Skip to content
Back to Blog
Ecosystem Updates

RSK PowHSM is Now Open Source

Read Time: 2 mins
RSK PowHSM is Now Open Source

TL; DR. RSK’s PowHSM firmware has been open-sourced and is available at the following GitHub repo:  https://github.com/rsksmart/rsk-powhsm

Since the RSK network launched in early 2018, the RSK’s 2-way peg protocol has evolved from a federated model to what we call a PowPeg. One of the most distinctive characteristics of the PowPeg is the introduction of special purpose hardware devices, called PowHSMs, to protect private keys. 

The goal of the PowHSMs is to remove any human control of the private keys comprising the federation multi-sig holding the Bitcoins locked in the RSK’s 2-way peg. The members of the PowPeg -the Pegnatories- can no longer manually sign a transaction, extract the private keys, or back them up, even in an encrypted form, as was possible before. Additionally, the PowHSMs follow a subset of Rootstock’s chain consensus rules, often referred to as SPV validation, and therefore signatures can only be commanded by cumulative proof of work. 

Today, we are happy to announce that the PowHSM firmware has been open-sourced and is available under the MIT License at the following GitHub repo:  https://github.com/rsksmart/rsk-powhsm. This is a significant milestone that continues to align the RSK ecosystem with Bitcoin’s values of transparency and decentralization. 

PowHSM Security Assessment and Security Bounty Program

Together with the open sourcing of the PowHSM code, a security assessment report prepared by NCC Group is now available at https://research.nccgroup.com/2022/10/05/public-report-iov-labs-powhsm-security-assessment/. The assessment uncovered some low severity findings that have already been addressed, as described in the report.

Additionally, the PowHSM is now part of IOVlabs’ security bounty program scope. This program rewards security experts and software developers who dedicate time and effort to improving and protecting the RSK platform.

The process used during the development of the PowHSM follows the RSK core developers’ security-first approach to software development, where releases are multi-party signed and deterministically built, as described in the PowHSM repo releases page

Looking Forward

Having the PowHSM firmware open source is a step forward in decentralization and constitutes a critical step to support firmware public attestation: a message signed by the device that proves the firmware running on the hardware corresponds to a specific binary. This way, anyone can certify that the PowPeg keys are stored in authentic hardware devices that run a publicly known version of the firmware.

Releasing a PowPeg firmware attestation to the general public is our next significant milestone and the top priority now. 

Summary

The RSK 2-Way peg has been steadily maturing since 2018. With the open sourcing of the PowHSM firmware code, the RSK platform is improving security and decentralization. We encourage the whole RSK community to review the PowHSM code and provide feedback.

Recommended articles

Introducing the New rBTC Visual

Introducing the New rBTC Visual

In 2022, the Rootstock community voted to adopt a new visual identity for the Rootstock ecosystem, establishing a more modern and unified brand system across the network.  Today, we’re unveiling an updated logo for rBTC designed to align more closely with the Rootstock ecosystem identity and reflect its role in extending Bitcoin into smart contracts, […]

Ecosystem Updates
Vetiver 9.0.3: Patch Release

Vetiver 9.0.3: Patch Release

This patch release fixes the issue reported in #3543 affecting the JSON-RPC API methods trace_transaction and trace_block. It also includes code readability improvements, minor bug fixes, and enhanced logging. Although this is not a mandatory release, nodes that rely on these tracing methods should be updated to this version to avoid potential issues. The latest […]

Ecosystem Updates
Vetiver 9.0.2: Patch Release

Vetiver 9.0.2: Patch Release

This patch release fixes an issue reported by users after upgrading to Vetiver 9.0.0, which prevents some Testnet nodes from successfully completing a full blockchain synchronization, especially after a node restart. It also introduces minor performance and security improvements. Although this is not a mandatory release, Testnet nodes should be updated to this version to […]

Ecosystem Updates