Powpeg is a proof-of-work secured, two-way peg used by Rootstock to evaluate Bitcoin consensus rules and allow users to convert BTC to RBTC and vice versa.
A true Bitcoin sidechain
Powpeg revolutionizes the concept of Bitcoin pegs by introducing a groundbreaking level of security. As the first Bitcoin peg to leverage Bitcoin’s proof-of-work, Powpeg ensures unmatched security guarantees. Rootstock’s Powpeg takes the protection of private keys to the next level by utilizing specialized hardware security devices called PowHSMs. These PowHSMs incorporate tamper-proof secure elements, offering enhanced resistance against any malicious attempts.
Each PowHSM operates an RSK node in SPV (Simplified Payment Verification) mode, ensuring that signatures can only be authorized through cumulative proof of work. Moreover, the PowHSMs support attestation, allowing for the verification of the firmware running on the hardware. This attestation is achieved through a signed message from the device, providing undeniable proof that the PowPeg keys are stored within genuine hardware devices running a publicly recognized firmware version.
To delve deeper into the workings of the Rootstock PowPeg and gain a comprehensive understanding, please refer to the following resource: Rootstock PowPeg Architecture.
The most secure, permissionless, and uncensorable Bitcoin peg
Powpeg provides maximum security and decentralization for Rootstock through defence in depth – a powerful multi layered design that ensures no single entity or group has the power to control peg-in or peg-out transactions.
There are already 9 high-profile organizations providing support to Rootstock 's Powpeg.
Committed to making Powpeg better, faster, stronger
The Rootstock community is developing additional technologies to further improve and decentralize the peg, including the addition of HSM attestation, reduced peg-in and peg-out times, cross-blockchain contract calls, and safety systems such as a time-locked emergency federation.
Powpeg HSM firmware attestation
Emergency Time-locked Multisig
The PowPeg members do not have control over the locked bitcoins. However, in the event the majority of pegnatories decide or are forced to turn off their PowHSM devices, the bitcoins can become permanently locked. This lack of access can potentially impact the system’s functionality, which is a concern.
Moreover, in the unlikely event that all PowHSM devices experience simultaneous hardware or firmware issues, the funds within the peg face the risk of becoming permanently inaccessible. This situation would leave no means for recovery.
To address these risks, the Rootstock Powpeg has implemented a time-locked emergency multi-signature as a fallback mechanism. This valuable feature was introduced as part of the Iris network upgrade and offers a reliable solution in the face of simultaneous PowHSM failures.
The time-locked emergency multi-signature operates on a 3-out-of-4 multisig scheme. It allows for the recovery and use of locked funds but only after one year of complete inactivity of the UTXOs. By requiring the cooperation of at least three designated parties, this mechanism adds an extra layer of security and resilience to the system.
For a more detailed understanding of this feature, you can find comprehensive information in the RSK Improvement Proposals (RSKIPs) related to this topic. We encourage readers to refer to RSKIP-201 and RSKIP-225 for a deeper insight into the technical implementation and considerations.
Emergency Multisig Signatories
Following the requirements established in RSKIP225-Emergency Multisig public keys, the signatories for the emergency multi-signature are listed below: