Original title: Correcting Buterins imprecise remarks on DA issues and anti-censorship withdrawals
Original author: Faust
Original source: Geek Web3
On January 16, 2024, under a tweet initiated by Daniel Wang, founder of Ethereum Layer 2 project Taiko, interacting with Zeng Jiajun, founder of AA wallet Soul Wallet,Vitalik said: The key to Rollup is unconditional security: even if you are targeted by everyone, you can still take the assets away. This cannot be done if DA relies on external systems (outside Ethereum).
Escape pod: “Safe withdrawals without conditions” according to Viatlik
Because Vitalik talked about his views on Validium in the second half of this tweet (Validium refers to the second layer of ZK that does not use Ethereum to implement DA data release), it attracted a lot of attention (previously there were rumors that the Ethereum Fund Will think Layer 2 =Rollup).
(It needs to be emphasized:The DA concept discussed in the Ethereum community refers to whether you can obtain newly generated data from Layer 2, not whether you can retrieve historical data from long ago.If new data is not released on the Ethereum chain, Layer 2 nodes may not be able to successfully parse the latest L2 block)
However, the Ethereum Layer 2 Definition Debate and DA War have long been heard by countless people. This article does not intend to make any discussion on such topics.Aiming to focus more energy on the first half of Vitaliks speech,That’s what was said at the beginning of this article.
Vitalik stated here that Rollup can implement trustless censorship-resistant withdrawals. Even if all Layer 2 nodes do not cooperate with you, you can still withdraw your assets from Layer 2; and,He pointed out that only rollup can achieve this kind of unconditional safe withdrawal, while Layer 2, which relies on other DA data release methods, cannot do this.
But in fact,Vitaliks remarks were not rigorous.
First of all, only assets that are bridged from Layer 1 to Layer 2 can be crossed back to the ETH chain. Pure Layer 2 native assets cannot be crossed to Layer 1 (unless the Layer 2 native assets deploy a bridging asset contract on Layer 1).
If, as Vitalik said, everyone is targeting you,You can withdraw up to L1-L2 bridging assets.But I cannot withdraw my Layer 2 native Token.At this time, it is useless whether you use ordinary withdrawal, forced withdrawal, or Escape Hatch.
Secondly, safe withdrawal without conditions does not have to rely on the DA system.The early Layer 2 solution before Rollup, Plasma, which implements DA data release under the Ethereum chain, when the DA system fails (that is, data withholding occurs, other than the sequencer/committee, no one else can receive new transaction data/status) Conversion information), also allows users to submit asset certificates through historical data and escape Layer 2 safely.
In other words, Plasma’s safe withdrawals have no dependence on the DA system.Censorship-resistant withdrawals do not have to rely on the DA system (but historical data must be available); moreover,These words were said personally by Dankrad of the Ethereum Foundation (the proposer of Danksharding),At the same time, it is universally accepted.
Refer to Geek Web3s past articles: Data Withholding and Fraud Proof: Reasons why Plasma does not support smart contracts
Secondly, leaving aside Celestia and Blobstream, the data retention/DA failure problem can be solved even without using ETH as the DA layer. Let’s just talk about the “data availability challenge” that the Arbitrum team and the Redstone team are implementing, allowing the sequencer to only publish a DA Commitment (actually a datahash) on the chain, stating that the data has been released off the chain. If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain.
This mechanism design is very simple.And there is no need to rely on third-party DA such as Celestia, Avail or EigenDA. The Layer 2 project party only needs to set up the off-chain DAC node by itself.Can be called the Celestia killer.
Below, the author intends to interpret what Vitalik calls safe withdrawals without conditions and the data availability challenges he did not mention, and tries to tell you:Why are third-party DA projects such as Celestia, Avail, and EigenDA not a must for Layer 2 of DA offchain that pursues security?
Furthermore, we have previously statedBitcoin Layer 2 Risk Assessment IndicatorsIn the article,When it comes to censorship-resistant withdrawals, which are more basic and critical than the DA system, today’s article will further explain this point of view.
In fact, Vitalik’s words are not difficult to scrutinize.Were talking about ZK Rollups escape pod.Escape Hatch, also known as Escape Hatch, is a withdrawal mode that is triggered directly on Layer 1.Once this mode is triggered, the Rollup contract will enter a frozen state.Reject new data submitted by Sequencer, andAllow anyone to present Merkle Proof to prove their asset balance on Layer 2, and transfer their own assets from the Layer 2 official bridge deposit address.
Furthermore,The escape hatch mode is a trustless withdrawal mechanism that can be manually triggered by the parties on Layer 1 after a users transaction has been rejected by the Layer 2 sequencer for a long time.
However, before activating the escape hatch mode, users who are rejected by the sequencer must first call the forced withdrawal function in the Rollup contract on Layer 1, initiate a forced withdrawal request, and throw an event to let the Layer 2 node know: Someone initiated A forced withdrawal request was made.
Since all Layer 2 nodes will run the Ethereum geth client and receive Ethereum blocks, they can monitor the triggering of the forced withdrawal event.
If the forced withdrawal request is ignored for a long time, the user can actively trigger the escape hatch mode (the default waiting period of Loopring protocol is 15 days, and the StarkEx plan is 7 days). Then, the operation process is as discussed at the beginning of this article. The user submits the Merkle Proof corresponding to his own assets to prove his asset status in Layer 2, and then withdraws the assets from the Rollup related contract.
But to construct Merkle Proof, you need to know the complete L2 state first.Looking for an L2 full node to request data. If the extreme situation Vitalik mentioned happens and there are no Layer 2 nodes to cooperate with you,You can start a Layer 2 full node yourself and obtain the historical data published by the L2 sorter to Ethereum through the Ethereum network.Synchronize one by one from the Layer 2 genesis block until the final state is calculated and the Merkle Proof is constructed, then you can safely withdraw funds through the escape hatch.
Obviously, the censorship resistance at this time is equivalent to Ethereum/Layer 1 itself.As long as there is an Ethereum full node that provides you with historical data from a long time ago, it is close to trustlessness.
However, after EIP-4844, all Ethereum nodes will automatically lose some historical data, so that historical data of Layer 2 for more than 18 days will no longer be backed up by the entire ETH node network. By then, the censorship resistance of escape hatch withdrawals will no longer be as good as it is today. This is close to Trustless.
After 4844, we need to trust that a relatively limited number of Ethereum nodes that store all historical data are willing to provide data to you (Layer 2 native nodes are often very few, so we will not consider them for the time being). By then,Layer 1 historical data can be retrieved/Layer 2 The trust assumption of escape hatch withdrawal will change from Trustless or 0 today to 1/N, that is, it is assumed that 1 out of N nodes can provide you with data.
The EthStorage team seems to be committed to expanding this N to encourage more nodes to store historical data from long ago. If the denominator of 1/N is large enough, the score is still close to 0, which is close to no trust assumption being introduced. This may be an appropriate solution to the problem of historical data retrieval after 4844.
The relationship between escape pods and DA – Validium’s ransomware attack
Here we summarize again:The escape hatch allows you to prove your Layer 2 asset status through Merkle Proof, and make trustworthy withdrawals on Layer 1.
The reason why Vitalik mentioned that the security of assets involved in withdrawals requires DA as a prerequisite is mainly because the Validium solution canData Withholding AttackAnd cannot withdraw money. (Only stateroot is released, and the corresponding transaction data is not released).
The specific principle is: the sequencer may hold on to the transaction data and only publish a Merkle Root (Stateroot) to the Ethereum chain, and then through validity proof, try to make the new Stateroot pass the verification and become the current legal Stateroot.
At this time, everyone does not know the complete status corresponding to the legal Stateroot, and cannot construct the corresponding Merkle Proof to initiate the escape hatch withdrawal.You cant withdraw money unless the sequencer is willing to release the data to you. This is vividly called a ransom problem by a technical director at Arbitrum (I personally prefer to call it a ransom attack).
However, the reason why DA’s Validium off-chain is prone to “ransomware attacks” is because its own mechanism design is not perfect enough.If a challenge mechanism related to withdrawal behavior is introduced, or a data availability challenge is introduced, the problem of ransomware attacks can theoretically be solved.
By the way, as mentioned earlier, allows users to withdraw funds through historical data from long ago.With Plasma, there will be no “ransomware attacks” like Validium.And Plasma is also DA off-chain (off-chain DA + on-chain verification of fraud proof).
References:Data Withholding and Fraud Proofing: Why Plasma Doesn’t Support Smart Contracts
Therefore, censorship-resistant withdrawals/escape hatches do not necessarily rely on DA, everything depends on the mechanism design of the withdrawal process.The reason why Vitalik believes that censorship-resistant withdrawals are bound to DA is because he started from existing solutions such as Validium and smart contract Rollup, and already had a fixed mindset in his mind.
But this does not mean that all DA offchain Layer 2s in the world face the same problems as Validium.It does not mean that smart contract rollup is the end of everything, innovation may happen at any time (such as the data availability challenges mentioned later).
On the other hand, if your Layer 2 solution does not consider designs such as escape hatches and anti-censorship withdrawals from the beginning, your Layer 2 will definitely not be trustworthy/safe enough.In other words, a good DA and proof system are sufficient conditions for achieving censorship-resistant withdrawals, but they are not necessary conditions.
Therefore, in our previous article, we mentioned that in the Layer 2 barrel effect, anti-censorship withdrawal is a more basic shortcoming than DA and proof systems, and there is a reason.
References:Using the barrel theory to dismantle Bitcoin/Ethereum Layer 2 security model and risk indicators
Celestia Killer: Data Availability Challenges at Arbitrum and Redstone
After talking about the relationship between the escape hatch and DA, lets look back at DA itself: Layer 2 does not have to publish DA data to Ethereum to avoid data withholding by the sequencer.
Redstone, Arbitrum, Metis, etc. are all developing a data availability challenge mechanism, which allows the sequencer to only publish DA Commitment (datahash) + Stateroot on the chain, stating that the state transition parameters (transaction data) have been published off-chain.If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain.
If the sequencer fails to publish data on the ETH chain in time after being challenged, the datahash/commitment it previously published will be considered invalid, and the associated stateroot will also be invalid.Obviously, this directly solves the data withholding problem (only the stateroot is released, and the corresponding transaction data is not released).
Obviously, this presents an additional data availability challenge compared to Layer 2 of DA offchains such as Validium and Optimium.But such a simple design is enough to create strong competition against Celestia, Avail, EigenDA, etc.Setting up a DAC yourself introduces data availability challenges, and you no longer need to rely on Celestia.
But relatively,Data availability challenges also have economic issues that need to be addressed.The founder of ZkSync pointed out during the battle with Arbitrum’s technical director,Data availability challenges are theoretically vulnerable to DoS attacks.For example, the sequencer quickly publishes thousands of DA commitments on the chain, and then withholds the corresponding complete data without publishing it. It can drain all challenger funds in this way and then issue an invalid block, stealing user assets.
Of course, this assumption is too extreme,The essence is a game theory problem between the offensive and defensive sides.And in fact, the sequencer is more vulnerable to DOS attacks by malicious challengers and degrades into Rollup after being challenged continuously. The game situation between the offensive and defensive sides surrounding the data availability challenge is actually very interesting, and the corresponding mechanism design will also fully test the wisdom of Arbitrum, Redstone, and the Metis project team (this topic can be written separately).
But in any case, the data availability challenge will bring more innovation to the design of Layer 2 DA solutions, and this solution will also make a significant contribution to the Bitcoin Layer 2 ecosystem.
