Comprehensive analysis of Optimistic Rollups technology and design principles
Rollups is the most controversial topic in the industry. Critics believe that the centralization of Rollups and the lack of technological innovation have caused more and more entrepreneurs to stay away and turn to other ecologies. For example, the recent migration of dYdX has greatly affected the Ethereum ecosystem There has been a huge trauma, and some critics believe that the growth of Rollups will gradually weaken the status of the economic center of Ethereum, and Ethereum will gradually become a political center instead of an economic center. Will Ethereum become like the Cosmos Hub? The same status in Cosmos? , is only responsible for providing security, but more innovations and activities will be transferred, and supporters believe that Rollups (and the decomposed execution layer represented by Validiums, Volitions, Any Trust, etc.) The chain is several orders of magnitude superior to the vision and brings innovation from 1 to 100. In our previous article Rollups Latest Technical Progress - On the Mystery of dYdX Abandoning StarkWare and Joining Cosmos, we focused on introducing the latest technical solutions of ZK-rollups, and interested friends can review them. In this article, we will explain Optimitstic Rollups from the aspects of technology, design principles, ecological opportunities, and latest progress.
Considering the capacity limitation of Ethereum, as well as the high gas fee caused by high demand, network congestion and other issues, Rollups (ORUs and ZKR) try to execute transactions off-chain, and upload and store transactions in batches to the main Network (Ethereum) for confirmation, this confirmation process is through the Rollup smart contract deployed on L1, which can execute the correct transaction by evaluating the transaction data published on L1, so as to ensure the security and decentralization of Ethereum , improving scalability. In Optimism’s recent airdrop, the average TPS reached 12TPS/s (consistent with the Ethereum mainnet), and the handling fee was only 5% of the mainnet. Compared with the validity proof of ZKRs, the verification method of state transition, ORUs fraud proof, and the realization of dispute resolution mechanism. One week after the transaction is submitted is regarded as a challenge period, any observer/verifier (minimum honesty assumption) can obtain rewards by discovering fraudulent transactions and submitting fraud proofs, and the transaction submitter will be punished (the pledged assets are slashed ), the transaction is restored. In terms of EVM compatibility, compared with ZRK, ORUs are currently highly compatible with Ethereum, and most of the protocols are solving the problem of EVM equivalence (about EVM and compatibility and equivalence issues, we are in the ZK-rollups article There are special explanations), so this is beneficial to the acceptance of ORUs in the Ethereum ecosystem developers, the dissemination and development of technology.
So in essence, Rollups moved the computing data storage off-chain, and uploaded the transaction data and the compressed proof of off-chain computing to L1, and passed L1 verification. Uploading data to the chain essentially ensures data visibility, allowing anyone to verify the validity of the uploaded and stored transactions (the issue of data visibility on the chain is also explained in detail in the previous article on ZK-rollups , and will not be elaborated here again). While enjoying the security and decentralization of Ethereum, ORUs provide network scalability and bring a low-fee, fast-transaction web3 environment to developers and dApps.
Value of Optimistic Rollups
Vitalik Buterin mentioned in the endgame that Ethereum will eventually gradually shift from an L1-Centric ecology to an L2-Centric ecology. This remark puts the focus firmly on the development of L2, which makes many people who are interested in the expansion of Ethereum ETH2.0 /sharding is full of expectations. In the future, Ethereum will mainly serve as the settlement layer of L2, and users will interact with L1 through L2, L3 (the latest fractal scaling recursive proof). At present, the main L1 mainly solves the problems of transaction fees and speed, but sacrifices decentralization and security, and is relatively small compared to the development ecology of Ethereum. The importance of the Ethereum community in the encryption industry is unquestionable, with the largest number of professional and experienced developers. Although in the short term we have seen various L1 ecological prosperity (which can also be considered false prosperity) to meet different on-chain transaction needs, in the long run we still need to find a more balanced design. Compared with other solutions, Optimistic Rollups highlights the importance of EVM compatibility and equivalence, and thus has been recognized and supported by a large number of Ethereum developers and the community. Note that this is different from ZKRs. Due to the effectiveness design, it is difficult for them to achieve Ethereum compatibility, and the realization of Ethereum equivalent is even more difficult; in addition, we have seen various expansion solutions, AnyTrust can Applications with higher frequency and low transaction costs (game NFT, etc. (this is similar to the Validiums, Volitions design in ZKR, which will be introduced in detail below) can be built on ORUSs. In the latest path of Ethereum, EIP4488, EIP4848 PDS and DS are for calldata Restrictions and the introduction of the new transaction format "blobs" have further improved its scalability; compared with ZKRs, ORUs are easier to provide a trustless process than ZKRs. Interested friends can read this article. How do you understand this? Well, for example, Rollups can safely access the liquidity of any settlement layer with the largest liquidity, but even the most perfect zk-bridge design will be 51% attacked by weaker chains (such as ImmutableX), and optimistic brdige These can be prevented, and of course there will be additional assumptions and delayed trade offs. For example, under the assumption of Ethereum compatibility, it is necessary to wait for updates/changes with Ethereum to maintain compatibility, which will cause delays. Currently the main ORUs, including Arbitrum and Optimism, are based on the same design principle, of course, the design mechanism is slightly different.
EVM virtual machine
The core design concept of ORUs also brings certain problems. For example, for EVM, as a general-purpose virtual machine for smart contracts, the smart contract chain on it is inherently inefficient, so applications developed based on it will be limited by its general design and cannot optimize specific applications. Through StarkWare's technology, we have seen that the composability of Rollups can be realized by means of solutions such as fractal extensions (we also introduced these technologies and the case of ImmutableX in the zk-Rollups article, StarkWare through StarkEx (specific applications) and StarkNet (general purpose) provides highly scalable application-specific Rollups or the entire network of application-specific Rollups, not just smart contracts). Similarly Polkdot and Cosmos also provide solutions for specific applications.
If the verification node and the observer participate in the verification transaction within the specified time (7-day challenge period) and submit the corresponding fraud proof, then the fraudulent transaction will be uploaded to L1, and the funds will be lost (but this risk is small), and at the same time, this verification In the process, the minimum honesty assumption is introduced, and at least one honest verifier is required.
As for the prover (sorter, prover) who is responsible for block production and the verification node for transaction ordering is offline, we need to ensure that there are honest verification nodes to verify the state through the data on the chain and submit relevant fraud proofs. If data visibility and validator decentralization and alternatives cannot be guaranteed, funds are frozen, not lost.
Centralized nodes can obtain MEV value through preemption and other methods.
Regulators can also force shutdowns of networks.
In addition to the above-mentioned problem of node centralization, there is also the problem of centralized control of the team. For example, in Arbitrum, Offchain Labs is responsible for the Sequencer (block producer and transaction orderer) of the current network, and the team controls multiple core contracts (including the Rollup contract on Ethereum, the Ethereum token bridge, and transaction ordering contracts, etc.). Proxy contract private key. At the same time, similar to Ethereum, considering the need to ensure that the verification node needs enough time and resources to complete the verification, the team also limits and regulates the transaction speed on it, which brings transaction capacity and high cost when economic activities are frequent. The question of fees. This can also explain the recent surge in Gas prices caused by increased activity on the Odyssey chain. During the mainnet test period, Arbitrum adjusted its capacity. Like Ethereum, when the traffic reaches the capacity limit, the L2 price will increase until the increase in traffic slows down and the network is stable. With the maturity of the technology, in the post-Nitro era, it will have a larger capacity, solve the problem of high prices, and at the same time ensure that it will not affect the user experience even under heavy loads. Of course, although due to the complexity and innovation of ORUs, the early team will introduce a team of experts to ensure a smooth launch, but the team also publicly stated that with the stability of the network and the iteration of technology, it will gradually release control over the network and introduce more decentralized ORUs. Optimized block producers and transaction orderers reduce the risk of review.
Currently Rollups has the following two solutions:
1) Pass valid authentication and stateless client
2) Simply run L1 nodes and light clients, for a good settlement layer they must be easily verifiable. Today, this comes at the expense of high latency, but in the future, this delay can be as little as a few seconds.
With the release of EIP4488, PDS and PD paths, the high cost of calldata is expected to be greatly alleviated. At the same time, AnyTrust allows more high-volume transactions, while applications with relatively low security can be developed in ORUsk. At the same time with the further maturity of technology. The community agrees that ORUs will gradually transition to a ZKR-integrated solution.
For a monolithic chain, if you want to achieve latency optimization, you need to ensure synchronization between all nodes. And if the monolithic chain becomes Rollups, the same delay can still be maintained. But Rollups can be further divided. We usually divide it into two kinds of delays, the first is Rollup confirmation (Rollup confirmation), and the second is settlement finality (Settlement Finality). With the confirmation of Rollups, we can improve the delay through smaller sub-node coordination, and at the same time, non-BFT and minimum honest assumptions can reach consensus faster. Feel free to rollups confirmation that it can be achieved immediately. In the design of StarkNet, we mentioned the recursive validity proof that its confirmation speed can eventually be the same as the settlement finality. A 7-day challenge period was introduced into the native bridge design of ORUs, which is essentially a delay. At present, there are third-party bridges on the market, such as Hop Protocol. Friends who are interested can read our previous article Can the bridge be trusted again? - The Rollups secure transmission solution of the Hop protocol solves some problems by introducing additional assumptions.
Single-chip chains have lower throughput than Rollups, so they decentralize composability. For example, you need to disperse liquidity among hundreds of single-chip chains, which will bring security problems at the same time. For example, the system security of the entire ecosystem depends on the chain with the weakest security assumption (in Cosmos Shared Security V1, all consumer chains share the Cosmos Hub All are secure, so attacking the consumption chain is equivalent to attacking the Cosmos Hub. The cost is very high. However, in the design of V2 and V3, some shared security will bring this problem). In the design of Rollups, if these hundreds of Rollups share a security zone, the connection between them will be several orders of magnitude simpler and more secure. For example, through secure access and synchronous calls with the settlement layer, ZKR has been launched in the Defi pool, and applications such as dAMM are also actively exploring. At the same time, although the trustless interoperability between Rollups is still not fully resolved, Slush's proposal on how to achieve seamless type extension between different ZKRs is a very good start.
local bridge design
Arbitrum transfers ETH, ERC20, and ERC721 assets between Ethereum and Arbitrum chains in a trustless manner through its native bridge. This kind of bridge is called "canonical bridge", which can be understood as a dApp that deploys contracts on both Ethereum and Arbitrum, and uses Arbitrum's cross-chain information transmission system to realize the basic token bridge function. All transaction transfers from Ethereum to the Arbitrum chain are realized through the L1GateRouter, which is responsible for mapping the L1 token address to the L1 gateway, and the L1 gateway can be regarded as an oracle machine for the L1/L2 address, ensuring that each token corresponds to a gateway. By default, users will make cross-chain transfers through the native bridge, but Ethereum cannot confirm the correct status of the transaction in real time, so it must wait until the challenge period has passed or the relevant challenge disputes are resolved before the confirmation can be completed. Currently on the market, third-party bridges such as Connext and Hop solve this problem.
Optimism's bridge allows a one-to-many token matching mechanism between L1 and L2. For example, for the same asset, ETH, through different bridges and different protocols, different mutually irreplaceable L2 corresponding assets will be generated. The standard of Optimism Gateway comes from TokenList, which ensures that each L1 asset has a corresponding standard L2 asset. What is a canonical asset here? We introduced bridges in Hop’s article. There are three main types. The first is the native token bridge, which is similar to Arbitrum, a trustless bridge developed by Optimism, and the second is the application bridge, which is suitable for more flexible trust bridges. Assume that projects deployed on L1 and L2 have custom sidechains, such as DeGateDex, the BoringDAO, etc., and the third type is the general-purpose token bridge represented by Hop. So the bridge can create a new L2 token representation of the L1 asset being bridged, or the bridge can exchange the user's L1 asset for an existing L2 representation. Although for any L1 token, there may be different L2 performances, in the end each application will choose to use the version that is most compatible with other applications, that is, the most widely used and most popular version, and this version is called for the specification version. You can choose a third-party bridge. In addition to Connext and Hop, we have also seen strong opponents such as Synapse Protocol, Anysway, Orbiter, Li.Fi, etc.
Compared with ORUs, ZKR provides cryptographic verification (validity proof, including zk-Snarks and zk-Starks) means. At present, it is highly dependent on a single node to execute transactions, create blocks, and submit validity proofs, which we call (relay nodes, or provers Prover). And if a single node fails, if there is no immediate backup node, it will bring huge risks to the network. Of course, a single node is very beneficial from the perspective of economic sustainability. Only a single node needs to prove calculations, and such calculations are very resource-intensive. An honest node can protect the entire network. Of course, in the future, we hope that the prover (Prover) can be more centralized, and the proof speed can be faster. At the same time, we also need more low-cost transaction activities and faster batch transactions (Batching process).
In ORUs, orderers are responsible for block production and transaction execution (also validators). Other verification nodes or observers are responsible for monitoring fraudulent transactions and submitting corresponding fraud proofs. Of course, these verifiers can also participate in block production without additional processing power and knowledge reserves. For the processing of fraudulent transactions, based on the minimum honest assumption, as long as there is an honest node submitting the transaction, the entire network can be guaranteed to continue to operate. When all validators are offline, fraudulent transactions may be submitted directly to L1. Therefore, ORUs introduces a dispute resolution time of 7 days. When a disputed transaction is found, Rollups will perform a fraud proof and run the correct transaction calculation through the visible data of L1. Of course, in order to ensure that they have enough motivation to process only those valid transactions, and thus maintain the overall security of the network, not only transaction submitters, but also orderers need to pledge ETH. If they do well, they will be rewarded.
In terms of calculation, ORUs will put more emphasis on data visibility on the chain, which needs to be used to resolve fraud disputes. The offline data are considered valid. The orderer is responsible for ordering bundled transactions at L2 and getting confirmed at L1. This process is centralized. In ZPR, the importance of off-chain data is more emphasized. Validity proofs are very complex and intensive, requiring powerful hardware. For example, StartWare (Operator) is responsible for StarkEx and StarkNet as the operator.
The AnyTrust chain was developed by the Arbitrum team in an attempt to solve existing scalability issues. While achieving low cost, fast and high transaction volume, AnyTrust can achieve faster bridge withdrawals (trade off is an additional centralization assumption). Of course, compared to side chains such as xDAI, you can enjoy the security and decentralization of Ethereum. Anytrust operates through a node committee, and the minimum honesty assumption is 2/20, which means that there are at least 2 honest nodes out of 20 nodes, which is more secure than sidechains such as xDAI. In xDAI, a 2/3 honesty assumption is required. At the same time, it is also more secure than the monolithic chain. In a monolithic blockchain, if there are 100 nodes, it is necessary to ensure that 2/3 of the honest nodes are safe, that is, 67 verification nodes. Similar to the design principles of Validiums and Volitions in ZKR, the data is stored off-chain without uploading transaction data (only transaction hashes) to L1, which greatly improves scalability. Of course, compared to the 7-day withdrawal time in Arbitrum One, the confirmation time in AnyTrust can be executed immediately (this is comparable to ZKR, and the validity proof of ZKR ensures the validity of the transaction, so the confirmation time is proved to be verified by L1 time (hours).
So in the honest assumption of 2/20, we need to ensure that the transaction is signed by at least 19 people, otherwise the transaction will revert to Rollup mode and be confirmed on L1. Therefore, in this verification process, the minimum honest assumption is introduced, that is, at least one honest verifier is required. Of course, if the honesty assumption is not established, then there will be risks of funds being stolen and frozen.
The biggest risk of AnyTrust is the security risk. Compared with rollups, the security assumption is lower. . Attackers can stop block production and freeze user accounts by not providing data. As we have introduced in previous articles, zkPorter mainly attacks by requiring the attacker to require at least 2/3 of the pledge to ensure that the data is invisible. StarkEx, on the other hand, introduces the minimum honesty assumption in the DAC and publishes the data. AnyTrust, too, is based on a minimal honesty assumption. If all verification nodes are offline, no one submits data, and no one can independently recreate the block, so all people will be frozen and cannot withdraw. In the committee node, based on the minimum honest assumption, at least one party will provide data, because the state can be reconstructed, and withdrawals can be made through the rollup mode, while the AnyTrust side is frozen (it feels like this is borrowed from the Rollup+Validium=Volition mode of zkSync2.0) .
EIP-4488 increases the average data of Ethereum by reducing 1) the call data cost from 16 fuel/byte to 3 fuel/byte 2) increasing the limit of 1MB per block, and increasing each transaction by 300bytes (the total upper limit is 1.4MB) capacity, reducing the cost of Rollups by 5 times. Of course, the cost of its potential operating nodes makes this solution impossible to implement from time to time. EIP4444 partially alleviates this problem, the data will be deleted after 1 year, and the data in the EIP4844 design can be deleted after 1 month.
Rollups uploads data to Ethereum L1, Ethereum can be understood as a light node of Rollups, and Rollups uses L1 call data (calldata) for permanent storage on the chain. For data sampling, Rollups only needs to ensure that the data is visible for a certain period of time, so that others can have enough time to download it. Therefore, EIP-4844 introduces a transaction format that is different from the calling data, a transaction with data fragments for storage. Data shards can carry 125KB of data, and are much cheaper than calling data with the same amount of data. These data fragments are usually deleted after a month, reducing storage requirements. And this one month is enough time for the verifier to complete the security assumptions in the data sampling.
Students who are interested in the latest path and technological innovation of Ethereum can check out our previous articles Ultimate Solution for Ethereum Expansion - Danksharding (1) and Ultimate Solution for Ethereum Expansion - Danksharding and MEV Design (2).
Potential Risks and Challenges
If ORUs fail, the key reason must be that there are better alternatives. Good products and infrastructure will eventually prevail. For example, ZK-Rollups is widely considered by Vitalik and the community to be a better long-term expansion solution for Ethereum. Considering the scalability of ZKR (cost compression and solutions such as Validiums and Voltions) and faster confirmation time on L1. ORUs can be understood as a transitional solution. In the short term, due to its relatively simple EVM compatibility and low technical complexity, developers can get started quickly. In the long run, the community believes that ORUs represented by Optimism and Arbitrum will It will gradually transform into a hybrid ZKR.
Polkadot and the universe
Layer0, represented by Polkadot and Cosmos, emphasizes the permissionless interoperability between different application chains through shared security. Of course, Cosmos emphasizes the independent sovereignty and flexibility of chains more than others. As mentioned at the beginning, we also mentioned the migration of dYdX, a large part of which is because L2 is currently too centralized, and the customizable blockchain is more satisfied with their existing products and paths. However, each project has its own development path, so we do not recommend following suit. At the same time, building an application chain on Cosmos also needs to face the challenge of finding a security verification node in the early stage, which is costly. At the same time, Layer0 represented by Polkadot and Cosmos emphasizes the importance of specific application chains, while ORUs are currently applicable to the general design framework of EVM.
Smart contract risk and design risk
If there is a smart contract risk, it will lead to a loss of user confidence. This problem has been proved in many bridge security incidents. At the same time, ORUs currently introduces the assumption that there is at least one honest verification node. If the assumption is not true in practice, ORUs will also fail (of course the probability is very low).
So far, we believe that ORUs represented by Arbitrum, AnyTrsut, etc. will become a very superior solution for a long time in the future, and it will be online soon for developers and achieve rapid deployment. However, any technology and innovation needs time to settle, and we believe that there will be a singularity soon. Zero-knowledge proof is one of the most important technologies in the computer field (privacy, scalability, anti-quantum computing, etc.) Whether in the academic or technical circles, there is no doubt that we will welcome more scalable validity proof Rollup in the near future And leading the Web3.0 era.