Security Model
GOAT Network combines Bitcoin-backed settlement, BitVM2 dispute resolution, decentralized sequencing, and cryptoeconomic penalties to secure deposits, withdrawals, and L2 state commitments. The key distinction is that fast L2 confirmation improves user experience, while Bitcoin finality remains the long-term security anchor.
Bridge Economics and Security Guarantees
| Guarantee | Enforced by |
|---|---|
| Liveness | At least one active operator continues serving valid bridge flows. |
| Validity | At least one honest challenger can dispute an invalid claim. |
| Bitcoin settlement integrity | Watchtowers and Bitcoin confirmation rules protect the public inputs used by bridge claims. |
Consensus and L2 Properties
| Property | Summary |
|---|---|
| Fast confirmation | Sequencers provide low-latency feedback before Bitcoin finality. |
| Settlement finality | Final confirmation is anchored to Bitcoin. |
| Economic accountability | Collateral and slashing discourage dishonest behavior. |
| Permissionless challenge path | Incorrect claims can be disputed instead of silently accepted. |
Fast GOAT Network confirmation and Bitcoin finality are not the same thing. Sequencers provide quick feedback first, while Bitcoin-backed publication and challengeability provide the final security boundary.
Example: Defending Against Invalid Reimbursement
Operator submits a reimbursement claim
The claim references a GOAT Network state commitment and Bitcoin-side evidence.
Watchtowers validate public inputs
Watchtowers confirm the Bitcoin chain view and state commitment are correct.
Challengers verify the claim
A challenger recomputes the expected result offchain.
Dispute the bad claim
If the claim is wrong, the challenger initiates the dispute path and forces the faulty step to be proven.
Slash dishonest behavior
A malicious operator loses collateral, making the attack economically irrational.
Threat Scenarios
| Scenario | Mitigation |
|---|---|
| Operator uses incorrect GOAT Network state | Watchtower monitoring and dispute paths force the canonical state to be used. |
| Operator attempts fraudulent reimbursement | Challengers isolate the invalid step and trigger slashing. |
| Bitcoin reorg affects bridge evidence | Finality rules and confirmation thresholds reduce reorg risk before final acceptance. |
| Participant inactivity during challenge window | Timelocks and slash conditions penalize non-response when a response is required. |
Cryptographic Building Blocks
Signature schemes
| Primitive | Role |
|---|---|
| Bitcoin signatures | Control BTC spending paths and transaction graph branches. |
| EVM signatures | Manage collateral, L2 actions, and wallet-level authorization. |
Hash and proof primitives
| Primitive | Role |
|---|---|
| Bitcoin block commitments | Anchor public inputs and transaction inclusion. |
| SNARK-based proofs | Compress offchain computation into verifiable claims. |
| Garbled circuits and DV-SNARKs | Reduce the Bitcoin footprint of proof verification in the GOAT Network bridge design. |
Ziren in the Security Model
Ziren is the zkVM layer in the GOAT Network proof pipeline. It supports proof generation for the execution stack, but it does not replace Bitcoin publication, challenge windows, or BitVM-style dispute resolution.
Ziren supports the GOAT Network proof pipeline, while bridge security still depends on Bitcoin publication and BitVM-style dispute resolution.
What the Model Does Not Assume
- GOAT Network does not assume an honest majority in a multisig bridge.
- GOAT Network does not assume an operator can be trusted without challengeability.
- GOAT Network does not treat fast L2 confirmation as the same thing as Bitcoin finality.