Cubiq Logo

Security

Security at Cubiq Network

Security is paramount at Cubiq Network. We employ a multi-layered approach to protect the integrity, confidentiality, and availability of our network and your assets.

Our Security Philosophy

We believe in security by design, integrating robust cryptographic primitives and decentralized principles into every layer of the Cubiq protocol.

Overview

Cubiq Network's security model is built on the foundation of zero-knowledge proofs, ensuring that all off-chain computations are verifiable without revealing underlying data. This, combined with a robust consensus mechanism and secure infrastructure, creates a highly resilient and trustworthy environment.

Key pillars of our security include:

  • Zero-Knowledge Proofs: Cryptographic verification of computation.
  • Decentralized Consensus: Resilient against single points of failure.
  • Secure Infrastructure: Protection of prover networks and data.
  • Continuous Auditing: Regular security assessments and bug bounty programs.

Cryptographic Security

At the heart of Cubiq's security are advanced cryptographic techniques:

Zero-Knowledge Proofs (ZKPs)

  • Plonky3: Our primary ZKP system for efficient and recursive proof generation.
  • Proof Verification: Mobile Qubes verify proofs locally using optimized WASM verifiers.
  • Data Integrity: Ensures that off-chain computations are executed correctly and honestly.

Digital Signatures

  • Transaction Signing: All transactions are cryptographically signed by users.
  • Prover Signatures: zkURL proofs are signed by registered provers, ensuring authenticity.
  • Validator Signatures: Qube validators sign blocks to confirm their validity.
Proof Integrity

Ensuring that every computation is verifiable and tamper-proof through ZKPs.

Data Confidentiality

Protecting sensitive information by proving knowledge without revealing the data itself.

Network Security

The Cubiq Network is designed to be resilient against various network attacks:

Consensus Mechanism (DPoS)

  • Delegated Proof of Stake: Ensures network security through staked QUBE tokens.
  • Slashing: Malicious validator behavior is penalized by slashing staked tokens.
  • BFT-style Finality: Provides strong guarantees against forks and double-spending.

P2P Networking

  • Gossip Protocol: Efficient and resilient block propagation across mobile nodes.
  • Encrypted Communications: All peer-to-peer communications are encrypted.
  • Sybil Resistance: Mechanisms to prevent malicious actors from overwhelming the network.

Cloud Prover Network Security

  • Isolated Environments: Provers operate in secure, isolated cloud environments.
  • Access Controls: Strict access policies and authentication for prover infrastructure.
  • Monitoring & Alerting: Continuous monitoring for suspicious activities and anomalies.

Smart Contract Security

While Cubiq's zkEVM provides a secure execution environment, smart contract security remains crucial:

  • EVM Compatibility: Supports Solidity, allowing developers to leverage existing security best practices.
  • ZK-Optimized Opcodes: Focus on opcodes that are efficiently provable, reducing complexity and potential attack surface.
  • Auditing: We encourage and support independent security audits of smart contracts deployed on Cubiq.
  • Developer Tools: Provide tools and guidelines for writing secure and efficient smart contracts.

Audits & Bug Bounty

We are committed to continuous security improvement through external validation:

Security Audits

  • Regular Audits: Our protocol and core components undergo regular security audits by leading blockchain security firms.
  • Transparency: Audit reports will be publicly available for review.

Bug Bounty Program

We operate a bug bounty program to incentivize security researchers to identify and report vulnerabilities. Details of the program, including scope and rewards, will be published on our official channels.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly through our bug bounty program or contact us directly.

User Best Practices

While we implement robust security measures, user vigilance is also critical:

  • Secure Your Devices: Keep your mobile devices and operating systems updated.
  • Strong Passwords/Keys: Use strong, unique passwords and secure your private keys.
  • Phishing Awareness: Be wary of suspicious emails, links, or messages.
  • Verify Information: Always verify information from official Cubiq channels.
  • Software Updates: Keep your Cubiq Qube client and SDKs updated to the latest versions.
Community Security

Join our community to stay informed about security updates and best practices.