Author: Faust, geek web3
On January 16, 2024, under a tweet initiated by Daniel Wang, founder of Ethereum Layer 2 project Taiko, interacting with Zeng Jiajun, founder of AA wallet Soul Wallet ,Vitalik said: “The key to Rollup is unconditional security: even if you are targeted by everyone, you can still take the assets away. This cannot be done if DA relies on external systems (outside Ethereum) A little.”
Because Vitalik talked about his views on Validium in the second half of this tweet (Validium refers to the implementation of DA data release without Ethereum ZK Layer 2), so it has attracted a lot of people's attention (it was previously widely rumored that the Ethereum Foundation believed that Layer 2 = Rollup).
(It needs to be emphasized: The DA concept discussed in the Ethereum community refers to whether you can obtain newly generated data from Layer 2, not whether you can retrieve historical data from long ago. < /strong>If new data is not released on the Ethereum chain, Layer2 nodes may not be able to successfully parse the latest L2 block)
However, the "Ethereum Layer2 Definition Debate" and "DA War" have long been discussed by countless People have heard that this article does not intend to discuss such topics in any way. The purpose is to focus more on the first half of Vitalik's speech, which is the remarks at the beginning of this article.
Vitalik stated here that Rollup can achieve trustless censorship-resistant withdrawals. Even if all Layer2 nodes do not cooperate with you, you can still withdraw your assets from Layer2; moreover, he pointed out , only rollup can achieve this "unconditional safe withdrawal", while Layer 2, which relies on other DA data release methods, cannot do this.
But in fact, Vitalik’s words are not rigorous.
First of all, only assets from Layer1 that are bridged to Layer2 can be crossed back to the ETH chain. Pure Layer2 native assets cannot be crossed to Layer1 (unless Layer2 native assets deploy bridging assets on Layer1 contract).
If, as Vitalik said, "Everyone "For you",You can withdraw the L1-L2 bridging assets at most, but you cannot withdraw your "Layer2 native Token". At this time, whether you use ordinary withdrawal or It's useless to use forced withdraw or Escape Hatch.
Secondly, "Safe withdrawal without conditions" does not necessarily rely on the DA system. Early Layer 2 solutions before Rollup, Plasma that implements DA data release under the Ethereum chain, when the DA system fails (that is, data withholding occurs, no one except the sequencer/committee can receive new transactions Data/state transition information), it also allows users to submit asset certificates through historical data and escape from Layer 2 safely.
In other words, Plasma’s safe withdrawals do not depend on the DA system, and censorship-resistant withdrawals do not have to rely on the DA system (but historical data must be available); Moreover, These words were said personally by Dankrad of the Ethereum Foundation (the proposer of Danksharding), and they are universally accepted.
Secondly, leaving aside Celestia and Blobstream, the data retention/DA failure problem can be solved even without using ETH as the DA layer. Let's talk about the "Data Availability Challenge" that the Arbitrum team and the Redstone team are implementing, allowing the sequencer to only publish a DA Commitment (actually a datahash) on the chain, stating that the data has been released off the chain. If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain.
This mechanism design is very simple, and does not need to rely on third-party DA such as Celestia, Avail or EigenDA. It only requires the Layer2 project party to set up the off-chain DAC by itself. Just one node,it can be called a Celestia killer.
In the following, the author intends to interpret the "safe withdrawal without conditions" mentioned by Vitalik and the "data availability challenge" he did not mention, and try to tell everyone: Why Are Celestia, Avail, EigenDA and other third-party DA projects a must for Layer 2 that pursues DA offchain and pursues security?
In addition, in our previous article explaining "Bitcoin Layer 2 Risk Assessment Indicators", we said that censorship-resistant withdrawals are more reliable than the DA system. Basic and more critical, today’s article will further explain this point of view.
Escape cabin: "No conditions required" in Viatlik's words Safe withdrawal"
In fact, what Vitalik said It's not difficult to deduce thatit's talking about ZK Rollup's escape hatch. Escape Hatch, also known as Escape Hatch, is a withdrawal mode that is triggered directly on Layer1. Once this mode is triggered, the Rollup contract will enter a frozen state, refuse to accept new data submitted by Sequencer, and allow anyone to show Merkle Proof to prove their asset balance on Layer 2, which will belong to Your assets are transferred from the Layer2 official bridge deposit address.
Furthermore,the escape cabin mode is After a user's transaction is rejected by the Layer2 sequencer for a long time, the "trustless withdrawal mechanism" can be manually triggered by the party concerned on Layer1.
However, before activating the escape hatch mode, users who are rejected by the sequencer must first call the forced withdrawal function in the Rollup contract on Layer1, initiate a forced withdrawal request, and throw An event lets the Layer2 node know: someone initiated a forced withdrawal request.
(Since all Layer2 nodes will run the Ethereum geth client and receive the Ethereum block, they can monitor the triggering of the forced withdrawal event)< /p>
If the forced withdrawal request is ignored for a long time, the user can actively trigger the escape hatch mode (the default waiting period of Loopring protocol is 15 days, and the StarkEx plan is 7 days). Then, the operation process is as discussed at the beginning of this article. The user submits the Merkle Proof corresponding to his own assets to prove his asset status in Layer 2, and then withdraws the assets from the Rollup related contract.
But to construct Merkle Proof, you need to know the complete L2 status first, and you need to find an L2 full node to request data. If the extreme situation mentioned by Vitalik occurs and there is no Layer 2 node to cooperate with you, you can start a Layer 2 full node yourself and obtain the historical data published by the L2 sorter to Ethereum through the Ethereum network. Synchronize one by one starting from the Layer2 genesis block until the final state is calculated and Merkle Proof is constructed, then you can safely withdraw funds through the escape hatch.
Obviously, the "censorship resistance" at this time is different from that of Ethereum. Square/Layer1 itself is equivalent. As long as the full node of Ethereum provides you with historical data from a long time ago, it is close to trustlessness.
However, after EIP-4844, all Ethereum nodes will automatically lose some historical data, so that historical data of Layer 2 for more than 18 days will no longer be backed up by the entire ETH node. Censorship resistance will no longer be as close to Trustless as it is today.
After 4844, we need to trust that a relatively limited number of Ethereum nodes that store all historical data are willing to provide data to you (the native nodes of Layer 2 are often very few, so we will not consider it for now) Come in). By then, the trust assumption ofLayer1 historical data can be retrieved/Layer2 escape hatch withdrawal will change from Trustless or 0 today to 1/N, that is, it is assumed that 1 out of N nodes can provide you with data.
The EthStorage team seems to be committed to expanding this N to encourage more nodes to store historical data from long ago. If the denominator of 1/N is large enough, the score is still close to 0, which is close to no trust assumption being introduced. This may be able to properly solve the problem of historical data retrieval after 4844.
The relationship between escape hatches and DA - Validium’s ransomware attack< /strong>
Here we will summarize it again: The escape hatch allows you to prove your Layer 2 asset status through Merkle Proof and make trustworthy withdrawals on Layer 1.
The reason why Vitalik mentioned that the security of assets involved in withdrawals requires DA as a prerequisite is mainly because the Validium solution can be compromised due to "data withholding attacks" Withdrawals are not possible. (Only stateroot is released, and the corresponding transaction data is not released).
The specific principle is: the sequencer may hold on to the transaction data, only publish a Merkle Root (Stateroot) to the Ethereum chain, and then through the validity proof, try to make the new Stateroot pass the verification and become The current legal Stateroot.
At this time, everyone does not know the complete status corresponding to the legal Stateroot, and cannot construct the corresponding Merkle Proof to initiate the escape hatch withdrawal. You cannot withdraw money unless the sequencer is willing to release the data to you. This is vividly called a "ransom problem" by a technical director of Arbitrum (I personally prefer to call it a ransom attack).
But DA is in Validium under the chain. Therefore, "ransomware attacks" are prone to occur because his own mechanism design is not perfect enough.If a challenge mechanism related to withdrawal behavior is introduced, or a data availability challenge is introduced, the problem of ransomware attacks can theoretically be solved.
By the way, as mentioned earlier, Plasma, which allows users to withdraw money through historical data from long ago, will not cause "ransom attacks" like Validium, Plasma is also DA off-chain (off-chain DA + on-chain verification of fraud proof).
So, anti-censorship withdrawal/escape hatch does not have to rely on DA, Everything depends on the mechanism design of the withdrawal process. The reason Vitalik believes that censorship-resistant withdrawals are bound to DA is because he started from existing solutions such as Validium and smart contract Rollup, and already had a fixed mindset in his mind.
But this does not mean that all the Layer 2 of DA offchain in the world face the same problems as Validium. It does not mean that smart contract Rollup is the end of everything, and innovation can happen at any time ( Such as the data availability challenges mentioned later).
Conversely, If your Layer 2 solution does not consider designs such as escape hatches and anti-censorship withdrawals from the beginning, your Layer 2 will definitely not be trustworthy/safe enough. In other words, a good DA and proof system are sufficient conditions for achieving censorship-resistant withdrawals, but they are not a necessary condition.
So in our previous article, we mentioned that in the Layer 2 barrel effect, censorship-resistant withdrawal is a more basic shortcoming than DA and proof systems, and there is a reason.
Reference materials: "Using the barrel theory to dismantle Bitcoin/Ethereum Layer 2 Security Model and Risk Indicators》
Celestia Killer: Data availability challenges of Arbitrum and Redstone
After talking about the relationship between escape hatches and DA, let’s look back at DA itself: Layer 2 does not have to publish DA data to Ethereum to avoid The sorter engages in "data withholding".
Redstone, Arbitrum, Metis, etc. are all developing the "data availability challenge" mechanism, which allows the sequencer to only publish DA Commitment (datahash) + Stateroot on the chain and declare that the state transition parameters (transactions) have been published off-chain. data). If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain.
If the sequencer is challenged and does not respond in time to the ETH chain If the data is published on , the datahash/commitment published before it will be considered invalid, and the associated stateroot will also be invalid. Obviously, this directly solves the data withholding problem (only the stateroot is released, but the corresponding transaction data is not released).
Obviously, this presents an additional "data availability challenge" compared to Layer 2 of DA offchains such as Validium and Optimium. But such a simple design is enough to create strong competition against Celestia, Avail, EigenDA, etc. Setting up a DAC yourself introduces data availability challenges, and you no longer need to rely on Celestia.
But in contrast,data availability challenges also have economic issues that need to be addressed. The founder of ZkSync pointed out in a battle with the technical leader of Arbitrum that thedata availability challenge is theoretically vulnerable to DoS attacks. For example, the sequencer quickly releases thousands of DA commitments on the chain, and then withholds the corresponding complete data without releasing it. It can drain all challenger funds in this way and then issue an invalid block, stealing user assets.
Of course, this assumption is too extreme. The essence is an offense and a defense. Game theory problem,And in fact, the sequencer is more vulnerable to DOS attacks by malicious challengers, and degenerates into Rollup after being continuously challenged. The game situation between the offensive and defensive parties surrounding the data availability challenge is actually very interesting, and the corresponding mechanism design will also fully test the wisdom of Arbitrum, Redstone, and the Metis project team (this topic can be written separately).
However, data availability challenges will bring challenges to the design of Layer 2 DA solutions. With more innovation coming, this solution will also make a significant contribution to the Bitcoin Layer 2 ecosystem.