Vaults

When a DepositTx is verified on Ordinox, it indicates that a user has successfully deposited an asset into a vault controlled by the Ordinox Network. This process is crucial for the security and functionality of the network. Let's delve into what a vault is and how it is secured.

Understanding Ordinox Vaults

A vault on Ordinox is essentially a public key without a corresponding single private key. It is created using a method called the "TSS keygen ceremony" every 20,000 blocks on Ordinox, involving all the validators of the network. For a vault to be compromised, over 2/3 (a supermajority) of the network would need to be dishonest or malicious. Each additional validator increases the difficulty of penetrating the vaults, enhancing the overall security.

Key Features Securing Ordinox Vaults

1. Decentralized Signing via a Wide Network of Validators and TSS:

   • The vaults are secured through a decentralized network of validators using the GG20 Threshold Signature Scheme (TSS). This decentralized approach ensures that no single point of failure exists within the network, making it significantly harder for malicious actors to compromise the system.
   • Validators work collectively to sign transactions, ensuring that the process remains transparent and secure. The TSS protocol allows multiple validators to participate in the signing process without exposing their individual private keys.

2. Vault Rotation and Changing of Public Keys:

   • To further enhance security, Ordinox implements a mechanism of vault rotation. Every 20,000 blocks, a new vault is generated through a TSS keygen ceremony. This frequent rotation of vaults and public keys ensures that even if a potential vulnerability is identified, it is quickly mitigated by transitioning to a new, secure vault.
   • The rotation process involves all network validators, maintaining the integrity and decentralization of the system. This continuous updating of vaults reduces the risk of long-term exposure to potential threats.

3. Key Sign Blames and Slashing of Stake:

   • Ordinox employs a rigorous accountability mechanism for validators through key sign blames and slashing of stake. If a validator behaves maliciously or fails to perform their duties, they can be identified and penalized.
   • Key sign blames involve identifying validators who fail to correctly participate in the TSS signing process. These validators are then subject to penalties, including slashing of their staked assets. This mechanism ensures that validators remain incentivized to act in the best interest of the network.
   • The slashing policy serves as a deterrent against malicious behavior, reinforcing the security and reliability of the vaults.

Additional Security Measures

4. Multisignature Scheme:

   • The TSS protocol operates similarly to a multisignature scheme, where multiple validators must approve a transaction before it is executed. This collective approval process ensures that no single validator can unilaterally make decisions, further enhancing security.
   • The multisignature approach distributes the responsibility across the network, making it resilient against attacks aimed at individual validators.

5. Continuous Monitoring and Auditing:

   • Ordinox employs continuous monitoring and auditing of the network to detect and respond to any suspicious activities promptly. This proactive approach ensures that potential threats are identified and addressed before they can impact the system.
   • Regular audits and security assessments are conducted to ensure that the network adheres to the highest security standards. This ongoing vigilance is crucial for maintaining the integrity and trustworthiness of the vaults.

6. Economic Incentives and Penalties:

   • Validators are economically incentivized to maintain the security and stability of the network. By staking their assets, validators have a vested interest in ensuring the network's integrity, as their financial wellbeing is directly tied to the network's success.
   • Penalties for malicious behavior, such as slashing, serve as a strong deterrent against actions that could compromise the security of the vaults. These economic incentives and penalties work together to promote a secure and reliable environment for all users.