Staking
Security
Company news
go back

Introducing the Secure Staking Alliance

A new cross-industry partnership making (re)staking more secure

November 9, 2023
tags
Staking
Security
Company news
Today, Cubist is excited to announce the Secure Staking Alliance (the SSA), a new cross-industry partnership with the mission of making staking—from traditional staging to liquid staking and restaking—more secure. The Secure Staking Alliance was founded by Cubist, along with leading web3 teams across different domains, including:<br> <br> - **Restaking protocols:** <a href="https://babylonchain.io/" target="_blank">Babylon</a> and <a href="https://www.eigenlayer.xyz/" target="_blank">EigenLayer</a><br> - **Liquid staking protocols:** <a href="https://redacted.finance/" target="_blank">Redacted</a> and <a href="https://www.swellnetwork.io/" target="_blank">Swell</a><br> - **L2 and interoperability protocols:** <a href="https://altlayer.io/" target="_blank">AltLayer</a>, <a href="https://www.espressosys.com/" target="_blank">Espresso</a>, <a href="https://polyhedra.network/" target="_blank">Polyhedra</a>, and <a href="https://witnesschain.com/" target="_blank">Witness Chain</a><br> - **Infrastructure:** <a href="https://www.allnodes.com/" target="_blank">Allnodes</a>, <a href="https://www.ankr.com/" target="_blank">Ankr</a>, <a href="https://www.bridgetowercapital.com/" target="_blank">BridgeTower</a>, and <a href="https://everstake.one/" target="_blank">Everstake</a><br> - **Security:** <a href="https://www.certora.com/" target="_blank">Certora</a>, <a href="https://cubist.dev/" target="_blank">Cubist</a>, and <a href="https://veridise.com/" target="_blank">Veridise</a><br> - **Insurance:** <a href="https://www.evertas.com/" target="_blank">Evertas</a> and <a href="https://metarisk.com/home" target="_blank">MetaRisk</a><br> <br> The SSA is coming together to establish the foundations and frameworks that will help web3 protocols, developers, and node operators design, build, and run secure (re)staking validator infrastructure. We envision a world where _anyone_ can (re)stake capital and run validators **securely, by design**. Secure (re)staking infrastructure is key to the security of the web3 ecosystem. It's key to the ecosystem's evolution. And it's key to unlocking the innovation promised by web3.<br> <br> ## Why now?<br> <br> The Ethereum Shapella upgrade in April 2023 led to significant growth in staking activity on both Ethereum and other proof-of-stake chains. This is only the start. New liquid staking protocols (e.g., Ankr, Swell, Redacted), upcoming restaking protocols (e.g., EigenLayer and Babylon), and L2s and interoperability protocols (e.g., Polyhedra, AltLayer, Espresso, Witness Chain) are not only making it easy for people to stake their capital; they're also enabling new applications that weren't previously possible (e.g., spinning up new chains without huge capital investments).<br> <br> Unfortunately, running secure, highly available, reliable staking infrastructure <a href="https://cubist.dev/blog/your-validator-can-get-slashed-even-if-you-do-everything-by-the-book" target="blank">is still hard</a>. Even experienced teams have gotten slashed because of bugs in validator client software and operational mistakes. And even well-established protocols have been susceptible to attacks like front-running.<br> <br> We've built a <a href="https://cubist.dev/cubesigner-hardware-backed-remote-signing-for-validator-infrastructure" target="_blank">secure key manager for validators</a> to precisely address such challenges. But the challenges teams face go beyond key management! This is why we are excited to join forces with other leading teams to reduce the risk of (re)staking and unlock the innovative possibilities inherent in both traditional and new protocols—protocols we can't even imagine.<br> <br> ## What's the end goal? <br> <br> We are collaborating on technical standards and best practices that will help teams design, build, and run secure staking infrastructure. For example, we are writing specifications that will guide new protocols towards design points that consider "anti-slashers" from the start, making it possible to run secure validators (i.e., validators that won't get slashed) even in the presence of bugs and human errors. We are similarly collaborating on codifying best practices on how to implement secure restaking and liquid-staking protocols, how to safeguard validator keys, and how to safely upgrade validator software without downtime or slashing risk.<br> <br> Staking is one of the most exciting corners of the digital asset market, and a significant catalyst for mainstream adoption. To realize the limitless potential of staking, it is imperative that we develop a carefully constructed, comprehensive framework that lays the foundation for protocols and operators to implement the highest-performing, most secure staking infrastructure possible and protects the security of investors. We are excited to work with some of the most innovative and exciting teams in the digital asset ecosystem to make staking easier, safer, and more accessible to all.<br> <br> ## What's next?<br> <br> The Secure Staking Alliance will collaborate to produce technical documents that will complement, and contribute to, existing work (e.g., <a href="https://eips.ethereum.org/" target="_blank">EIPs</a>) and include:<br> <br> - **Protocol standards and implementation foundations.** For example, we are collaborating on standards that define classes of protocols and slashing conditions that can be objectively checked on-chain (to slash malicious validators) and off-chain (to prevent an honest validator from accidentally signing slashable messages). These standards will guide the design of new protocols towards design points that make the secure implementations of clients not only feasible but also simple.<br> <br> - **Best practices and operational guidelines.** For example, we are collaborating on engineering documents that describe how to run highly-available validators while minimizing slashing risk, how to manage validator keys, how to implement anti-slashers, and how to implement secure restaking and liquid-staking protocols on different chains.<br> <br> - **Informational documents.** These documents serve to complement the standards and best practices. For example, documents on threat modeling, the design and implementation of different validator clients, attack analysis, experience reports on incorporating our guidelines, and retrospectives can be useful standalone and can inform new standards, guidelines, and best practices.<br> <br> The alliance will also establish private communication channels between the different members to share threat intelligence and vulnerability reports. This will help us as a group stay ahead of attacks and respond to larger scale attacks than would otherwise be possible alone.<br> <br> ## How can you learn more? <br> <br> Organizations that share our values are encouraged to join the alliance, contribute to the SSA's mission, and incorporate the standards and best practices into their products and projects. Learn more at <a href="https://securestakingalliance.org" target="_blank">securestakingalliance.org</a>.<br>

Read more

Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

We look forward to Cap-3 in December, when BTC holders will be able to deposit their BTC to Lombard for staking on Babylon and receive LBTC natively minted on Sui.

November 25, 2024
A step towards smart contracts on Bitcoin

A step towards smart contracts on Bitcoin

Hardware-enshrined smart contracts, which we developed using our CubeSigner key management platform, allow Bitcoin protocols to encode complex operational logic and maintain decentralized governance much like a traditional smart contract on Ethereum.

November 18, 2024
Introducing the Bascule Drawbridge for Bitcoin bridge security

Introducing the Bascule Drawbridge for Bitcoin bridge security

Bascule is a new Bitcoin bridge security system built on top of the CubeSigner key management platform to prevent cross-chain hacks in real-time.

October 23, 2024