Author: Haotian, independent researcher Source: X, @tmel0211
Ethereum has gone from Plasma to Validium to mainstream Rollup, and Bitcoin has gone from side chains to state channels to client verification. Layer 2 is essentially looking for a set of features that take into account security, scalability, and decentralization. Centralized Tradeoff solution. Based on this, I compared ZK-Rollup with the recently discussed @BsquaredNetwork solution, and discussed the differences and complexity of Bitcoin layer 2 in terms of technical implementation such as DA implementation, interoperability, and security challenges.
In order to make a better year-on-year reference, you can first vaguely "define" a set of corresponding relationships:
ETH Plasma = BTC state channel; ETH Validium = BTC sidechain; ETH Rollup = BTC client verification.
It is not difficult to seethat Ethereum Plasma corresponds to the Bitcoin ecological Lightning Network and inherits the security of BTC. However, the HTLC contract is currently limited to the direction of small-amount payments; Ethereum Validium corresponds to the side chain of the Bitcoin ecosystem, and its scalability is very strong, but an independent consensus makes it always not recognized by the mainstream; I tend to correspond to Ethereum Rollup The client verification, security, scalability, and decentralization features of the Bitcoin ecosystem will be comprehensively weighed. This is why Ethereum Rollup has become a mainstream core track.
Following the idea of Ethereum ZK-Rollup, we use Bitcoin client verification as a breakthrough. How to build the Bitcoin layer2 Rollup solution? Take @BsquaredNetwork as an example to discuss:
1) Client verification part:
In In a complete Ethereum ZK-Rollup, the off-chain links include Sequencer collecting and batching transactions, which will generate ZK SNARK proofs and Merkle trees and other packages and synchronize them to the main network Calldata, and then the ZK SNARK proofs will be verified off-chain by the Prover system. Upload the final State diff to the main network. The main network combines the state root with the block data in Calldata to verify the integrity and consistency of the data, and finally completes the Finality status confirmation.
The client part of Bsquare mainly includes the Rollup layer and the DA layer. The workflow of the Rollup layer is roughly as follows: Sequencer collects and Batch transactions, and synchronizes them first. Go to the decentralized storage environment, and then generate the Proof through zkEVM. At the same time, the transaction Raw data, Merkle tree, Bitcoin state and other data are summarized into Aggregator and Proof and synchronized to the B²nodes of the DA layer.
There are two differences in the process. On the one hand, Bitcoin needs to synchronize TXs original data to a decentralized storage environment, while zk-Rollup defaults to the local environment. Storage; on the other hand, Ethereum can directly synchronize data summary to the main network Call Data, but the Bitcoin main network has limited storage and lacks verification capabilities, so Bsquare synchronizes these data to B²nodes in the client environment.
2) Data Availability part
In the Ethereum system, the main network comes to Rollup The chain outputs DA capability. The operation purpose of Rollup to synchronize data to Calldata is the DA verification capability of the main network. Since the Bitcoin main network does not have verification capabilities, the DA function is borne by the DA layer built in the client environment.
After receiving this part of Rollup summary data, the B²nodes in the DA layer will perform a circuit compilation operation, compress the data and upload it to Bits in the form of Inscription. Coin main network. At the same time, B²nodes will also run the Prover system to conduct decentralized verification of the ZK certificate to generate a Bitcoin Commitment commitment, which will be inscribed together with aggregate data such as Rollupdata.
Two questions will arise here:
1. Why not use Celestia directly? A third-party DA chooses to build it by itself. This is determined by the particularity of the Bitcoin ecosystem. B²node needs to be equipped with an indexer to perform decentralized analysis and indexing of the inscriptions inscribe to the Bitcoin main network, and at the same time generate a ZK Proof meeting Commitment Upload to the main network in the form. When engraving the inscription, the data needs to be pre-compiled and compressed by the Circuit circuit to ensure that the occupation of the main network storage space is reduced.
2. Since DA is not provided by the main network, why should all kinds of Rollup data be synchronized to the main network in the form of inscriptions? This is actually to keep a data on the main network. Transaction records that cannot be tampered with provide the basis for the subsequent Challenge process.
3) Challenge part
In ZK-Rollup, the main network Rollup contract can The integrity and consistency of transactions are ensured through the secondary verification of the packaged data in Calldata and the State diff uploaded to the main network by Prover. This is the main network's verification capability and the advantage of ZK technology.
However, in the Bitcoin Rollup environment, due to the lack of verification capabilities on the main network, the essence of the value of ZK technology lies in the concise compression of SNARKs data while ensuring consistency. There is data fraud in the Sequencer collection transaction process in the environment. The data in the entire chain is false. Finality status confirmation cannot reject the fraudulent data. Therefore, a mechanism must be designed to challenge "false" behavior.
How to do it? If you look back at my article about BitVM, you will know that BitVM
is a solution that allows Bitcoin to achieve Turing-complete computing under theoretical assumptions, but The Taproot Tree method of transmitting TXs from its pre-compiled circuit to the Bitcoin main network consumes too much mining fees and is unrealistic. It would be different if the challenge mechanism design was based on the implementation logic of BitVM.
The challenge mechanism will lock BTC in the main network UTXO. Once the user challenges the layer2 chain in the form of BitVM, they can take away the BTC locked in advance. Assets of the currency main network. The inscriptions burned on the Bitcoin main network and the open and transparent B²nodes and other Raw data, Merkle trees, Commitment commitments, etc. will become evidence for users to initiate challenges. Once the challenge results prove that a series of data in B²nodes and the Inscription data inscribed on the main network exist, Due to the inconsistency problem, B²nodes nodes will not only lose the assets locked in the main network UTXO, but also need to roll back the transaction and re-update the indexer and historical data.
It is not difficult to see from the above that the layer2 rollup solution of the Bitcoin ecosystem has considerable technical complexity and particularity: for example, the client verification link must be based on decentralized storage Keep all the data generated by Sequencer in order to ensure data traceability; for example, the DA link needs to build a decentralized data verification system in an off-chain environment, and ensure the consistency of DA data through Commitment commitments and burning inscriptions. ; Another example is that even if ZK technology is adopted, an open and transparent challenge mechanism needs to be equipped to ensure security; the entire process must weigh a set of three contradictions of decentralization, security, and scalability to arrive at a fair solution.
The answer to the prototype of the exploration is obvious: since the Bitcoin main network cannot be verified and cannot be DA, then use inscriptions to burn a restricted DA+ set based on BitVM to the main network The Turing completeness of the circuit challenges the system to achieve the transparency and security of the Rollup chain. Use ZK technology + BitVM challenge system to make up for the lack of DA and verification capabilities of Bitcoin.
Since Ethereum Rollup also has hidden dangers in multi-signature contract governance where the Rollup contract can be updated, and security cannot be guaranteed 100%, what everyone believes is actually a set of A relatively transparent and open contract interaction mechanism cannot achieve absolute BTC consensus security. What lies ahead is a transparent and open challenge mechanism based on BitVM. Although the technical implementation is too complex, the logic does not seem to make sense.
In short, if the paradigm of Bitcoin Layer 2 ZK technology + client verification + DA engraving + BitVM challenge is gradually recognized by the market, do you think it will become a new paradigm? Is the Bitcoin layer2 Rollup advertised?
Alex
JinseFinance
Olive
The Crypto Illuminati
Cointelegraph
Ftftx