Afterwards other users can either challenge the proof, btc ask the verifier to request higher certainty, provide another competing proof or wait for crypto a proof to be accepted. The only drawback of strong protocols is that they are expensive in terms of execution resources (gas), and this cost must be somehow shared between the users of the protocol. Gradual protocols start with an assertion, after which the verifying contract performs some form of probabilistic checking to get an initial degree of certainty. The last unchallenged proof will be chosen as the best chain. Additional proofs can follow, until one of the provers gives up, having no more cumulative proof of work to show. When a first proof is challenged by second competing proof, the first prover has the opportunity to prove more cumulative proof-of-work to win the race to become the best chain. A middle ground between them are gradual protocols .

Because Chain A has always possessed a locked copy of each token, its value remains consistent with the Chain A market price. This "lock-and-mint" and "burn-and-release" procedure ensures that the quantity and cost of tokens transferred between the two chains remain constant. The owner of the minted tokens can redeem them at any time; they can burn (or destroy) them from Chain B and unlock (or release) them on Chain A.

If the statement is unchallenged for a certain fixed period, then the statement is assumed to be true. There are two extremes in smart-contract protocols that need to verify external inputs. They operate under the "assert-challenge" design pattern. On one side, there are "lazy" or "optimistic" protocols whose security entirely depends on the availability and censorship resistance of the on-chain layer. On the other extreme, some "strong" protocols verify every external assertion, and there is no need for challenges, in some cases they use strong Proofs of Computation Integrity, such as zk-SNARKs. Lazy protocols have the downside that they incentivize transaction censorship and miner collusion. In optimistic protocols, a prover asserts a statement, and the smart contract layer waits for a challenge to the assertion, by means of a fraud-proof. It's considered lazy because the smart contract does not perform any verification itself. Lazy protocols could be proven cryptoeconomically safe if we could estimate the cost of a transaction censorship attack. But this is a daunting task, as censorship is cheap to perform but difficult to prove, and generally impossible to attribute to a specific miner. This model was adopted by TrueBit and lately by Arbitrum. Miners put their reputation at stake, but that is difficult to value for an external observer.

The user must first transmit their tokens to an output address. Let’s say a user wants to transact tokens from the parent chain. After the waiting period, the corresponding number of coins is released on the sidechain, where the user may access and spend the coins. The tokens are temporarily locked and unavailable for btc spending. When transacting from a sidechain to the main chain, the process is reversed. Once the transaction is complete, a confirmation is sent across the chains, followed by a waiting period for further security.

However, a federated bridge has downsides: it still relies on a small set of entities that need to keep the HSMs alive and well connected to the network, and still relies on the honesty of the companies that manufacture the HSMs not to introduce covert channels, biased random number generators or backdoors. The RSK-Bitcoin bridge was never hacked and has a record 100% uptime . A truly secure decentralized bridge between two blockchain must rely on each blockchain verifying the consensus of the other in a succinct way. In a new world of decentralized protocols, federated bridges should only exist until better decentralized systems are built to replace them. The HSMs evolved over time, and the new generation of RSK HSMs synchronize with the best chain by verifying the chain proof-of-work. The result is that not even the majority of federation functionaries can cheat or censor peg transactions. The RSK-Bitcoin bridge uses autonomous Hardware Security Modules (HSM) to protect the private keys of a large multi-sig .

