Original title: In-depth Analysis of Off-Chain Expansion—Cobo Ventures Heavy Research Report
Original Authors: Ellaine Xu, Hettie Jiang, June Wang, Walon Lin, Yiliu Lin
Original source: Cobo Global
1. The necessity of capacity expansion
The future of the blockchain is a grand vision: decentralization, security and scalability; but usually the blockchain can only achieve two of them, and satisfying these three requirements at the same time is called the impossible triangle of the blockchain problem (as shown below). Over the years, people have been exploring how to solve this problem, how to improve the throughput and transaction speed of the blockchain on the premise of ensuring decentralization and security, that is, to solve the expansion problem, which is the current blockchain development process. One of the hot topics of discussion.
Lets first define decentralization, security, and scalability of blockchain in general terms:
Decentralization: Anyone can become a node to participate in the production and verification of the blockchain system. The greater the number of nodes, the higher the degree of decentralization, thereby ensuring that the network is not controlled by a small group of large centralized participants.
Security: The higher the cost of obtaining control of the blockchain system, the higher the security, and the chain can resist attacks from a larger proportion of participants.
Scalability: The ability of a blockchain to handle a large number of transactions.
The first major hard fork of the Bitcoin network stemmed from scaling issues. With the increase in the number of Bitcoin users and transaction volume, the Bitcoin network with a block limit of 1 MB began to face congestion problems; since 2015, the Bitcoin community has disagreements on the issue of capacity expansion, and one side is represented by Bitcoin ABC The expansion faction supports the expansion of the block, and the small block faction represented by Bitcoin Core on the other side believes that the Segregated Witness Segwit scheme should be used to optimize the main chain structure. On August 1, 2017, the client system developed by Bitcoin ABC to 8 MB began to run, which led to the first major hard fork in the history of Bitcoin and the birth of the new currency BCH.
Similarly, the Ethereum network also chooses to sacrifice part of the scalability to ensure the security and decentralization of the network; although the Ethereum network does not limit the transaction volume by limiting the block size like the Bitcoin network, but in disguise Change to setting an upper limit on the gas fee that can be accommodated in a single block, but the purpose is to achieve Trustless Consensus and ensure the wide distribution of nodes (whether canceling or increasing the limit will eliminate many smaller nodes with insufficient bandwidth, storage and calculation).
From CryptoKitties in 2017, DeFi summer, to the rise of on-chain applications such as GameFi and NFT, the market’s demand for throughput has continued to increase, but even Turing’s complete Ethereum can only process 15 to 45 transactions per second. Transaction (TPS), which leads to increasing transaction costs and longer settlement times. Most Dapps cannot bear the operating costs, and the entire network becomes slow and expensive for users. The problem of blockchain expansion needs to be solved urgently . The ideal expansion solution is to increase the transaction speed (shorter finality time) and transaction throughput (higher TPS) of the blockchain network as much as possible without sacrificing decentralization and security. .
2. Types of capacity expansion solutions
According to the standard of whether to change the first layer of the main network, we divide the expansion plan into two categories: on-chain expansion and off-chain expansion.
2.1 On-chain expansion
Core concept: A solution to achieve expansion by changing the protocol of the first layer of the main network. The current main solution is sharding.
There are many options for on-chain expansion, which will not be expanded in this article. Two options are briefly listed below:
Solution one is to expand the block space, that is, increase the number of transactions packaged in each block, but this will increase the requirements for high-performance node equipment, increase the threshold for joining nodes, and reduce the degree of decentralization.
The second option is sharding, which divides the blockchain account book into several parts. Instead of each node participating in all bookkeeping, different shards, that is, different nodes are responsible for different bookkeeping. Parallel computing can process multiple transactions at the same time; It can reduce the computing pressure of nodes and the entry threshold, and improve the transaction processing speed and degree of decentralization; but this means that the computing power of the entire network is dispersed, which will reduce the security of the entire network.
Changing the code of a layer of the main network protocol may have unpredictable negative effects, because any subtle security holes in the underlying layer will seriously threaten the security of the entire network, and the network may be forced to fork or interrupt repair and upgrade. For example, the Zcash inflation vulnerability incident in 2018: the code of Zcash was modified based on the Bitcoin version 0.11. Eight months of secret patching, the incident was not made public until the bug was fixed.
2.2 Off-chain expansion
Core concept: an expansion solution that does not change the existing layer-one mainnet protocol.
image description
Note: The definitions of terms in the table come from the official website of Ethereum, and the content is summarized and sorted out by Cobo Ventures.
Below we will introduce the current mainstream off-chain expansion solutions from the aspects of development timeline, technical principles, advantages and disadvantages, and application comparison.
3. Off-chain expansion plan
3.1 State Channels
3.1.1 Summary
The state channel stipulates that users need to interact with the main network only when the channel is opened, closed or disputes are resolved, and the interaction between users is placed off-chain, so as to reduce the time and money costs of user transactions, and realize The number of transactions is unlimited.
State channels are simple P2P protocols suitable for turn-based applications such as two-player chess games. Each channel is governed by a multi-signature smart contract running on mainnet that controls assets deposited to the channel, verifies state updates, and arbitrates disputes between participants (based on signed and time-stamped fraud proofs). After the participants deploy the contract on the blockchain network, they deposit a sum of funds and lock them. After both parties sign and confirm, the channel is officially opened. Channels allow an unlimited number of free off-chain transactions between participants (as long as the net value of their transfers does not exceed the total amount of tokens deposited). Participants send status updates to each other in turn, waiting for the signature confirmation of the other party. Once the other party signs and confirms, the status update is considered complete. Under normal circumstances, the status update agreed by both parties will not be uploaded to the main network, and only when there is a dispute or the channel is closed, it will rely on the main network confirmation. When the channel needs to be closed, any participant can submit a transaction request on the main network. If the exit request is unanimously signed and approved by all members, it will be executed immediately on the chain, that is, the smart contract will distribute the remaining balance according to the balance of each participant in the final state of the channel. locked funds; if other participants do not sign off and approve, everyone will have to wait for the end of the “challenge period” to receive the remaining funds.
In summary, the state channel scheme can greatly reduce the amount of computation on the main network, increase transaction speed, and reduce transaction costs.
3.1.2 Timeline
The above timeline shows the major milestones in the development and evolution of State Channels.
In February 2015, Joseph Poon and Thaddeus Dryja published a draft Lightning Network white paper.
In November 2015, Jeff Coleman systematically summarized the concept of State Channel for the first time, and proposed that Bitcoins Payment Channel is a sub-case of the State Channel concept.
In January 2016, Joseph Poon and Thaddeus Dryja officially published the white paper The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments, proposing the Payment Channel (Payment Channel), an expansion scheme for the Bitcoin Lightning Network, which is only used to process transactions on the Bitcoin network. transfer payment.
In November 2017, Sprites, the first design specification for State Channel based on the Payment Channel framework, was proposed.
In June 2018, Counterfactual proposed a very detailed Generalized State Channels design, which is the first design completely related to state channels.
In October 2018, the article Generalized State Channel Networks proposed the concepts of State Channel Networks and Virtual Channels.
In February 2019, the concept of state channels was extended to N-Party Channels, and Nitro is the first protocol based on this idea.
In October 2019, Pisa expanded the concept of Watchtowers in order to solve the problem that all participants need to be online continuously.
2020/03, Hydra proposed Fast Isomorphic Channels.
image description
Source: L. D. Negka and G. P. Spathoulas, "Blockchain State Channels: A State of the Art" in IEEE Access, vol. 9 , pp. 160277-160298 , 2021 , doi: 10.1109/ACCESS.2021.3131419.
image description
Source: L. D. Negka and G. P. Spathoulas, "Blockchain State Channels: A State of the Art" in IEEE Access, vol. 9 , pp. 160277-160298 , 2021 , doi: 10.1109/ACCESS.2021.3131419.
Figure 2 shows the general workflow that most state channel protocols follow: in the optimistic case, Alice and Bob need to perform the same operations as before, but this time they use a state channel instead of interacting with an on-chain contract.
In the first step, Alice and Bob deposit funds from their personal EOA to the contract address on the chain (interaction 1, 2), these funds are locked in the contract, and the balance is not returned to the user until the channel is closed; the two sign the confirmation After that, the status channel between the two was officially opened.
In the second step, Alice and Bob can theoretically carry out an unlimited number of transactions (blue dotted line) under the chain through this channel, and the participants communicate with each other through encrypted signature messages (rather than communicating with the blockchain network). Both users need to sign each transaction to prevent double spending. Through these messages, they propose status updates for their accounts and accept status updates proposed by the other party.
image description
Source: L. D. Negka and G. P. Spathoulas, "Blockchain State Channels: A State of the Art" in IEEE Access, vol. 9 , pp. 160277-160298 , 2021 , doi: 10.1109/ACCESS.2021.3131419.
Figure 3 shows the workflow of a state channel in the pessimistic case: initially, two participants deposit funds (interaction 1, 2), and then start exchanging state updates (dashed blue line). Suppose at some point in time, Bob does not respond to the state update signature sent by Alice in his turn (interaction 3), at this time, Alice can initiate a challenge by submitting her last valid state to the contract (interaction 4) , this valid state also contains Bobs previous signature, thus proving that the last transaction has been approved by Bob, and the final state has been confirmed by Bob. The contract then allows Bob to respond by submitting the next state to the contract for a period of time; if Bob responds, the two can continue to transact within the state channel; if Bob does not respond within that time period, the contract automatically shuts down State channel and return funds to Alice (interaction 5).
3.1.4 Advantages and disadvantages
3.1.5 Application
Bitcoin Lightning Network
Overview:
The lightning network is a micropayment channel of the Bitcoin network. Its overall technical evolution experience: 2/2 multi-signature to build a one-way payment channel, adding RSMC (Revocable Sequence Maturity Contract) to build a two-way payment channel, and adding HTLC (Hash Time Maturity Contract) Lock Contract) can be connected to the payment channel to expand to multi-person payment, and finally build a payment network that is the Lightning Network. Through the micropayment channel under the chain, and then use the middleman to form a transaction network, the problem of Bitcoin network expansion can be solved. The overall use of Lightning Network follows the process of deposit (establish channel) → Lightning Network transaction (update channel status) → refund/settlement (end channel); theoretically Lightning Network can process one million transactions per second.
timeline:
In February 2015, Joseph Poon and Thaddeus Dryja released a draft of the Lightning Network white paper;
In January 2016, the official version of the white paper was released and Lightning Labs was established;
On March 15, 2018, Lightning Labs released the first Lightning Network mainnet version, Lightning Network Daemon (LND) 0.4.
At the beginning of 2021, the public capacity (TVL) of the Lightning Network is only about 40 million US dollars, and less than 100,000 users use the Lightning Network.
In June 2021, El Salvador announced the adoption of Bitcoin as legal tender, and in September released Chivo, a Lightning Network-based wallet.
In 2022, Cash App and 26 cryptocurrency trading platforms including OKX, Kraken, and Bitfinex announced support for the Lightning Network, enabling instant and cheap BTC deposits, withdrawals, and transfers.
In October 2022, Lightning Labs released a new protocol based on Taproot - Taro protocol (alpha version), which is currently being tested on the testnet and will be used to mint, send and receive assets on the Bitcoin network in the future, and through the Lightning Network Execute instant, high-volume, and low-fee transactions.
image description
Ecological development:
Source:https://blog.coinbase.com/is-the-bitcoin-lightning-network-for-real-26 e 47029687 f
As shown in the figure above, the BTC lightning network ecology from bottom to top is: the underlying BTC network-core infrastructure-various Dapps.
Core infrastructure includes
Lightning Network Solutions: Software programs that individuals and businesses can run and connect to the Lightning Network, the largest of which is Lightning Labs.
Node and liquidity service: Because it is more complicated for users to run their own nodes independently, it is necessary to provide a more user-friendly interface to help manage lightning payment channels.
On top of the core infrastructure are various payment and financial services and applications, for example, Strike built on top of the LND solution allows users to buy and sell BTC, uses BTC to tip creators on Twitter and allows Shopify merchants to accept BTC, etc.
As of November 2022, Dapps based on the Bitcoin Lightning Network have grown to more than 20 categories and more than 100 applications. The application categories mainly include Bitcoin Lightning Network payments, wallets, node management, browser extensions, podcasts and streaming media etc. The current technical base layer related to node infrastructure has basically matured, wallet support has increased, financial services and payment integration continue to grow, more entertainment applications are built on the Lightning Network, and the Lightning Network ecosystem is booming.
Ethereum Raiden Network
Overview:
The Raiden Network is a micropayment channel based on Ethereum. It is very similar to the Lightning Network. It expands transactions on the chain by establishing a state channel. The purpose is to achieve near-instant, low-cost and scalable payment on Ethereum. ERC 20 token payment.
timeline:
Founded in 2017, the founder Heiko Hees was a core developer and consultant of Ethereum.
Launched an ICO for its token $RDN on October 17, 2017, raising over $30 million in a Dutch auction.
In May 2020, the first Raiden Light Client - Alderaan was launched on the Ethereum mainnet, which is an implementation of the Typescript-based Raiden Network;
At the end of 2021, due to the long-term lack of development progress, information disclosure and user usage, multiple exchanges will delist $RDN, including Bitkub, NiceHash and Binance.
The technology is currently not widely adopted for reasons including:
1) The use threshold is too high: When the gas fee on Ethereum is too high, the cost of opening the channel is too high, which becomes a major obstacle to the adoption of the Raiden network.
Ecological development:
Ecological development:
At present, the ecological development of the Raiden Network is slow, and the team is transforming the Raiden Network to run on the Ethereum Layer 2 Rollup network, thereby further reducing the gas cost of creating a State Channel; in May 2022, the team announced that the Raiden Network will be launched on Arbitrum, becoming a rollup native protocol, L 2 running on L 2; this solution reduces the cost of initial channel creation by 35%, making it more suitable for high-frequency micro-payment scenarios; the Raiden Network will be transformed centered on Rollups in the future, as Complementary solution for coexistence with Rollups.
Celer Network
Overview:
Celer Network is essentially a lightning network with an added incentive layer (token $CELR), which can build a fast, easy-to-use, low-cost and secure high-frequency interactive blockchain through off-chain expansion technology and incentive economic models Dapps, such as e-sports platforms, etc. Because of the extremely high interaction frequency in the distribution of user admission fees and bonuses, it is very suitable for the application of state channel technology.
image description
Source: https://www.celer.network/doc/CelerNetwork-Whitepaper.pdf
As shown in the figure above, Celer Networks off-chain expansion framework based on Ethereum consists of three layers, from bottom to top:
cChannel: Generalized State Channel and Sidechain Suite
cRoute: off-chain payment routing, using the innovative routing algorithm DBR (Distributed Balanced Routing) to improve performance
cOS: Development framework and runtime environment for off-chain applications
timeline:
Founded in 2018, the team members are PhDs in computer science from MIT, Princeton, UCBerkeley and UIUC.
In March 2019, the token $CELR was released on Binance Launchpad.
Ecological development:
Ecological development:
As the blockchain ecosystem develops towards multi-chains, the state channel is given a new mission to bridge Layer 1 and Layer 2. Celer Network has expanded its core technology of generalized state channel network and transformed it into a cross-chain L2 expansion and aggregation platform. The products currently launched include DeFi protocol Layer 2.finance, information cross-chain protocol Celer IM and asset cross-chain bridge cBridge . cBridge already supports up to 139 tokens and 38 chains.
On November 11, 2022, MetaMask Bridges Beta integrated cBridge, and on November 17, the total number of cBridge transactions reached 1M. On the same day, it was announced that cBridge and Celer IM would integrate the zkSync 2.0 testnet.
3.1.6 Application Comparison
3.2 Sidechains
3.2.1 Summary
The concept of sidechains was first proposed by Bitcoin developers in chat rooms in 2012, and the first article about sidechains on Bitcoin was written by a Blockstream researcher and published in 2014.
In the 2014 paper, it was proposed that the side chain is a form of blockchain that appeared to speed up Bitcoin transactions. More complex contracts can be used, or by improving the consensus mechanism (such as PoS), or block parameters. Chains fit specific roles. The transaction results of the side chain will be recorded on the validator side when it is finally sent back to the main chain. This blockchain model is not a new blockchain form, but an infrastructure attached to the main chain and assisting the main chain to solve problems.
3.2.2 Timeline
2012/01, the concept of Bitcoin side chain was proposed in the chat room
2014/10, the paper on the Bitcoin side chain was published for the first time: Symmetric Pegged and Asymmetric Pegged
2017/04, POA Network launched a side chain based on the Ethereum Proof of Authentication consensus test network
2017/10, Matic Network launched
2017/12, POA Network mainnet launched
2018/01, Skales testnet launched
2018/10, xDai Chain test network launched
2020/06, Skale mainnet launched
2020/06, Ethereum side chain Matic PoS Chain mainnet launched
2021/02, Matic Network brand changed its name to Polygon Network
2021/02, Axie Infinity game side chain Ronin mainnet starts operation
2021/12, xDai Chain and Gnosis Dao merged into Gnosis Chain
2022/03, POA Network merged into Gnosis Chain
3.2.3 Technical principles
Among the technical principles of the side chain, the 2014 paper mentioned two ways of two-way pegging (Symmetric Pegged) and non-coordinated pegging (Asymmetric Pegged) so that the side chain can communicate with the main chain. Two-way anchoring or uncoordinated anchoring message transfer will only occur when the tokens of the main chain and the side chain are cross-chained. Since the side chain uses cross-chain technology, the following will first discuss the two most fundamental cross-chain technology principles, and then discuss the advantages and disadvantages of side chain technology at the application level.
Symmetric Pegged
Two-way pegging (Symmetric Pegged) refers to the verifiers on the main chain (Parent Chains) and the side chain, each of which records the current status of the other party (block header information) in real time.When transmitting information, two-way anchoring will use two-way SPV (Simplified Payment Verification) technology. When the token of the main chain is to be sent to the side chain, a special output (SPV-Locked Output) will be produced, and only the validators on the side chain can use the SPV proof to unlock it. SPV technology refers to the technology that only retains the block header information, and obtains merkle proof from the full node to verify the transaction.
Main process:
Users send native assets to SPV-Locked Output (a special address).
After waiting for the confirmation peirod, the SPV certificate can be submitted to the side chain, and the side chain can prepare to issue on-chain assets based on this.
SPV proofs are used to verify that a transaction has taken place. It includes a list of block headers showing proof of work and a cryptographic proof (Merkle proof) that an output (SPV-Locked Output) was created in a block in the list.
Users continue to wait for the contest period to avoid double spending attacks. If someone submits a reorganization proof during this time, which includes a chain with more total work than the block that created the SPV-Locked Output, the previous SPV proof is invalid.
image description
Source:https://blockstream.com/sidechains.pdf
Asymmetric Pegged
Asymmetric Pegged is the second method mentioned in the paper that first proposed the side chain in 2014. It is mainly divided into transactions on the forward side and the backward side. In Asymmetric Pegged, the validators of the side chain must monitor the activities of the main chain in real time, so when the main chain needs to send tokens to the side chain, the side chain can actively record (forward transaction). However, when the side chain needs to transfer tokens back to the main chain, the main chain cannot confirm the status of the side chain block because the side chain information is not recorded.
Therefore, in this case, Asymmetric Pegged must introduce the mechanism of Certifiers, which will
Smart ContractID, EpochID and Verifier ID
List of Backward transfers
Validator Withdrawal List
Bug Report List
Aggregate all signatures
Recorded in the Certifiers, usually the Certifiers need to stake fixed assets to ensure that the Certifiers will not destroy the system, and these Certifiers will be responsible for verifying the backward transaction sent back from the side chain, and send it back to the main chain after being signed by the aggregated signature.
However, with the current technological evolution, more and more side chains will choose to use the third-party notary (Proof of Authority, PoA) mechanism, allowing multiple named nodes to communicate with each other about contract lock and release (block header of the main network Information) verification to ensure that the token lock is equal to the minted value; or use Relayers to establish an intermediate layer so that the side chain can confirm the block status of the main chain through the intermediate layer.
Simply put, the mechanism of the side chain can be summarized as:
Assets from the main chain -> side chain: the main chain locks assets, and the side chain generates wrapped assets (the consensus mechanism ensures that all nodes agree to generate);
Assets from side chain -> main chain: the side chain destroys the wrapped asset, and the main chain unlocks the asset.
It can be seen that the security of assets on the side chain does not depend on the main chain, but on the security of the side chain, and furthermore, it is the consensus mechanism of the side chain. If someone manages to out of thin air create assets on the sidechain that dont match those locked on the mainchain, then destroy those assets on the sidechain, and then propose to the mainchain to unlock assets that dont belong to them, there will be a risk of stealing funds risk.
3.2.4 Advantages and disadvantages
3.2.5 Application
xDai (now renamed as Gnosis Chain)
Overview:
The generation of the token $xDai comes from the $Dai on Ethereum being locked on the token bridge, because $xDai = 1 USD, which makes it easy to calculate the transaction fee on xDai. The verification mode of xDai adopts the PoSDAO model, which is to become a node by staking, and the pledger can obtain a fixed APR of 15%, that is, the annual inflation rate of $xDai is 15%.
timeline:
In September 2018, xDai officially launched its mainnet
In November 2021, GIP 16 on the Gnosis DAO voted to approve the proposal to acquire xDai
image description
Source: https://forum.gnosis.io/t/gip-16-gnosis-chain-xdai-gnosis-merge/1904
Ecological development:
Ecological development:
The TVL of Gnosis Chain is currently ranked 20th in Defi Llama, with a TVL of ~$53 mil. The most familiar project is Dark Forest. In the collection of Defi Llama, there are currently 35 ongoing projects in Gnosis Chain, of which the top projects are distributed in the fields of Defi and cross-chain bridges.
Polygon
Overview:
In 2017, Matic Network was established. In June 2020, the main network will release the Ethereum side chains - Matic PoS Chain and Matic Plasma Chain (detailed in 3.3.5), and the brand will be upgraded to Polygon in 2021. In fact, whether Polygon is defined as L 2 or side chain has always been controversial. The reason is that although the founder of Polygon believes that they are an L 2 expansion solution, because Polygon has its own verification model, its security is similar to that of Ethereum. The Fangzhu network is different. In addition, technically, if Ethereum is shut down, Polygon can still run, so Polygon is defined here as a side chain.
But in terms of Polygons future roadmap, the founding team hopes to gradually move Polygon closer to L2. In 2022, Polygon will quickly cooperate with many web 2 giants at the BD level (such as Reddit, Disney, and Instagram) and start the Hermez zkEVM and Polygon Zero plans, gradually moving towards the goal on the roadmap.
image description
Source:https://research.thetie.io/polygon-matic-research
Ethereum layer: This layer is the communication layer between Ethereum and Polygon, and is an intermediate station for information exchange, allowing Polygon to have pledges, resolve disputes, and deliver messages. (Officiality of the relayer)
Security layer: Nodes using PoS guarantee security to Polygon and charge fees
Polygon layer: The most basic and necessary layer for Polygon operation, used to run blocks and perform transaction sorting and consensus calculations.
Execution layer: Read and execute transfers and transactions in the Polygon chain, performed by the execution environment.
timeline:
In 2017, Matic Network was established.
In June 2020, the Matic Pos Chain mainnet will be released.
Rebranded to Polygon in February 2021.
Ecological development:
Ecological development:
Due to Polygons low cost, EVM compatibility, and fast speed, Polygon will develop rapidly in 2021, and various applications will appear on it. The current TVL has increased from $110 million in April to $1.07 billion today. There have been more than 200 projects deployed in the ecosystem, but not many star projects have been born.
Ronin
Overview:
Ronin is a sidechain generated due to the popularity of the Axie Infinity game, and the mainnet will be launched in March 2021. Axie Infinity was initially deployed on the Ethereum mainnet, but the further development of Axie Infinity was limited due to the high cost of transaction fees and frequent congestion in Ethereum, so Axie Infinity developed a dedicated sidechain solution, Ronin.
The main features of Ronin are: fast and seamless transactions, greatly reduced Gas Fee, and will use the obtained Gas Fee as a tournament bonus, and assets can be returned to the Ethereum mainnet and customized solutions for wallets. Before the cross-chain bridge was hacked, Ronin had a locked position of $1.4 billion. At the same time, the built-in NFT Marketplace was also closely behind Looksrare. It can be said that it is a sidechain that inherits the energy of Axie Infinity. At present, the above application is only Katana DEX, which serves as a token exchange platform on Ronin.
Ronins verification mechanism is PoA (Proof of Authority). Unlike PoS, which can accommodate 128 verification nodes, PoA can only contain up to 25 nodes, which is smaller in comparison. Most of the nodes are strategic partners or well-known VCs: such as Binance, AnimocaBrands, SparqVenture, Ubisoft, etc. Different from PoS, PoA is a verification module that is guaranteed by its own reputation. It is more like an alliance chain that is certified by an authoritative organization. Therefore, the verification speed and the re-allocate of Gas Fee can be better allocated and adjusted.
timeline:
In March 2021, the Ronin mainnet will be launched.
In March 2022, Ronin was attacked by hackers. The hackers continued to steal funds by controlling 5 of the 9 nodes (the parent company of Axie Infinity), which eventually put Ronin in a dilemma where the entire chain assets were emptied.
In April 2022, Binance led the investment and injected assets to allow Ronin to restart.
Ecological development:
Ecological development:
At present, only Axie Infinity-related ecosystems need to be used. The DEX and Bridge before being hacked are basically deployed for the internal needs of Axie Infinity games.
3.2.6 Application Comparison
3.3 Plasma
3.3.1 Summary
Plasma
Plasma itself refers to a framework for building scalable Dapps, and developers can use the tools it provides for development. Plasma emerged as an evolutionary solution for sidechains, aiming to minimize users trust in the sidechain Operator. Even if the Operator does evil, Plasma can prevent user funds from being stolen. The basic principle of Plasma is that if there is a security failure on the Plasma chain, all users assets can still be withdrawn from the Plasma chain and returned to the mainnet.
Plasma chain
Plasma chains, also known as sub-chains, are independently run blockchains built on another blockchain (called root chain/main chain/main network), with independent consensus Mechanism; each sub-chain has a smart contract that can be customized deployed on the root chain; different sub-chains correspond to different contracts on the root chain, therefore, we can use different sub-chains for different tasks. Under the POS consensus mechanism, anyone who pledges tokens in the main network Plasma contract can become the Operator of the Plasma chain;Usually, there are very few nodes in the Plasma chain to process transactions, and the project side often operates a node (Operator) by itself, which will bring new centralization problems.
Deploying contracts on the Plasma chain can build sub-sub-chains, and these different sub-chains can form a layer-by-layer tree-like Plasma network (as shown in the figure below); Plasma uses the MapReduce algorithm to split large computing tasks into small tasks , and then distributed to each sub-chain for calculation, and finally submit the result after layer-by-layer aggregation, so that a large number of complex calculations can be processed quickly and at low cost.
Plasma contracts
Plasma contracts refer to smart contracts running on root chains such as Ethereum, which are used to process user funds in and out of the Plasma chain, are responsible for tracking the state commitments (State Commitments) of the Plasma chain, and punish malicious behavior by submitting fraud proofs.
The data structures within the Plasma contract include:
1) Contract owner (set at initialization)
2) Plasma chain block list: Merkle root and Merkle root submission time of each block
3) The list of transaction requests submitted by users to exit the Plasma chain: including the address of the submitter, UTXO location (Plasma block number, txindex, outindex)
relation
Plasma contracts act as a bridge, allowing users to move assets between the Ethereum mainnet and the Plasma chain. Users can transfer funds from the root chain to the sub-chain, and then the sub-chain handles complex calculations, thereby saving Gas fees. The DApp deployed on the sub-chain does not need to interact directly with the root chain. The status update of the sub-chain only needs to submit the block hash Merkle Root to the root chain, so that the root chain only receives the minimum amount of data, and only needs to be calculated in case of disputes , which can greatly reduce the calculation amount of the root chain.
3.3.2 Timeline
In August 2017, Plasma was first proposed in the white paper Plasma: Scalable Autonomous Smart Contracts written by Vitalik and Joseph Poon, one of the authors of Lightning Network.
In January 2018, Vitalik proposed the first formal Plasma application, Plasma MVP, using the UTXO model and the Proof-of-Authority consensus mechanism.
In March 2018, Vitalik proposed Plasma Cash, which aims to solve the large-scale exit problem in Plasma MVP. To make it easier for users to prove their ownership of tokens, all tokens are represented by NFTs.
In June 2018, Dan Robinson proposed Plasma Debit, which is similar to Plasma Cash. The difference is that each Token is a payment channel between the user and the Operator. The channel can be transferred like a Token. The entire design is similar to a large Lightning hub.
In 2018/11, BANKEX Foundation proposed Plasma Prime, hoping to use RSA accumulators to solve the problem of a large number of historical proofs in Plasma Cash. However, there is no formal and comprehensive document to explain Plasma Prime, and it is still in the conception stage.
At the end of 2018, the price of ETH bottomed out. In the context of disappearing optimism in the encryption field, although Plasma Cash has improved compared to Plasma MVP, it is still not the Visa-level solution promised by Ethereum. Blockchain tree also looks difficult to achieve, so most of the companies developing clients for Plasma Cash have stopped working, and the current development progress is in a semi-finished state, and it seems that Plasma is dead.
Since 2019, the Ethereum community has begun to explore a new layer-2 expansion solution Rollups. We will expand the details in the Rollups section below.
3.3.3 Technical principles
Three core ideas:
Off-chain execution: The assumption of Plasma is that the main network does not need to verify all transactions, and any operation that does not need to move assets into or out of smart contracts can be processed off-chain, so most of the work of Plasma applications is processed outside the main network. Plasma chains often use a single Operator to execute transactions without waiting for the consent of other nodes, which can reduce costs and increase speed, and improve scalability at the expense of some decentralization.
State Commitment: A state commitment is a cryptographic way of storing a compressed version of the state of the Plasma chain. In Plasma, the state commitment refers to the root hash value (Merkle Root) of the Merkle Tree (Merkle Tree) composed of all transactions in a Plasma chain block. Merkle Root can quickly verify whether a transaction is included in a block (through Merkle Proof), so Operators can commit to the current block status by uploading Merkle Root.Although Plasma executes transactions outside the chain, the settlement is performed on the main network, so the Operator needs to regularly release the Merkle Root of the Plasma block on Ethereum as a state commitment to confirm the final state of the off-chain calculation and realize off-chain execution On-chain liquidation.This mechanism of relying on the verification of the main network ensures that Plasma inherits part of the security of the main network.
Withdrawal mechanism: If the user wants to withdraw funds from the Plasma chain, he needs to prove to the Plasma contract on the main network that there are funds that can be withdrawn and the amount is correct. The user can submit a Merkle Proof as a proof. The Merkle Proof can be provided by the Operator, but the Operator has misconduct risk.
The usage process is shown in the figure below:
1. Deposit:To use the Plasma chain, users first need to deposit ETH or any ERC-20 token in Ethereums Plasma contract. When a user deposits funds, a block will be created on the Plasma chain that includes only one transaction, and the Plasma Operator responsible for monitoring the Plasma contract will create an asset of the same amount on the Plasma chain and send it to the user on the Plasma chain address, users can trade on the Plasma chain after receiving funds on the Plasma chain.
2. Transaction:The user confirms each transaction by signing an encrypted message on the Plasma chain, and then the transaction and the corresponding signature are sent to the Operator of the Plasma chain for packaging.
3.Operator:The Operator packs the received transactions into the Plasma chain block. Once the Operator receives enough transactions to fill a block, these transactions will form a Merkle tree. The Operator submits the Merkle root as a state commitment to the block to the Ethereum main network , because only the Merkle root with a small amount of data and a constant data size is submitted, it can greatly reduce the gas fee for submitting to the main network. In addition, the operator submits the hash value of the Plasma chain block of the main chain. If the challenge is successful by any user, the wrong block on the Plasma chain will be rolled back, and the creator of the wrong block will be punished.
4. Exit
4.1 To initiate a withdrawal request:
In order to withdraw assets from the Plasma chain, users need to initiate an exit transaction to the Plasma contract on the main network and submit it together with the Merkle Proof (the Merkle Proof can be obtained through the Operator). The Plasma contract will verify the validity of the Merkle Proof to ensure that the amount is correct and Not double spent.
The user also needs to add a security deposit in the withdrawal request. If a challenger proves that the users withdrawal request is invalid, part of the security deposit will be confiscated as a reward to the challenger.
4.2 To challenge a withdrawal request:
While the Ethereum mainnet has state information for the Plasma chain, it cannot verify that this information is correct. Malicious users may make malicious withdrawal requests. For example, users do not actually have 1,000 ETH on the main network, but claim to have locked 1,000 ETH on the main network, and request to withdraw 1,000 ETH from Plasma, or try to withdraw the assets they have already spent, and provide False certificates to support these false claims.
In order to prevent the above two malicious behaviors, Plasma introduces a challenge period (usually a week). During this period, anyone can submit a fraud proof to the main chain to challenge the validity of the withdrawal request. For example, because a historical transaction has been signed, it can be proved that the funds of the malicious user have been spent in the past and are invalid. If the challenge is successful, the Plasma contract will reject the malicious withdrawal request, and the challenger will be rewarded.
However, if no one provides fraud proof during the challenge period, the users withdrawal request will be considered valid, and assets can be withdrawn from the Plasma contract of Ethereum, which will cause losses to other honest users of the Plasma chain. Sexual flaw.
5. Monitoring the Plasma Chain (cons)
In order to ensure the safety of funds on the Plasma chain, users need to monitor the Plasma chain from time to time. By running a software, the data of the Plasma chain is automatically downloaded periodically to ensure that everything is running correctly; the frequency of data synchronization depends on the parameters set in the Plasma smart contract.
If malicious behavior occurs on the Plasma chain, such as a malicious Operator trying to steal funds, the users wallet will automatically start withdrawing funds from the Plasma chain to ensure the security of the users funds. The design of the system becomes necessary, but the complete mechanism and incentive model have not yet appeared.
3.3.4 Advantages and disadvantages
Due to the above shortcomings, many applications initially use the Plasma scheme to expand, but later give up and turn to the Rollups scheme.
3.3.5 Application
Plasma Group → Optimism(Optimistic Rollup)
In 2017, after Plasma was officially proposed, three Ethereum core developers and researchers established a non-profit research group, the Plasma Group, dedicated to the research of the Plasma framework.
In January 2019, the Plasma Group released a specification for Plasma Cash, and a month later released a general-purpose Plasma architecture in an attempt to deploy Plapps (plasma apps) on a general-purpose Plasma chain. However, with the deepening of research, the shortcomings of Plasma became more and more obvious. Although the technical team made many attempts, general-purpose smart contracts could not run on Plasma, which caused the development of Plasma to stagnate in 2019.
In June 2019, John Adler proposed a design called Minimum Viable Merge Consensus, which enables a fully verifiable off-chain consensus system on Ethereum without zero-knowledge cryptography. Later, the Plasma Group published an extended version of the merged consensus design, now known as Optimistic Rollup.
In January 2020, with the support of $3.5 million from Paradigm and IDEO CoLab Ventures, the Plasma Group transformed from a non-profit research organization to a for-profit start-up company, and Optimism was officially born, which also means that the team officially abandoned research on Plasma and turned to Focus on research on Optimistic Rollup (see Optimistic Rollup section below for details).
OMG Network → Boba Network(Optimistic Rollup)
OMG Network is one of the first Ethereum expansion projects to propose the concept of off-chain expansion, and was once the leading project in this field. In 2013, Omise, a subsidiary of Thai financial payment company SYNQA, was established, and its main business is online payment on the APP side. In 2017, Omise established the blockchain department OmiseGO, and issued $25 million of $OMG tokens in the same year, with a total of 140 million issued.
In June 2020, OmiseGO changed its name to OMG Network and launched its mainnet, using More Viable Plasma technology to expand the capacity of the Ethereum network; More Viable Plasma design is an extension of Minimal Viable Plasma, targeting payment settlement between users and exchanges and value exchange are optimized. Subsequently, Bitfinex announced support for OMG network for USDT deposits and withdrawals.
In June 2021, after the Plasma route faded, OMG Network announced that it would change its name to OMG Foundation, cooperate with Enya to launch Boba Network, and release a new token $BOBA. Boba is an Ethereum L2 solution based on Optimistic Rollup. Since then, the OMG network has ceased to exist, and BobaNetwork has inherited the community of the OMG network.(For the specific content of Boba Network, see the Optimistic Rollup section below)
Polygon (previously Matic Network) → full-stack L 2 solution
In 2017, Matic Network was established. In June 2020, the mainnet will simultaneously release the Ethereum side chain Matic PoS Chain and the Ethereum Plasma solution Matic Plasma Chain. The latter adopts Plasmas off-chain expansion solution and has made a series of improvements on the basis of Plasma. This expansion solution interacts with the Ethereum mainnet through the Plasma bridge, allowing users to transfer assets from the mainchain to the Plasma chain, thereby achieving fast and low-cost transactions. Although the Plasma scheme is more secure than the Matic PoS sidechain, the disadvantage is that it takes a longer waiting time (7 days) for users to withdraw funds from the Plasma network, while the Matic PoS sidechain only takes about 3 hours; in addition, the Plasma chain cannot run Generic smart contracts.
Although the Matic solution improves Plasma More VP, it still cannot solve the most fundamental problems of Plasma, includingUnable to ensure the availability of off-chain data, large-scale exit problems and users need to go through the challenge period, etc.,And the original Plasma research team has gradually turned to the development of Rollup, which makes the breakthrough of the Plasma solution even more difficult.
In February 2021, the Matic brand was upgraded to Polygon, transforming into an aggregator of Ethereums off-chain expansion solutions. In May of the same year, the core component Polygon SDK was released, a modular and extensible framework written in Golang, which is fully compatible with Ethereum. Developers can use languages such as Solidity, Vyper, and Ethereum tools and libraries to directly for development. This is a modular and flexible framework that supports developers to customize and build their own off-chain expansion solutions such as Plasma, Optimistic Rollups, zkRollups, Validium and side chains such as Polygon PoS chains, and allows them to easily communicate across chains and share them directly Ethereum security and network effects. The current expansion plan of Polygon Plasma has been gradually abandoned by the community, and Polygon will focus on the development of Rollup technology. In 2021, Polygon will integrate ZK Rollups in one step through the acquisition of Hermez and Mir Protocol, which is a step closer to the full-stack off-chain expansion solution.(For details, see the ZK Rollups section below)
Summarize:
Summarize:
Plasma is a technical transition solution: subject to the problems of Plasma technology itself, Plasma Group turned to Optimistic Rollup research without waiting for the launch of Plasma-based projects; both OMG Network and Polygon launched the Plasma solution on the mainnet Within a year, the development of solutions based on Optimistic Rollups and ZK Rollups was also quickly transferred; in summary, the applications based on Plasma are lackluster.
3.4 Rollups
3.4.1 Summary
As early as 2014, Vitalik proposed the concept of shadow chain putting transaction data and status on the chain, while computing off the chain. This is the prototype of Rollups, but it seems to have not been taken seriously at the time. Due to Plasmas limited smart contract execution capabilities and mass exit problems, Ethereum researchers began to look for a new scaling solution - Rollups.
In September 2018, V God proposed to use zero-knowledge proof to solve the expansion problem of Ethereum. In June 2019, John Adler, a Consensys researcher and co-founder of Celestia, published an article Minimal Viable Merged Consensus on Ethereum Research, proposing an Optimistic Rollups expansion scheme with a fraud proof with an expiration time. With the hard fork of Ethereum Istanbul in December 2019, the storage cost of calldata dropped by 4 times, the throughput of Rollups was greatly improved, the ecology and various applications on Rollups developed rapidly, and Rollups has also become the current mainstream two-tier network ( Layer 2) One of the expansion solutions.
3.4.2 Technical principles
The core idea of Rollups is to put the calculation process and state storage off the chain, while the state commitment and compressed transaction data are packaged on the chain.
There will be a smart contract on Layer 1, which is responsible for updating the state root (state commitment) of the Rollup transaction and recording the compressed transaction content. Anyone can collect transactions on the second-tier network, aggregate and compress them to form transaction batches (batch), and send them to the contract on the main chain in the form of calldata. This batch includes the compressed transaction set, the Merkle root of the previous block state and the new state root (the state root after processing the transaction). After the main chain contract receives the batch, it will check whether the previous state root matches the state root on the contract. If it matches, it can prove that the Rollup state is connected back and forth, and the contract will update its own state root.
image description
Source: https://vitalik.ca/general/2021/01/05/rollup.html
But how does Rollups ensure the correctness of the uploaded transaction batches? In other words, how do you know that the post-state root in the transaction batch is correct? If someone can submit a batch with an arbitrary post-state root without any consequences, they can transfer all the tokens in the Rollups to themselves. And this problem brings two solutions and the corresponding two types of Rollups:
Fraud proofs → Optimistic Rollups
Validity proofs → ZK Rollups
off-chain virtual machine
The calculation and state storage of Rollups is done on the off-chain virtual machine. This virtual machine completes transaction calculations and state changes, and is also the execution environment for Layer 2 applications.
The main purpose of Ethereum Layer 2 is to expand Layer 1. Therefore, Layer 2 needs to provide an execution environment similar to Layer 1 as much as possible. And this similarity is determined by the Layer 2 virtual machine, also called EVM compatibility.EVM compatibility means creating an EVM-like code execution environment so that Ethereum developers can easily migrate smart contracts to an EVM-compatible chain without having to rewrite the code.
To achieve EVM compatibility, the simplest solution is to fork GETH, such as the BNB chain. But for Rollups, they also need verification of compatible proofs (fraud proofs and valid proofs). Optimistic Rollups can achieve better EVM compatibility, such as Arbitrums Nitro and Optimisms OVM. For the ZK Rollups protocol, effective proof (zero-knowledge proof) is difficult to achieve EVM compatibility, because we needTransform the logic of the smart contract into circuit logic, and the circuit logic itself is very complex and requires zero-knowledge proof of relevant knowledge.Therefore, all current production-grade ZK Rollups protocols are application-specific, such as Loopring, ImmutableX, dYdX, zkSync 1.0, zkSwap.
Who can pack blocks?
Theoretically, anyone can pack a block and upload it to the main chain contract, but in order to prevent evil, this person needs to pledge a sum of money in the contract. If many people package transactions synchronously, but only one block is generated, this will consume additional computing and block resources. Therefore, in order to improve the transaction speed, most of the current Rollups projects use a centralized sequencer (Centralized Sequencer) for packaging transactions; the centralized sequencer is the most efficient, but there will be a single point of failure.
In addition, we can conduct a sorter auction, where the POS verification node randomly selects people or decides who will pack the block through DPoS voting. Sequencer auctions capture MEV value, but do not solve the single point of failure problem. Both POS and DPoS need to lock funds, which reduces the efficiency of fund use.
transaction compression
The compression technique is one of the keys to the scalability of Rollups. Compression reduces the amount of data stored on the chain, thereby reducing costs.
A simple ETH transfer transaction requires ~110 bytes in Ethereum, but only ~12 bytes in Rollups. Part of this is due to encoding, and part of it is due to clever compression techniques. For example, we can store a mapping table of addresses and indexes on the main chain contract, and a 20-byte address can be replaced by a 3-4 byte index. In addition, the BLS ensemble algorithm can compress multiple signatures into one signature, thereby reducing the signature size (in ZK Rollups, zero-knowledge proofs replace signatures).
image description
https://vitalik.ca/general/2021/01/05/rollup.html
transaction cost
We know that the storage cost of Rollup transactions on the chain can be reduced through transaction compression, so what exactly does Rollup transaction cost consist of?
Rollups transaction cost = L 1 data storage cost + L 2 calculation processing cost
Among them, the storage cost of L 1 is far greater than the calculation cost of L 2 , so to save costs, we need to find the most cost-effective storage space on L 1 . There are three data storage locations on Ethereum: memory, storage, and calldata.calldata is an unmodifiable, non-persistent area. calldata can be used to save the input data of the function. It does not change the state of the Ethereum network itself, so the storage cost of calldata is the cheapest.In order to reduce costs, Rollups stores the transaction data in the calldata of the L 1 contract.
The core problem to be solved by Rollups is how to increase the throughput of Ethereum as much as possible without reducing security and decentralization, thereby reducing user transaction costs. From the EIP proposal, we can also see the efforts made by Ethereum in reducing the storage cost on the Rollups chain:
EIP 2028: Calldata gas cost reduced from 68 gas units/byte to 16 gas units/byte
EIP 4488: Calldata gas cost reduced from 16 gas units/byte to 3 gas units/byte
EIP 4844: data blobs: This is a user-defined piece of data that promises to be accessible by the EVM. The blobs are downloaded by all beacon nodes and deleted after a relatively short (one month) delay. The transaction data of Rollups will be placed on data blobs, which will greatly reduce the L 1 storage cost.
transaction throughput
Ethereum has a block size limit. The target size of each block is 15 million units of gas. If the network demand increases, the block limit can be stepped up to 30 million units of gas (2 times the target block size). Here we use the regular 15 million block limit. Currently, the average block generation time of Ethereum is 12 to 15 seconds, and a simple transfer transaction needs to cost 21,000 units of gas. In the following calculations, we assume that the block generation time of Ethereum is 15 seconds.
For the Ethereum mainnet, limited by the block space, the theoretical TPS (transactions per second) can reach 15,000,000 (Gas Limit)/21,000/15 = 47.6.
For Optimistic Rollups, we need to upload the compressed transaction data to the mainnet contract. As mentioned earlier, currently a Rollup transfer transaction is about 12 bytes. The current calldata gas cost is 16 units/byte. Then a block can have 15,0000,000/12/16 = 78,125 transactions. Continuing the above assumptions, the Ethereum block time is 15 seconds, then Optimistic Rollups can process 78, 125/15 = 5, 208 transfer transactions per second.
For ZK Rollups, we also need to consider the verification cost of the zero-knowledge proof on the chain, which is about 500,000 gas units. With the same logic, ZK Rollups can process ( 15 , 000 , 000-500 , 000 )/12/16/15 = 5 , 034 transfer transactions per second.
The above is a rather optimistic estimate (theoretical throughput), because it is impossible for Rollups to occupy the entire block of Ethereum, and it is impossible for all transactions to be transfer transactions.But under the same scale, we can see that Rollups can increase the transaction speed by more than 100 times.
Currently, the TPS limit that Rollups can achieve is around 2,000 transactions.The actual throughput of Rollups depends on how much a batch of transactions can be compressed into smaller digests. Since ZK Rollups does not need to upload all transaction content like Optimistic Rollups, the TPS of ZK Rollups is often higher than that of Optimistic Rollups.
3.4.3 Advantages and disadvantages
3.4.5 Optimistic Rollups
3.4.5.1 Summary
Optimistic Rollups (OPRUs) are a type of Rollups that rely on Fraud proofs to ensure the correctness of transactions executed off-chain. Just like its name, the transactions packaged on Optimistic Rollups are optimistically assumed to be correct, so no extra work is required; only when a dispute occurs, the main chain will execute each transaction on the Rollups block to confirm whether fraud has occurred.
3.4.5.2 Timeline
2018 8
