From: AdamISZ <AdamISZ@protonmail.com>
To: John Light <bitcoin-dev@lightco.in>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Validity Rollups on Bitcoin
Date: Wed, 02 Nov 2022 17:19:23 +0000 [thread overview]
Message-ID: <WJ0jiInq_I_IiiT8EiAZZN6axo2pSIRCxQWfyvgU-4rjRmeHnCXFNGWFSXoeOv7nVmqoAPr6EHeXRgc-1DfiPX3C8xHwdYzs2qn4Lck06fs=@protonmail.com> (raw)
In-Reply-To: <224cf2f4-2577-4331-9977-ea71e9723ffe@app.fastmail.com>
Hi John,
Sorry for late feedback. Very much appreciated the in depth report!
So, I second Greg's main question, which I've really been thinking about a bit myself since starting to research this area more: it feels like the Bitcoin protocol research community (or, uh, some of it) should focus in on this question of: what is the minimal functionality required onchain (via, presumably soft fork) that enables something close to general purpose offchain contracting that is provable, ideally in zero knowledge, but at the very least, succinctly, with onchain crypto operations. An example might be: if we had verification of bilinear pairings onchain, combined with maybe some covenant opcode, does it give us enough to do something like a rollup/sidechain model with full client side computation and very compact state update and verification onchain? (To be clear: just made that up! there is certainly no deep theory behind that particular combination .. although I did see this [1] thread on *optimistic* + covenant).
Is the actual answer to this something like Simplicity? (Above my paygrade to answer, that's for sure!)
Ideally you would want (don't laugh) for this to be the 'soft fork to end all soft forks' so that innovation could all be then in higher layers.
As to rollups themselves: centralization in the sequencer/publisher of state updates seems to be a really big issue that's somewhat brushed under the carpet. Depending on the model, there are cases where it actually is a theft risk (e.g. full control of an onchain smart contract), but there's significant censorship risk at the very least, as well as availability/uptime risk. At the extreme, Optimism has a 'security model' [3] that is frankly laughable (though, no doubt it's possible that will radically change) and for things like Arbitrum you have centralized sequencers, where the claim is that it will migrate to a more decentralized model; maybe, but that's a huge part of the challenge here, so while it's nice to see the sexy 'fast, cheap, scale' aspect straight away, I feel like those models haven't done the hard part yet. I also think these optimistic L2 models have a 'fake finality' issue from my perspective; the delay needed onchain is how long it takes to *really* confirm. (e.g.: rollups look cool compared to sidechains from the pov of 'instant' instead of confirmations on a chain, but that seems a bit sleight-of-hand-y).
It's notable to compare that with a payment-channels style L2 where decentralization and trustlessness are sine-qua-non and so the limitations are much more out in the open (e.g. the capacity tradeoff - while the 'instantness' is much more real perhaps, with the appropriate liveness caveat).
For the validity rollups, some of the above qualms don't apply, but afaik the concrete instantiations today still have this heavy sequencer/publisher centralization. Correct me if I'm wrong.
In any case, I do agree with a lot of people that some variant of this model (validity rollups) intuitively looks like a good choice, for the future, in comparison with other possible L2s that focus on *functionality* - with a mild censorship and centralization tradeoff perhaps.
And I'm maybe a bit heretical but I see no issue with using 1 of N security models for trusted setup here (note how it's probably different from base chain), so PLONK type stuff is just as, if not more, interesting than STARKS which aiui are pretty big and computationally heavy (sure, maybe that changes). So if that's true, it comes back to my first paragraph.
Cheers,
AdamISZ/waxwing
[1] https://nitter.it/salvatoshi/status/1537362661754683396
[3] https://community.optimism.io/docs/security-model/optimism-security-model/
Sent with Proton Mail secure email.
------- Original Message -------
On Wednesday, October 12th, 2022 at 16:40, John Light via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Wed, Oct 12, 2022, at 9:28 AM, Greg Sanders wrote:
>
> > Is there a one page cheat sheet of "asks" for transaction
> > introspection/OP_ZKP(?) and their uses both separately and together for
> > different rollup architectures?
>
>
> We do not have this yet. Trey Del Bonis wrote a more detailed technical post about how those components would be used in a validity rollup, which was cited in my report and can be found here:
> https://tr3y.io/articles/crypto/bitcoin-zk-rollups.html
>
> But it'll take more research and design work to suss out those details you asked for and put them into a nice cheatsheet. I like this idea though!
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
next prev parent reply other threads:[~2022-11-02 17:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-11 15:40 [bitcoin-dev] Validity Rollups on Bitcoin John Light
2022-10-12 13:28 ` Greg Sanders
2022-10-12 15:40 ` John Light
2022-11-02 17:19 ` AdamISZ [this message]
2022-11-04 19:53 ` Trey Del Bonis
2022-11-04 20:29 ` Russell O'Connor
2022-11-04 23:07 ` ZmnSCPxj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='WJ0jiInq_I_IiiT8EiAZZN6axo2pSIRCxQWfyvgU-4rjRmeHnCXFNGWFSXoeOv7nVmqoAPr6EHeXRgc-1DfiPX3C8xHwdYzs2qn4Lck06fs=@protonmail.com' \
--to=adamisz@protonmail.com \
--cc=bitcoin-dev@lightco.in \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox