Original author: Maggie-Foresight Ventures
Good afternoon everyone and welcome. My name is Maggie and Im the Director of Technology at Foresight Ventures. Today we’ll spend 30 minutes chatting about “What kind of Ethereum Rollup do we want?”
Now, I would like to briefly introduce our company.
Foresight Ventures is a research-driven investment institution focused on blockchain technology and the Crypto industry. Our product matrix includes several key components.
Foresight News is the largest multi-lingual web3 media platform in the Asia-Pacific region.
We also run Foresight X, an accelerator that provides dedicated support to crypto startups and builds a thriving global Web3 developer community in the process.
If you want to know more about us, feel free to visit our official website or connect with us on social media channels.
Let us now turn to todays agenda.
First, let’s review the recent controversy over “what is Ethereum L2” and Rollups.
After that, we’ll discuss “What kind of Ethereum Rollups can we expect?”
1. Controversy over “What is Ethereum L2?”
Last month, Dankrad tweeted: “If it doesnt use Ethereum as the data availability layer (DA), its not Ethereums Rollup, and therefore its not Ethereums L2.He also said that Plasma and state channels are considered L2, but Validium is not.
After Dankrad published his opinion, many builders and researchers in the L2 field began to question it. There are many L2 projects that do not use Ethereum as a data availability layer to save costs. If these projects are not included in the L2 list, it will have a significant impact on these expansion network projects. also,Some believe that if Validium doesnt count as L2, then Plasma shouldnt count either。
So, if you dig deep in Ethereums documentation, you may notice that they are not clear about whether Validium is an L2 platform. But they do mention that Validium is more secure than Plasma because they use proof of validity. This seems to contradict Dankreds point of view, who believes that Plasma is more secure than Validium from some perspectives, because users can exit using the past state, which Validium cannot support.
So, there is no definite answer as to whether Plasmas and Validiums should be included in L2.
However, L 2B EAT has applied a “show only Rollup” filter on its website, allowing users to filter out all projects that do not use Ethereum as a DA layer.
The debate about L2 and Rollup goes beyond that. We also heard many different opinions, such as Data availability is a confusing term, Data publishing is better, Classic Rollup is also Sovereign Rollup, Sovereign Rollup is not a Rollup at all and so on.
so,Rather than getting hung up on those definitions, lets focus on a more meaningful topic, what kind of Ethereum L2 do we want?
2. What kind of Ethereum Rollup do we want?
By definition, Layer 2 is an independent blockchain that extends Ethereum and inherits the security guarantees of Ethereum.
The security issues of Ethereum rollup are underestimated. We hope that Rollup will improve security and that there will be more modular blockchains customized for applications.
Here are the features we want to have in a Layer 2 solution:
first,We want L2 to scale Ethereum, which means L2 must have a validation bridge to Ethereum, enabling users to transfer assets between L2 and Ethereum and receive security from Ethereum. For example, I can use my ETH on Arbitrum L2 for certain transactions at relatively low cost while retaining the security of Ethereum.
Secondly, we hopeL2 achieves ultra-high security by inheriting the security of Ethereum。
First, we wantL2 can inherit the security of Ethereum. The best way to achieve this is to use Ethereum as the data availability (DA) layer, acting as a Rollup for Ethereum. Ideally, we would like to make the L2 node a trustless node and only need to trust Ethereum to fully guarantee the security of Rollup.
Secondly, we hopeRollup can inherit the activity of Ethereum. Users should be able to run Rollup themselves even if the Rollup node is not working, or at least have a way to exit L2 and get funds back to L1.
In addition, we also hopeRollup can inherit Ethereum’s decentralization and censorship resistance。
2.1 Inherit Ethereum security
In order to better inherit the security of Ethereum (ETH), Ethereum must be used not only for data availability and transaction ordering, but also for settlement. The Rollup layer is responsible for executing transactions and performing state transitions. Settlement in Ethereum via proof of fraud or proof of validity.
As you can see in the diagram, the roles of Rollup nodes can be divided into 2-3 different types: Sequencer, Proposer and ZK prover.
Sequencer plays an important role in Rollup. It packages transactions and submits them to the Ethereum network, using Ethereum to ensure data availability and transaction order.
At the same time, the Proposer executes these transactions and generates the latest state of the Rollup, and then submits the Merkle root of the new state to Ethereum. If this is an optimistic rollup and no one initiates a challenge within the specified time, then the state root will be accepted and the transaction will be confirmed.
In the case of ZK Rollup, the prover generates a zero-knowledge proof proving the validity of the state root. Once the ZKP is submitted and confirmed on Ethereum, the transaction will also be confirmed.
therefore,Once all this data has been committed and confirmed on Ethereum, rolling back the Rollup transaction requires rolling back Ethereum, thus inheriting the security guarantees of Ethereum. Furthermore, these three roles are sometimes played by the same node. In some protocols, such as Optimism, the Sequencer submits transaction batches and Merkle state roots at the same time.
Another security-related issue is the state verification of Rollup. As mentioned before, Optimistic Rollup uses fraud proof, while ZK Rollup uses validity proof, such as zero-knowledge proof.
The advantage of using fraud proofs (such as Optimism and Arbitrum) is that Rollup can be equivalent to the Ethereum Virtual Machine (EVM). However, users must verify the chain to protect their funds, and final confirmation of transactions is slower due to its long challenge period of approximately 7 days.
ZK Rollup, like Starknet, zkSync, Scroll and Polygon zkEVM, provides stronger security by using zero-knowledge proofs to prove that the state was correctly calculated. Once ZKP is verified on L1, the transaction will be completed immediately. This only takes a few minutes or at most a few hours, much faster than an optimistic rollup. However, ZK Rollup is usually not fully equivalent to EVM.
From a security perspective, zero-knowledge proofs work better. They rely on trustless cryptographic mechanisms for state verification, rather than relying on the honesty of incentivized participants like optimistic rollups.But transaction fees may be higher and not exactly equivalent to EVM. Therefore, choosing which one to use depends on the goals of the network.
In some cases, a hybrid approach can combine features of both rollups. A new project called Morphism uses ZK validity proofs to respond to challenges in optimistic rollup designs that can reduce the challenge window from 7 days to 1 day and reduce DA costs. The OP stack has also explored using ZKP to prove Optimism faulty programs.
However,There are huge security concerns about Rollup’s upgradability. Rollup smart contracts on Ethereum sometimes need to be upgraded when Rollup needs urgent bug fixes or needs to be upgraded to support new features. Therefore, who controls these smart contracts is crucial.
For many Rollups, the keys to controlling upgrades are held by core team members. In theory, these members have the ability to steal users funds through the use of escalation mechanisms. As Vitalic puts it, this is like a backdoor for developers.
To avoid this problem, upgradeability can be disabled. For example, Fuel V1 disabled upgradability, but each update iteration required smart contracts to be redeployed, and users needed to manually migrate their assets to the new version. This process is similar to starting a new project, resulting in fragmented liquidity and significantly reduced flexibility.
A better approach is to use a DAO for governance upgrades and set a delay to allow users who disagree with the upgrade to exit before it happens.This adds some DAO security assumptions to Rollup, such as the honest majority assumption.
Overall, in order to inherit the security of Ethereum, we recommend that Rollup use Ethereum for data availability, transaction ordering, and settlement. For state verification, using zero-knowledge proofs is more reliable. If we want to support upgradeability, its better to use a DAO to manage upgrades and give users enough time (e.g. 30 days) to opt out.
2.2 Inheriting the survivability of Ethereum
Now, lets talk about how to inherit liveness from Ethereum.
We hope that even if the current serializer and proposer goes down, with the help of the Ethereum mainnet, users can still recreate L2 state and keep Rollup running, or at least there will be a way for users to exit without trust. L1.
However, we found that many existing rollups so far lack this mechanism, such as Optimism, zkSync Era, and Base. So if this happens, Rollup will stop running and everyone will lose their funds on L2.
Some rollups allow users to force a withdrawal and withdraw their funds on L1 by submitting a Merkle proof or ZK proof of the funds on L2.
But some Rollups dont allow you to withdraw assets other than the collateral, meaning your L2 native assets cannot be withdrawn. If you trade your collateral for NFT or LP tokens, you may not be able to get them back on Ethereum L1.
Rollups like dYdX allow you to force the conversion of L2 native assets into collateral and then withdraw them on L1.
Some Rollups also support withdrawing NFTs to L1.
A better solution would be to allow users to also become Sequencers and Proposers to keep Rollup running. For example, Polygon zkEVM uses a license-free Sequencer. Arbitrum, on the other hand, allows users to force transactions to be included in a rollup by sending them to L1 (there is a one-day delay for this operation). Additionally, anyone can become a proposer after the current whitelisted Proposer has been inactive for 6 consecutive days.
In fact, activity is also related to the degree of decentralization. If Rollup nodes are better decentralized and censorship-resistant, Rollup will have better activity.
Therefore, to improve the survivability of Rollup, we propose decentralized nodes that allow users to order and propose transactions themselves in the event of failure.
2.3 Inherit the decentralization and censorship resistance of Ethereum
Rollup decentralization research mainly focuses onDecentralized Sequencersuperior.
Today, almost all Rollup networks use only a centralized sequencer. Sequencers have the ability to reject users transactions and maliciously extract MEV, which can harm users financially. Additionally, using a single sequencer lacks censorship resistance.
Therefore, one of the promising approaches that Rollup is exploring to implement a decentralized sequencer is a permissionless PoS decentralized sequencer. This approach is used in Morphism Rollup, where the sequencer is selected based on POS rules and executes a BFT-based consensus algorithm to reach consensus on the transaction batch. Some other rollups try to use leader election methods to elect a leader sequencer every epoch.
Another method is through MEV auctions. In each epoch, participants bid based on the profit they expect from transaction fees and the MEV they can withdraw as sequencers. The winner pays their bid amount to the Rollup treasury and gains the right to order trades and capture all profits during that epoch.
Polygons Proof-of-Efficiency is another approach where anyone can become a sequencer or aggregator. Sequencers require an additional fee to prevent spam attacks when proposing transaction batches to Ethereum L1. The aggregator verifies the batch transactions published by the sequencer, and the first aggregator to submit the validity certificate will receive the tokens deposited by the sequencer. However, the computational resources of a lagging aggregator may be wasted.
In the shared sequencer approach, a set of nodes provide sequencing services to multiple Rollups. Rollup connects to a network of shared sequencers to handle its transaction ordering and block generation. While shared sequencer pools are decentralized (they execute consensus protocols to agree on transactions and submit batches of transactions)
All of this technology around decentralized sequencers is still in its infancy and still evolving. Therefore, we can only provide a neutral assessment at this time.
ZKP provers can be as decentralized and permissionless as Polygons Proof-of-Efficiency because they cannot perform MEV and are difficult to act maliciously.
In summary, we need decentralized serializers and provers to enhance Rollup’s decentralization and censorship resistance.
In addition to security concerns, there are many other factors to consider. Here are some related questions:
How to balance the incentives of sequencers and ZKP provers?
The sequencer can execute MEV, but the prover cannot. This mechanism makes people more willing to become serializers. However, we actually need more provers than sequencers because generating zero-knowledge proofs requires more computing power than packaging transactions. So, how to balance the incentives between the two? I think we need to design a clever dynamic fee model and incentive model.
After the EIP 4844 upgrade, Rollup will use blobs to store data, and blob data is only saved on Ethereum for 1-3 months, so will this affect Rollup?
My answer is yes, I think there will be some small impact, but it will be easily fixed. Rollups historical data can be uploaded to decentralized storage for archiving. If all nodes of Rollup go offline (especially in the current single serializer situation), users will need to download historical data from the decentralized storage system and combine it with blob data from Ethereum L1 to reconstruct the state.
How to reduce transaction fees on Rollup?
When designing Rollup, there were many trade-offs between security, decentralization, and cost-effectiveness. For example, we use ZKP to verify state for enhanced security, but this requires more computing power and also makes transactions more expensive. This is a trade-off between security and cost. Some ZK Rollups use recursive proofs to aggregate ZKPs for multiple transaction batches and then submit the aggregated proofs to L1. This can save gas costs on Ethereum and reduce L2 transaction fees, but it will also lengthen the time for the final confirmation of the transaction.
Summarize
To summarize, back to our original question, what kind of Ethereum Rollup do we want?
first,We hope that Rollup will inherit not only the security of Ethereum, but also its survivability, decentralization and censorship resistance.。
In practice, it is very difficult to create an L2 Rollup that does not introduce additional trust assumptions, as upgradability, decentralized serializers, and a trusted setup with zero-knowledge proofs may all involve additional trust assumptions. It cannot be said that L2 Rollup completely inherits the security of ETH without trusting any L2 Rollup node.
For better security.Upgrades to the L1 Rollup smart contract should be governed by the DAO, with delays set to allow users enough time to exit if they disagree with the upgrade.However, this approach also introduces the DAO’s security assumptions into the system.
Last but not least,Instead of using a single serializer, use a decentralized serializer for better survivability, decentralization, and censorship resistance。
Before I end my presentation, I want to emphasize that if anyone here has great ideas and needs resources to implement them, please don’t hesitate to contact us at Foresight Ventures.
Additionally, we invite you to join our Foresight X incubation program. We are here to support and nurture your entrepreneurial journey. With our deep industry knowledge and extensive resources, we will ensure your project thrives.
Additionally, if you work in academia or research, Foresight X offers competitive grants to support your research path.
Also, we have a QR code here with all the links that may be of interest to you, including research reports. Feel free to take a photo or scan the code for more information, and you can find me on Twitter if you have any questions after the session.
Thank you again for your time; I hope you all enjoyed yourself and have a great day.
To refer to the PPT content, please click here:https://img.foresightnews.pro/file/L2( 0920).pdf