Security First
Last updated
Last updated
The TOKI bridge app leverages TOKI's Core Messaging, incorporating light client verification built with multi-provers that combine TEE and ZKP, called LCP, in the IBC. This integration of LCP and IBC elevates security to another level, ensuring the protection of funds while minimizing costs and latency.
There are two primary approaches to verifying the state transition on the source chain: full-node verification and light-client verification.
Full-node verification: Most current bridges adopt this method due to its technical simplicity. However, it incurs high maintenance costs and suffers from limited decentralization and scalability, leading to higher security risk overall and centralization.
Light client verification: This approach is significantly lighter than full nodes, enabling direct integration into the code. It eliminates the need for intermediate validator sets or chains, enhancing scalability, decentralization, and security.
Other traditional interoperability protocols prioritize market adoption over security and decentralization, opting for the full-node approach. In contrast, we employ light-client verification as a foundational strategy for long-term sustainability.
The multi-provers are beneficial for running light client verification more efficiently without sacrificing its properties. We call this multi-prover component LCP, Light Client Proxy.
TEE Prover: As the primary prover, this system handles verification and generates proofs with exceptional efficiency and ultra-low latency, leveraging its hardware-based tamper-proof design
ZK Prover: This resolves disputes among TEE provers and is currently used for specific cases, such as high-value transfers.
As the ZK Prover matures and potential vulnerabilities are addressed, the Prover priority will gradually shift over time.
We employ IBC as our primary messaging standard, which by default embeds a light client verification standard. IBC is also a truly comprehensive and open messaging standard unlike any other.
The most comprehensive: The IBC standard only enables truly permissionless connections and any general transactions, including asynchronous ones. Learn more here.
No vendor lock-in: IBC is the only open protocol without ties to business models, tokens, or business interests, ensuring complete freedom and flexibility, much like today’s TCP/IP.
The most proven track record: With $2.9 billion in monthly transaction volume, zero exploits, and a vast developer community contributing, IBC truly stands out.
These features create a powerful flywheel effect, spreading IBC everywhere.
Moreover, history shows that non-open standards tied to specific entities, business models, tokens, or IPs — like those from the protocol wars of the 1970s and 1980s — do not survive in the long run. For further information, please refer to Security In-Depth.