Nubit aims to fully inherit the security of Bitcoin, including economic security, temper resistance, and censorship resistance.

It achieves this through the implementation of Bitcoin’s native staking and Bitcoin anchoring methods:

Bitcoin Staking

The Bitcoin staking approach enables Bitcoin owners to participate in Proof of Stake (PoS) blockchains directly, bypassing the need for third-party services for custody, bridges, or token wrapping. This method offers strong economic security measures that are enforceable within PoS networks while allowing for the quick release of staked assets to improve liquidity for those staking their Bitcoin.

Using the Babylon Bitcoin staking, Nubit incorporates extractable one-time signatures (EOTS). This technology ensures accountability, with the premise that duplicating signatures for different blocks at the same level leads to the disclosure of the secret key. In conditions where stakers act in good faith, they receive earnings from block rewards and transaction fees.

Bitcoin Anchoring

For PoS networks, the period required to unbond staked assets is typically extended to guard against long-range attacks, which entail minimal costs for attackers who wish to create alternative chain forks post-unbonding. To mitigate these attacks while facilitating fast unbonding, Nubit has checkpoints in its blockchain. These checkpoints invalidate any forks that originate before them. This security measure, known as Bitcoin anchoring and pioneered by Babylon, records both block hashes and the votes of the staking set on the Bitcoin blockchain.

Through Bitcoin anchoring, Nubit drastically reduces the withdrawal timeframe to less than four hours from weeks. Additionally, These checkpoints provide an extra layer of security guarantee, s.t. the integrity of data stored in a full storage node can be determined based on these checkpoints. Even in the event of a complete Nubit network collapse, nodes can still perform data restoration using full nodes and checkpoints submitted on Bitcoin.

However, to reach a level of resistance to censorship comparable to Bitcoin’s, a better consensus algorithm is needed to enable a larger validator set. Nubit explores an efficient CometBFT-based consensus, named NubitBFT, powered by SNARK for signature aggregation:

SNARK-based Signature Aggregation

Consequently, the communication overhead for reaching a consensus decision escalates to $O(𝑛^2)$within the network. With a scenario of over 200,000 nodes, it becomes impractical for each node to collect votes from all others without significant enhancements to the consensus protocol. Signature aggregation techniques merge multiple signatures into one, which is crucial for reducing communication and verification demands in systems with many validators. The BLS signature scheme is a well-known method that facilitates easy aggregation of signatures.

While combining signatures is straightforward in the BLS framework, identifying which validators have signed requires an additional mechanism, such as bitfields, which Ethereum employs. These bitfields serve as a checklist, indicating which validators have participated in signing. In this binary system, a ’1’ at a specific position suggests that the validator corresponding to that position has signed. These bitfields are always paired with their proofs, enabling a receiver to authenticate the proof and confirm that the bitfield represents a sequence of legitimate signatures and their combinations.

Although aggregating signatures is simple, merging two bit- fields into one can be complex, and the verifier needs to be aware of the number of aggregations a signature has undergone. Recursive SNARKs offer a solution by allowing for the verification and aggregation of signatures through a straightforward approach. Each validator combines the SNARKs from neighboring validators and shares the updated SNARK, enabling rapid dissemination of signa- ture shares across the network via the gossip protocol. This requires only $O(logN)$rounds of broadcasting for the voting process to be completed. Furthermore, using SNARK-based aggregation minimizes message sizes and communication costs.

For further understanding of technique details in signature aggregation, please refer to the orange paper, page 5.

As the validator set and block size grow, it will be inefficient for every node to download entire blocks to ensure data availability. Therefore, Nubit also integrates Data Availability Sampling (DAS) to scale the network with full storage nodes and light clients. We will introduce this set of techniques in the next section.