Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

Foresight Ventures: What kind of Ethereum Rollup do we want?

Foresight Ventures
2023-09-25 22:42:54
Collection
Rollup not only inherits the security of Ethereum but also its survivability, decentralization, and censorship resistance.

Author: Maggie, Foresight Ventures


Good afternoon, everyone. Welcome. My name is Maggie, and I am the Technical Director at Foresight Ventures. Today, we will spend 30 minutes discussing "What kind of Ethereum Rollup do we want?"

First, I would like to briefly introduce our company.

  • Foresight Ventures is a research-driven investment institution focused on blockchain technology and the crypto industry. Our product matrix includes several key components.
  • Foresight News is the largest multilingual web3 media platform in the Asia-Pacific region.
  • We also operate Foresight X, an accelerator that provides dedicated support for crypto startups and builds a thriving global Web3 developer community in the process.

If you would like to learn more about us, please feel free to visit our official website or connect with us on social media.

Now let's move on to today's agenda. First, we will review the recent controversies surrounding "What is Ethereum L2?" and Rollups. After that, we will discuss "What kind of Ethereum Rollups do we expect?"

1. Controversy about "What is Ethereum L2"

Last month, Dankrad made a statement on Twitter: "If Ethereum is not used as a data availability layer (DA), then it is not an Ethereum Rollup, and thus not an Ethereum L2." He also stated that Plasma and state channels are considered L2, but Validium is not. After Dankrad expressed his views, many builders and researchers in the L2 space began to question this. Many L2 projects do not use Ethereum as a data availability layer to save costs. If these projects are not included in the L2 list, it would have significant implications for these scaling network projects. Additionally, some believe that if Validium is not considered L2, then Plasma should not be counted either.

So, if you dig deep into Ethereum's documentation, you may notice that they do not clearly state whether Validium belongs to the L2 platform. However, they do mention that Validium is more secure than Plasma because it uses validity proofs. This seems to contradict Dankrad's view, who believes that from certain perspectives, Plasma is more secure than Validium because users can exit using past states, while Validium cannot support this. Therefore, there is no definitive answer to whether Plasmas and Validiums should be included in L2.

However, L2BEAT has applied a "show only Rollup" filter on its website, allowing users to filter out all projects that do not use Ethereum as a DA layer. The debate about L2 and Rollup goes far beyond this. We have also heard many different viewpoints, such as "Data availability is a confusing term; Data publishing is better," "Classic Rollup is also a sovereign Rollup," "Sovereign Rollup is not a Rollup at all," and so on.

So, instead of getting tangled up in those definitions, let's focus on a more meaningful topic: What kind of Ethereum L2 do we want?

2. What kind of Ethereum Rollup do we want?

By definition, Layer 2 is an independent blockchain that extends Ethereum and inherits Ethereum's security guarantees.

The security issues of Ethereum Rollup are often underestimated. We hope Rollups enhance security and that there are more modular blockchains tailored for applications.

Here are the features we hope to have in Layer 2 solutions:

  • First, we want L2 to scale Ethereum, which means L2 must have a verification bridge with Ethereum, allowing users to transfer assets between L2 and Ethereum while obtaining security from Ethereum. For example, I can use my ETH for certain transactions on Arbitrum L2 at a relatively low cost while retaining Ethereum's security.
  • Secondly, we hope L2 achieves ultra-high security by inheriting Ethereum's security.
  • Thirdly, we want L2 to inherit Ethereum's security. The best way to achieve this is to use Ethereum as the data availability (DA) layer, functioning as Ethereum's Rollup. Ideally, we want L2 nodes to be trustless, only needing to trust Ethereum to fully guarantee the security of the Rollup.
  • Additionally, we want Rollup to inherit Ethereum's liveness. Users should be able to run the Rollup themselves even if the Rollup nodes are not working, or at least have a way to exit L2 and retrieve funds back to L1.
  • Furthermore, we also want Rollup to inherit Ethereum's decentralization and censorship resistance.

2.1 Inheriting Ethereum's Security

To better inherit Ethereum's (ETH) security, it is essential not only to use Ethereum for data availability and transaction ordering but also for settlement. The Rollup layer is responsible for executing transactions and performing state transitions. Settlement is done using fraud proofs or validity proofs with Ethereum.

As you can see in the diagram, the roles of Rollup nodes can be divided into 2-3 different types: Sequencer, Proposer, and ZK Prover.

  • The Sequencer plays a crucial role in the Rollup, packaging transactions and submitting them to the Ethereum network, leveraging Ethereum to ensure data availability and transaction order.
  • Meanwhile, the Proposer executes these transactions and generates the latest state of the Rollup, then submits the Merkle root of the new state to Ethereum. If this is an optimistic Rollup and no one challenges it within a specified time, then this state root will be accepted, and the transactions will be confirmed.
  • In the case of ZK Rollup, the Prover generates zero-knowledge proofs to prove the validity of the state root. Once the ZKP is submitted and confirmed on Ethereum, the transactions will also be confirmed.

Thus, once all this data is submitted and confirmed on Ethereum, rolling back Rollup transactions would require rolling back Ethereum, thereby inheriting Ethereum's security guarantees. Additionally, these three roles can sometimes be played by the same node. In certain protocols, such as Optimism, the Sequencer submits both the transaction batches and the Merkle state root simultaneously.

Another security-related issue is the state validation of Rollup. As previously mentioned, optimistic Rollups use fraud proofs, while ZK Rollups use validity proofs, such as zero-knowledge proofs.

  • The advantage of using fraud proofs (like Optimism and Arbitrum) is that Rollup can be equivalent to the Ethereum Virtual Machine (EVM). However, users must verify the chain to protect their funds, and due to the challenge period of about 7 days, the final confirmation of transactions is slower.
  • ZK Rollups, such as Starknet, zkSync, Scroll, and Polygon zkEVM, provide stronger security by using zero-knowledge proofs to prove that the state is correctly computed. Once the ZKP is verified on L1, the transactions will be completed immediately. This only takes a few minutes or at most a few hours, which is much faster than optimistic Rollups. However, ZK Rollups are often not fully equivalent to EVM.

From a security perspective, zero-knowledge proofs are more effective. They rely on trustless cryptographic mechanisms for state validation rather than relying on the honesty of incentivized participants like optimistic Rollups. However, transaction fees may be higher, and they are not fully equivalent to EVM. Therefore, the choice of which to use depends on the goals of the network.

In some cases, a hybrid approach can combine the characteristics of both Rollups. A new project called Morphism uses ZK validity proofs to respond to challenges in optimistic Rollup designs, reducing the challenge window from 7 days to 1 day and lowering DA costs. The OP stack also explores methods to use ZKP to prove Optimism's fault tolerance.

However, there are significant security concerns regarding the upgradability of Rollups. When Rollups need to urgently fix bugs or upgrade to support new features, it may sometimes require upgrading the Rollup smart contracts on Ethereum. Therefore, who controls these smart contracts is crucial.

  • For many Rollups, the keys to control upgrades are held by core team members. Theoretically, these members have the ability to steal users' funds through the upgrade mechanism. As Vitalik said, this is like a "backdoor" for developers.
  • To avoid this issue, upgradability can be disabled. For example, Fuel V1 has disabled upgradability, but each update iteration requires redeploying the smart contracts, and users need to manually migrate their assets to the new version. This process is akin to launching a new project, leading to fragmented liquidity and significantly reduced flexibility.
  • A better approach is to use DAO governance for upgrade management and set delays to allow users who disagree with the upgrade to exit before it occurs. This adds some DAO security assumptions to the Rollup, such as the honest majority assumption.

In summary, to inherit Ethereum's security, we recommend that Rollups use Ethereum for data availability, transaction ordering, and settlement. For state validation, using zero-knowledge proofs is more reliable. If we want to support upgradability, it is best to use a DAO to manage upgrades and give users sufficient time (e.g., 30 days) to exit.

2.2 Inheriting Ethereum's Liveness

Now, let's talk about how to inherit liveness from Ethereum.

We hope that even if the current sequencer and proposer go down, with the help of the Ethereum mainnet, users can still recreate the L2 state and keep the Rollup running, or at least have a way to exit to L1 without trust.

  • However, we have found that so far, many existing Rollups lack this mechanism, such as Optimism, zkSync Era, and Base. Therefore, if this occurs, the Rollup will stop running, and everyone will lose their funds on L2.
  • Some Rollups allow users to force exit and withdraw their funds on L1 by submitting Merkle proofs or ZK proofs of funds on L2.
  • But some Rollups do not allow you to withdraw assets beyond collateral, meaning your L2 local assets cannot be withdrawn. If you trade your collateral for NFTs or LP tokens, you may not be able to retrieve them on Ethereum L1.
  • Rollups like dYdX allow you to enforce converting L2 local assets into collateral and then withdraw them on L1.
  • Some Rollups also support extracting NFTs to L1.

  • A better solution is to allow users to also become Sequencers and Proposers to keep the Rollup running. For example, Polygon zkEVM uses permissionless Sequencers. Arbitrum allows users to force their inclusion in the Rollup by sending transactions to L1 (this operation has a one-day delay). Additionally, in the current whitelisted Proposer, anyone can become a proposer if they are inactive for 6 consecutive days.

In fact, liveness is also related to the degree of decentralization. If Rollup nodes are better decentralized and resistant to censorship, the Rollup will have better liveness.

Therefore, to improve the liveness of Rollups, we recommend decentralizing nodes and allowing users to perform transaction ordering and proposing themselves in case of failures.

2.3 Inheriting Ethereum's Decentralization and Censorship Resistance

Research on Rollup decentralization mainly focuses on decentralized Sequencers.

  • Nowadays, almost all Rollup networks use a single centralized sequencer. The sequencer has the ability to reject users' transactions and maliciously extract MEV, which can economically harm users. Additionally, using a single sequencer lacks censorship resistance.
  • Therefore, Rollups are exploring some promising methods to achieve decentralized sequencers, one of which is permissionless PoS decentralized sequencers. This method is used in Morphism Rollup, where the sequencer is selected based on POS rules and executes a BFT-based consensus algorithm to reach consensus on transaction batches. Other Rollups attempt to use leader election methods to elect a leader sequencer in each epoch.
  • Another method is through MEV auctions. In each epoch, participants bid based on the expected profits from transaction fees and the MEV they can extract as sequencers. The winner pays their bid amount to the Rollup treasury and gains the right to order transactions and capture all profits during that epoch.
  • Polygon's Proof-of-Efficiency is another method where anyone can become a sequencer or aggregator. The sequencer must pay an additional fee when submitting transaction batches to Ethereum L1 to prevent spam attacks. The aggregator verifies the batch transactions published by the sequencer, and the first aggregator to submit a validity proof will receive the tokens deposited by the sequencer. However, the computational resources of lagging aggregators may be wasted.
  • In the shared sequencer method, a group of nodes provides ordering services to multiple Rollups. Rollups connect to the shared sequencer network to handle their transaction ordering and block generation. The shared sequencer pool is decentralized (they execute consensus protocols to agree on transactions and submit batch transactions).

All these technologies regarding decentralized sequencers are still in their early stages and are continuously evolving. Therefore, we can only provide neutral assessments at this time.

ZKP provers can be decentralized and permissionless like Polygon's Proof-of-Efficiency since they cannot execute MEV and are difficult to act maliciously.

In summary, we need decentralized sequencers and provers to enhance the decentralization and censorship resistance of Rollups.

In addition to security issues, there are many other factors to consider. Here are some related questions:

  • How to balance the incentives between sequencers and ZKP provers? Sequencers can execute MEV, while provers cannot. This mechanism makes people more willing to become sequencers. However, in reality, we need more provers than sequencers because generating zero-knowledge proofs requires more computational power than packaging transactions. So, how to balance the incentives between the two? I think we need to design a clever dynamic fee model and incentive model.
  • After the EIP4844 upgrade, Rollups will use blobs to store data, and blob data is only retained on Ethereum for 1-3 months. Will this affect Rollups? My answer is yes; I think there will be some minor impacts, but they are easily solvable. The historical data of Rollups can be uploaded to decentralized storage for archiving. If all nodes of a Rollup go offline (especially in the current single sequencer case), users will need to download historical data from the decentralized storage system and combine it with the Blob data from Ethereum L1 to reconstruct the state.
  • How to reduce transaction fees for Rollups? When designing Rollups, there are many trade-offs between security, decentralization, and cost-effectiveness. For example, we use ZKP to verify states for enhanced security, but this requires more computational power and makes transactions more expensive. This is a trade-off between security and cost. Some ZK Rollups use recursive proofs to aggregate ZKPs of multiple transaction batches and then submit the aggregated proof to L1. This can save gas costs on Ethereum and reduce L2 transaction fees, but it may also prolong the final confirmation time of transactions.

Conclusion

To summarize, returning to our initial question, what kind of Ethereum Rollup do we want?

  • First, we want Rollups to inherit not only Ethereum's security but also its liveness, decentralization, and censorship resistance.
  • In reality, creating an L2 Rollup without introducing additional trust assumptions is very challenging, as upgradability, decentralized sequencers, and the trusted setup of zero-knowledge proofs may all involve additional trust assumptions. It cannot be said that L2 Rollups fully inherit ETH's security without trusting any L2 Rollup nodes.
  • For better security, the upgrades of L1 Rollup smart contracts should be governed by a DAO and set delays to allow users sufficient time to exit if they disagree with the upgrade. However, this approach also introduces the security assumptions of the DAO into the system.
  • Last but not least, do not use a single sequencer; instead, use decentralized sequencers to achieve better liveness, decentralization, and censorship resistance.

Before I conclude my presentation, I would like to emphasize that if anyone here has outstanding ideas and needs resources to realize them, please do not hesitate to contact us at Foresight Ventures.

Additionally, we invite you to join our Foresight X incubation program. We are here to support and nurture your entrepreneurial journey. With our deep industry knowledge and rich resources, we will ensure your project thrives.

Furthermore, if you work in academia or research, Foresight X offers competitive grants to support your research endeavors.

Lastly, we have a QR code here containing all the links you may be interested in, including research reports. Feel free to take a picture or scan the code for more information, and if you have any questions after the conference, you can find me on Twitter.

Thank you again for your time; I hope you all have a great time and enjoy the rest of your day.

For reference to the PPT content, please click here: https://img.foresightnews.pro/file/L2(0920).pdf

Related tags
Ethereum Rollup DA Validium Plasma Layer 2
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
Foresight Ventures
Foresight Ventures Fairness, openness, internationalization, long-termism.
Foresight Ventures: About DeSci and BIO
Foresight Ventures: About DeSci and BIO
Foresight Ventures: Intent asset—Web3 asset large-scale application entry point
Foresight Ventures: Intent asset—Web3 asset large-scale application entry point
Mention the project
Foresight Ventures
Foresight Ventures
Foresight News
Foresight News Chinese blockchain media
Foresight X
Foresight X
L2BEAT
L2BEAT Analysis and Research Website on L2
Optimism
Optimism Ethereum L2 Solutions
Arbitrum / Offchain Labs
Arbitrum / Offchain Labs Ethereum Layer 2 Scaling Solutions
StarkNet
StarkNet Decentralized ZK-Rollup
zkSync / Matter Labs
zkSync / Matter Labs Ethereum's scalability and privacy engine
Scroll
Scroll Ethereum's native zkEVM Layer 2 solution
Polygon zkEVM
Polygon zkEVM EVM equivalent zero-knowledge scaling solutions
dYdX
dYdX Decentralized Derivatives Exchange
Related tags
Ethereum Rollup DA Validium Plasma Layer 2
Related reading
Hotcoin 2024 Review: Innovation and Growth from a Global Perspective
Hotcoin 2024 Review: Innovation and Growth from a Global Perspective
Laos National Digital Technology Group (LADT) has secured a $3 million angel round investment led by HashKey Capital, which will promote the issuance of stablecoins in ASEAN and the launch of the first batch of TON chain ecosystem products NewPay+ and RetoLabs
Laos National Digital Technology Group (LADT) has secured a $3 million angel round investment led by HashKey Capital, which will promote the issuance of stablecoins in ASEAN and the launch of the first batch of TON chain ecosystem products NewPay+ and RetoLabs
A Brief Discussion on the Ethereum Gas Limit Controversy: What Are the Pros and Cons of Increasing the Limit for Blocks, Validators, and MEV Earnings?
A Brief Discussion on the Ethereum Gas Limit Controversy: What Are the Pros and Cons of Increasing the Limit for Blocks, Validators, and MEV Earnings?
Web3Port 2024 Annual Summary: Three Major Sectors Collaboratively Promote Healthy Industry Development
Web3Port 2024 Annual Summary: Three Major Sectors Collaboratively Promote Healthy Industry Development
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app