Read the Original Article on LinkedIn:
🎢 Here’s to our interoperability joy ride:) In the rapidly evolving multi-chain landscape, the significance of blockchain interoperability solutions cannot be overstated with key implications on tokenization. This analysis delves into the high-level differences in the security features of two prominent cross-chain message passing protocols: Chainlink CCIP vs LayerZero.
Chainlink CCIP ensures valid transaction delivery through three independent oracle networks, provided that the merkle root of a specific transaction is deemed "blessed" and matches with the transaction proof. The cross-chain messaging process involves three distinct steps:
- 1️⃣ The Committing Decentralized Oracle Network (DON) produces a merkle root for the transaction on the destination chain.
- 2️⃣ The Risk Management Network provides additional security by performing a similar action to Commiting DON. If the produced merkle root matches, it is blessed as the first security check.
- 3️⃣ The Executing DON submits the message corresponding to the "blessed" root to the destination chain, and CCIP includes the message only if the "blessed" root matches the transaction proof.
LayerZero, on the other hand, relies on two independent node types (Oracle and Relayer) for valid transaction delivery, ensuring that the block header and transaction proof match. Verification takes place directly on a node/single-server level (Oracle node vs Relayer node).
- ❓The key assumption here is that collusion between the Oracle and Relayer does not occur. If collusion were to happen (one in the pair is compromised), the transaction could be tampered with, but such tampering is confined to the application that chooses the specific pair set.
- 🤷🏻♀️The responsibility of managing collusion risk is passed on to the applications, aka "choose at your own risk”.
CCIP vs. LayerZero key distinctions:
- 🏝️LayerZero operates with two servers for each transaction delivery, relying on their non-collusion assumption. In contrast, CCIP is by design collusion proof because it functions with three independent networks (consensus baked in) compared to the alternative server level operation.
- 👮🏻♀️CCIP incorporates an additional security check for cross-chain message passing, involving the Committing DON and the Risk Management Network both produce the same root, a step not present in LayerZero.
- 🀄️Committing DON and the Risk Management Network in CCIP are written in different languages, introducing client diversity as a key advantage that further reduces collusion and contamination risks.
I hope you enjoy this appetizer 🫒! A detailed analysis is forthcoming 🥘, stay tuned :)