This document proposes a design for a decentralised and permissionless protocol for cross-rollup data communication. Such data communication can have multiple use cases and applications, including, but not limited to decentralised cross-rollup oracles and bridges. Throughout this paper, the cross-rollup data communication is abbreviated as CRC.
The document reviews existing cross-chain communication methods, light client specifications, and implementations in order to draw conclusions for the proposed CRC protocol. Additionally, this document elaborates on the economic incentives for the actors inside CRC, presents a CRC message flow, and reviews the security and scalability implications of the protocol.
This paper proposes the creation of public good, permissionless protocol for cross-rollup communication, completely aligned with the Ethereum Foundation rollup-centric future and supporting the Ethereum community. The creation of a public good infrastructure involves and requires the participation of multiple unrelated parties and forming it into a collective. It is the intention of the author to help facilitate the creation of both the infrastructure and the social collective around this initiative.
Rollups are a layer-2 scaling solution for blockchain networks that aim to increase the throughput of a blockchain by reducing the amount of computation that needs to be executed. The L2 constructs allow for transactions to be safely considered "valid" without executing them on L1.
Rollups allow a group of transactions to be bundled together and represented by a single transaction on the main chain. This reduces the amount of data that needs to be processed and stored on the main chain, leading to higher L1 throughput and lower fees.
Rollups offer a way to scale blockchain networks potentially without sacrificing decentralisation or security. They derive their security from the fundamentally slower and costlier, but more secure main chain. Based on the way L1 validates the L2 execution two types of rollups emerged - Optimistic and Zero-Knowledge(ZK) rollups.
On a high level, the Optimistic roll-ups take an “innocent-until-proven-guilty” stance. Once a rollup data (called block) is posted to the L1, it is considered valid, however, a grace period exists where any actor can post proof of fraud - fraud-proof.
ZK roll-ups take the reverse “invalid-until-proven-otherwise” stance. Rollup blocks are only finalised on L1 once a validity proof is posted. This proof is normally in the form of ZK proof, hence the name of the rollups.
Computational Integrity models such as SNARKs and STARKs are constructs that allow one party (prover) to prove to another party (verifier) that an execution trace (computation) is executed correctly, without requiring the verifier to fully re-execute it.
SNARKs - Stand for succinct non-interactive arguments of knowledge. The succinctness comes from the fact that the complexity to verify the computation scales poly-logarithmically in n (e.g $O(log^k n)$) compared to re-executing the full computation which is linear.
STARKs - Stand for scalable transparent arguments of knowledge. The scalable comes from the fact that the complexity to generate a proof for a computation scales quasi-linearly in n (e.g $O(n log^k n)$) **and simultaneously the complexity to verify the computation scales poly-logarithmically in n.
Historically, SNARKs and STARKs emerged in the 80s, as a possible solution for the verification of computation of the work done by super-computers using consumer-grade personal computers. Due to the exponential advancements in hardware (Moore’s law), this work was mostly stale until recently. The “slow” processing capabilities of major blockchains (mostly driven by Ethereum), have reignited the interest in SNARKs/STARKs as a scalability solution.
SNARKs/STARKs can be used in a variety of applications, including privacy-preserving protocols, verifiable computations, and proving knowledge of a secret. They are particularly useful in blockchain and cryptocurrency applications, where they can be used to enable private transactions, verify the authenticity of ownership, or ensure the correctness of smart contracts execution.
A particular variety of SNARKs - Zero-Knowledge (zk) SNARKs - have garnered a lot of attention in the blockchain space. zkSNARKs are a process of generation of an artefact (i.e. proof) that allows the prover to attest to the verifier that a statement is truthful, without revealing any additional information beyond the fact that the statement is truthful.
zkRollups base their validity proofs on Computational Integrity proofs. Actors, known as sequencers, perform the execution of the roll-up transaction off the main chain and post the necessary artefacts on the main chain. Other actors, known as provers, generate proofs that the sequencers did (or did not) perform the execution of the roll-up transactions correctly. The provers, submit the proofs to the main chain to verify them. Keep in mind that the verification process is extremely efficient and cheap in comparison to the execution of the transactions themselves due to the succinct/scalable properties of SNARKs/STARKs.