US 11,985,262 B2
Secure and trustworthy bridge for transferring assets across different networks
Michael Edmond Kaplan, Brooklyn, NY (US); Conor Leary, Denver, CO (US); Nicholas Mussallem, San Rafael, CA (US); Emin Gun Sirer, New York, NY (US); and Bernard Wong, Waterloo (CA)
Assigned to Ava Labs, Inc., New York, NY (US)
Filed by Ava Labs, Inc., New York, NY (US)
Filed on Sep. 30, 2022, as Appl. No. 17/957,389.
Application 17/957,389 is a continuation of application No. 17/727,561, filed on Apr. 22, 2022, granted, now 11,496,327.
Claims priority of provisional application 63/219,329, filed on Jul. 7, 2021.
Prior Publication US 2023/0026873 A1, Jan. 26, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/00 (2022.01); G06Q 20/36 (2012.01); G06Q 20/38 (2012.01); H04L 9/30 (2006.01); H04L 67/1097 (2022.01)
CPC H04L 9/50 (2022.05) [G06Q 20/3674 (2013.01); G06Q 20/3825 (2013.01); G06Q 20/3829 (2013.01); H04L 9/30 (2013.01); H04L 67/1097 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A system to bridge assets between blockchain networks, the system comprising:
a secure module configured to:
provide a trusted computing environment within which processing of programs is secure from observation and manipulation by other operations outside of the secure module;
load a bridge program from memory outside the secure module into secure memory within the secure module; and
execute the bridge program within the secure module such that the executing bridge program is secure from observation and manipulation by other operations outside of the secure module, the bridge program comprising instructions that, when executed by the secure module in a particular configuration, cause the secure module to perform operations comprising:
accessing a first blockchain network that records transactions of first assets;
accessing a second blockchain network that records transaction of a second asset;
locking some of the first assets of the first blockchain network and correspondingly minting some of the second assets of the second blockchain network; and
unlocking the locked first assets of the first blockchain network in response to removal of the minted second assets of the second blockchain network; and
remote warden systems that are each configured to maintain a secret share of secret data for the bridge program to lock the first assets and to mint second assets, wherein the secret shares maintained by each of the remote warden systems are configured to be used in combination to regenerate a private key;
wherein each of the remote warden systems are further configured to:
store a portion of a pool of shared secrets that, collectively, are capable of being used to instantiate a new instance of the bridge program,
responsive to a determination that a first instance of the bridge program fails, to provide the portion of the pool of shared secrets to a second instance of the bridge program upon instantiation; and
provide the portion of the pool of shared secrets to the second instance of the bridge program in response to the second instance of the bridge program being validated using an attestation operation by the remote warden systems.