Asset Withdrawal

Learn how Syndicate's novel TEE-zkVM withdrawal system enables permissionless, non-interactive bridging between appchains and their settlement chains—eliminating challenge periods while maintaining cryptographic security

Interoperability is critical for appchains to maximize reach, utility, and user experience. Syndicate's TEE-zkVM withdrawal system eliminates the traditional trade-off between speed and security in cross-chain bridging. By replacing legacy challenge-based fraud proofs with permissionless, non-interactive verification, our architecture delivers instant finality with cryptographic guarantees—combining the speed of fast bridges with the security of native bridges, without the operational overhead of either.

Design Rationale

Our customized sequencing layer changes how transactions are processed, ordered, and derived, which created two options:

  1. Fork Arbitrum Orbit and customize its fraud proof system (violates our no-fork principle, delays updates, and requires custom work for every rollup framework)
  2. Build a generalizable solution that works with any rollup framework (no forks, no custom fraud proofs)

We chose the generalizable solution.

Technical Architecture

Core Components:

  • TEE (AWS Nitro): Provides a secure computation environment. Can be run by anyone, not just our team. (Note: AWS Nitro TEE, not to be confused with Arbitrum Nitro)
  • zkVM (Succinct SP1): Verifies TEE attestations on-chain, confirming the TEE is genuinely running and preventing spoofing.

Future Architecture:

  • Multi-TEE across different cloud providers
  • Multi-zkVM system with multiple providers
  • Requires sign-off from multiple parties
  • Includes challenge mechanisms when systems disagree

Withdrawal Process Flow

  1. Request Reception: System receives withdrawal request
  2. Validation & Sign-off:
    • Confirms all state transitions in the withdrawal request are valid
    • Verifies withdrawal request is committed as a state root in a reorg-resistant manner to the settlement chain
    • Performs standard checks: user balance verification, state validity, state currency
  3. TEE Signing: If validated, TEE signs off using its internal key
  4. Key Validation: The TEE's key is considered valid because the ZKVM attestation has validated it
  5. Bridge Integration: Hooks into Arbitrum's native bridge via their fast withdrawal mechanism (using the Data Availability Committee interface, but with our withdrawal system providing sign-offs instead of a DA layer). No modifications to the Arbitrum bridge itself.

Key Benefits

  • Framework Agnostic: Works with any rollup framework without customization
  • No Fork Maintenance: Customers can immediately incorporate Arbitrum Orbit updates
  • Native Bridge Security: No custom bridge to hold the funds. Funds are held in Arbitrum's bridge and existing functionality is used to enable withdrawals
  • Escalating Security: Fast withdrawals with challenge mechanisms for disputed cases
  • Decentralized Operation: TEEs can be run by anyone, not just the core team
  • Multi-Provider Redundancy: Future multi-TEE/multi-zkVM architecture prevents single points of failure

Current Status

  • Withdrawal system is currently under development
  • Starting with one TEE and one zkVM implementation
  • Additional providers will be added progressively

Note: This is a new system under development. Architecture is stable, but details may evolve. For questions or feedback, contact the Syndicate team.

On this page