing: Test on testnets extensively before mainnet deployment. Run abuse tests (share tampering, timelock bypass, double-spend attempts) to verify security properties.

xCross Enterprise (Planned)

Enterprise CLI for air-gapped bridge validator operations. Not yet implemented. Planned features: automated share distribution, threshold signing ceremonies, validator health monitoring, audit trail generation.

Ready to deploy xCross?

Talk to Sol, our AI sales engineer, or book a live demo with our team.