Detailed Analysis of Bitcoin DA Adapter Solutions Chainway and Kasar Labs: Does Bitcoin Need ZK Rollup?

Original Title: ZK ROLLUPS ARE COMING TO BITCOIN. HERE'S ALL YOU NEED TO KNOW

Original Author: Namcios, Bitcoin Magazine

Translation: Deep Tide TechFlow

Bitcoin is about to welcome Zero-Knowledge (ZK) Rollups. Recently, two different projects have made this development a reality, which not only helps Bitcoin achieve greater scalability but also provides additional privacy assurances for users who choose to use it.

Chainway announced last week that it has open-sourced its Data Availability (DA) adapter, a technology that allows developers to leverage Bitcoin's security and finality to develop Rollups using the Sovereign Software Development Kit (SDK). Sovereign provides bundled services for developers to build different types of Rollups, and Chainway's release aims to realize the first ZK Rollup on Bitcoin.

Kasar Labs, in collaboration with Taproot Wizards, coincidentally released a DA adapter for Bitcoin at the same time. This adapter allows developers to insert the Madara stack into Bitcoin to run Starknet Rollups based on the Cairo programming language created by StarkWare.

What is ZK Rollup?

Rollups batch process non-standard Bitcoin transactions (such as transactions from certain sidechains) and publish them into blocks on the underlying blockchain (like Bitcoin). This greatly reduces the computational cost of verifying these transactions while benefiting to some extent from the security of the Layer-1 blockchain. In this sense, Rollup transactions exist on Bitcoin. Users then run a node for that sidechain, which knows how to interpret the data published to Bitcoin and establish account balances. However, this means everyone needs to run a full node for that other protocol, which is not scalable. This is where ZK comes into play.

ZK Rollup utilizes zero-knowledge proofs, a cryptographic proof that ensures computational integrity without compromising privacy. It allows the prover to mathematically demonstrate to the verifier the correctness of a computational statement without revealing specific details used to compute that proof. This is crucial in the context of Rollups because it only requires observers to know the final proof to verify these statements or transactions. Using ZK proofs allows users of Rollups to obtain proof of the latest state from Bitcoin with mathematical certainty while maintaining complete privacy.

The benefits of ZK Rollup include not requiring users to be online to receive payments, only needing to obtain on-chain payment data when possible, not having to manage liquidity, and not relying on low fees from the Bitcoin base layer. Additionally, using ZK Rollup, developers can add any desired programming environment on top of Bitcoin, such as Turing-complete smart contracts.

ZK proofs use two main mathematical techniques: SNARK and STARK. The former, succinct non-interactive arguments of knowledge, predates the latter and has been applied in cryptocurrencies like Zcash, providing users with a high level of privacy. Scalable transparent arguments of knowledge were developed later to provide better security and scalability on top of the expected privacy. This is because SNARK relies on a trusted setup to generate proofs, while STARK aims to be completely trustless. Finally, SNARK is vulnerable to quantum computing, whereas STARK is quantum-safe.

Given Bitcoin's almost faultless history and resistance to deep reorganization, it is the most suitable cryptocurrency for Rollup transactions, as Rollup transactions rely on the main chain to access critical data that users need to spend. The main chain also ensures that Rollups remain active and available.

To correctly implement ZK Rollup on Bitcoin and allow users to reliably bridge their Bitcoin between Rollups, a soft fork of Bitcoin is required. This soft fork would add a new opcode to the oldest cryptocurrency, enabling Bitcoin itself to recognize and verify ZK proofs. If this happens, users would only need to run a Bitcoin node to reliably verify proofs published by specific Rollups, understand their accounts and balances, and withdraw funds from Rollups.

The two projects mentioned in the first part do not assume a consensus change in Bitcoin. Instead, they leverage the Ordinals protocol to avoid the need for new opcodes. More specifically, they utilize the concept of inscription envelopes introduced by Ordinals, which allows developers and users to encapsulate any type of data using specific flags and several opcodes. In Ordinal inscriptions, this flag is "ord."

The flag and opcode at the beginning of the envelope serve a dual purpose. First, they inform Bitcoin nodes that they can skip over those envelopes of information that are irrelevant to the Bitcoin network. Second, they serve the opposite purpose for users and applications that know about the envelope, letting them know that it contains content of interest to them. In the case of ZK Rollup, users can scan Bitcoin blocks for these envelopes to understand the latest state of the Rollup and perform mathematical verification using ZK proofs.

Now that we have an understanding of ZK proofs, let’s return to the two projects mentioned earlier and explore the unique aspects of their designs.

SOVEREIGN

The Sovereign SDK itself has three main goals. First, it aims to provide a standard interface for communication between Rollups and DA layers, making it easier to deploy Rollups on new DA layers and enabling new chains to support existing Rollups. Second, it integrates with cryptographic compilers to convert the business logic of code into a form that can be cryptographically verified. Finally, it provides default implementations of common blockchain primitives, such as tokens, non-fungible tokens, and cross-chain bridges.

As mentioned earlier, Chainway's DA adapter is designed to make it easier for applications built with the Sovereign SDK to connect to Bitcoin. In other words, the adapter allows Sovereign Rollups to leverage Bitcoin as their DA layer, which was previously impossible. Data availability is crucial for Rollups because it allows computations performed outside the main chain to be reliably verified, and it is a requirement for users to verify or modify their balances and withdraw funds from Rollups.

To have Sovereign Rollup transactions included in Bitcoin blocks, users pass their transactions to a so-called sequencer. The sequencer is run by the foundation itself in the design of Chainway's DA adapter, responsible for establishing this connection between the sidechain and Bitcoin, ensuring that all transactions passed by users are published to Bitcoin in the form of ZK proofs.

This sounds a bit centralized, and indeed it is. However, given the existence of validity proof technology—ZK-STARKs—the sequencer cannot act maliciously. This is because the proof privately confirms the legitimacy of the transactions, and anyone can verify it. For example, the sequencer cannot misappropriate user funds or conduct unauthorized transactions. However, they could theoretically censor user transactions by not including them in Bitcoin blocks and retaining that data. If this occurs, users can choose to publish their transaction data to Bitcoin by recording that information on the Bitcoin blockchain.

Chainway states that in the future, they plan to achieve decentralized sequencing through a small group of sequencers, with participation being permissionless and based on staking.

STARKNET

Similar to Sovereign, Starknet also aims to enable the construction of Rollups. However, Starknet is a more opinionated ecosystem that includes explicit components such as Cairo, CairoVM, and Madara, which developers can leverage for building.

Starknet is a ZK Rollup currently running on Ethereum, meaning that the Rollup relies on the blockchain created by Vitalik Buterin as its DA layer. It utilizes STARK proofs to provide users with the necessary privacy and security assumptions, as well as to improve scalability and reduce transaction costs by batching transactions before publishing proofs and new states to Layer-1. Cairo is a Turing-complete programming language used to write provable programs, where one party can prove to another that a computation has been executed correctly without the latter needing to re-execute the same program. It is the first production-grade platform for generating STARK proofs for general computations.

The Cairo virtual machine receives bytecode generated by the compiler and runs it on a computer. The output of the run is a trace of the program, which can then be sent to the STARK proof generator to prove the validity of the statements expressed in the Cairo code.

Madara is the sequencer of the Starknet stack, helping developers support ZK Rollups based on Starknet.

Until recently, all of these software stacks could only be used on Ethereum. Now, Kasar Labs and Taproot Wizards have launched a DA adapter for Bitcoin, aimed at allowing developers to anchor Rollups built using the open-source version of Starknet to the original and most secure cryptocurrency network.

Does Bitcoin Need ZK Rollup?

In essence, Bitcoin does not need it. It operates very well in its current state, with little reason to believe that Bitcoin requires significant changes. On the other hand, scalability is a real demand, and technologies like the Lightning Network have proven to be very useful in allowing users who otherwise could not participate in Bitcoin's economic transactions to engage more.

ZK Rollup offers a way to view Bitcoin from a different perspective. The two projects mentioned above do not require any actual changes to Bitcoin itself, but to realize the full potential of this technology, a consensus change would be needed by introducing new opcodes. Currently, it seems that this zero-knowledge-based Rollup technology research is attempting to push the boundaries of Bitcoin's potential, which is a good thing for expanding Bitcoin's user base, much like the Lightning Network.

Similar to the Lightning Network, Rollup functions by merging multiple transactions together and then publishing a single source of information to Bitcoin. Of course, ZK Rollup takes a very different approach from the Lightning Network, and that is correct. This technology does not attempt to compete with the proven low-cost payment second layer that Bitcoin users have already come to love. Instead, Rollup focuses on other issues and attempts to provide alternative solutions.

For those looking to do more on Bitcoin, this scalable technology that ultimately enables private, complex computations relying on mathematical proofs sounds very appealing. Even so, bridging Bitcoin in and out of Rollups in a fully trustless manner will depend on that opcode. But even so, the idea exists.

It remains unclear whether ZK Rollup will gain any traction on Bitcoin. Bitcoin already has a sidechain, Liquid, which has been active on Bitcoin for years, but its transaction volume is still low. One could argue that the existence of a federated model in the case of Liquid is a disadvantage, while ZK Rollup has an advantage in this regard. Perhaps Rollup may face the same fate as Liquid, with low transaction volume and interest, as Bitcoin users continue to choose to simply "HODL Bitcoin and hold." Or it may open a new chapter in the development and use of Bitcoin.

Regardless of whether the outcome is success or failure, exploring the development of this high-quality research is a natural and necessary endeavor. No matter the result, there is always something new to learn from it. One thing is certain—Bitcoin will continue to hash and generate blocks, allowing all users to enjoy the monetary certainty of hard currency without worrying about any of these matters.