The lack of security properties of side chains does not mean that they should never be used.
Original title: ” Rollup will become the king of the Layer 2 world, where will the side chain go? 》
Written by: barryWhiteHat, Layer 2 Technical Researcher Translation: Free and Easy
With the first wave of impact caused by the application of decentralized finance (DeFi) on the Ethereum mainnet, the call for “expansion” is undoubtedly getting higher and higher, and its attention can even be compared with the “block expansion” of Bitcoin in the past. After the DeFi hype ebbs, the frequency of the “Layer 2” keyword began to soar. Vitalik himself even proposed an Ethereum roadmap with Rollup (note: the most promising Layer 2 technology currently) as the core at the beginning of this month. In the short and medium term (within the next 2 years), the expansion of Ethereum and DeFi is mainly based on the Rollup Layer 2 network. Currently, leading DeFi projects such as Uniswap, Curve, Synthetix, etc. have proposed to migrate applications to the Rollup Layer 2 network. Network plan.
Obviously, the migration to the Rollup Layer 2 network has become a major trend, and in this irreversible new trend, there are many other Layer 2 solutions that have been high hopes, so where will they go?
This article will focus on sidechains, one of the first Layer 2 solutions proposed.
Introduction
The importance of Layer 2 to Ethereum is growing every week, and everyone knows this.
However, “Layer 2” is an imprecise label. Now when people say “Layer 2”, they often mean “non-Ethereum Layer 1.” However, the way of interacting with Ethereum Layer 1 is very important. All the different solutions considered as “Layer 2” may have completely different attributes.
It can be said that Layer 2 should only refer to certain things with specific attributes (for example, we may all agree that things that exist on AWS are not Layer 2, but some projects can be said to have similar security guarantees, so they are considered Layers. 2). But this may be another topic for discussion.
In this article, I want to delve into the nature of side chains.
A side chain basically refers to a system in which a group of validators checkpoint the latest state of the blockchain to a smart contract. The bridge contract then uses these checkpoints to allow users to deposit and withdraw. In a group of validators, there is usually a leader election process to determine who can create blocks. Examples of leader election mechanisms include Proof of Authority (POA) consensus and Proof of Stake (PoS).
Side chains play an important role in the Ethereum ecosystem. While the research community is still working on better solutions, they have always been a stopgap solution for scalability and usability. Products like xDai emphasize the need for a better user experience, which has penetrated into other areas.
However, sidechains do not have the security properties expected by the broader Ethereum community , but this does not mean that they should never be used . If people who use sidechains are fully aware of the lack of certain attributes and still want to use them, it belongs to them. The trade-off may be worthwhile, but it can be dangerous when people are indifferent to it. The purpose of this article is to provide some information. If everyone knows these attributes, then it will not do any harm, but if it can help people recognize false assumptions, then it makes sense.
What security attributes does the side chain lack? Almost all side chains cannot provide:
1. Anti-censorship ;
2. Finality (Finality) ;
3. Guarantee of funds ;
I hope to discuss these attributes publicly so that everyone benefits.
Anti-censorship
Compared with a well-designed blockchain, the anti-censorship property of the side chain is weaker. This should not be controversial, otherwise the blockchain will not be needed. However, let’s break it down further.
If N verifiers are involved in a side chain, and a transaction can be reviewed as long as M verifiers agree, then NM needs to collude with the number of verifiers in order to review a block. This leads to a delicate balance, that is, it is more difficult to review transactions, which makes it easier to review blocks. Considering that both transaction review and block review are unpopular, this makes it fundamentally difficult for sidechains to have strong anti-censorship properties.
This concern extends to the use of a Proof of Stake (PoS) consensus mechanism. This situation may get worse as the numbers involved are weighted by equity, which means that the number of different entities required to reach a certain threshold may be Even lower.
Data availability guarantee
We know that NM validators can create a block. We also know that in order to verify the new state, all other verifiers need to have data about the entire state. So if NM verifiers are malicious, they can:
- Create a new block:
- Refuse to share data with honest verifiers;
- Effectively remove N-(NM) = M validators from the consensus to control the system;
How likely is this to happen? This obviously depends on the details of many specific situations, but we can start by considering the motivation of a rational verifier to share data with all other verifiers. For traditional proof of authority (PoA), failure to do so may cause reputational damage. The side chain based on Proof of Stake (PoS) may be risky. However, it is not easy to do this, because no one else puts all the data on the chain, it is impossible to prove that some data is unavailable. Does this sound a bit like an optimistic Rollup? Yes, this means that sidechains with better security properties are essentially reduced to optimistic Rollup.
In most side chains, validators will receive some form of payment. For honest verifiers, this reward will be shared among N verifiers. For dishonest verifiers, the same reward is shared between N−(N−M)=M (the most important thing is here M
A general concept to remember is that judging data availability attacks is very difficult. For honest nodes, they are usually indistinguishable from synchronization problems.
Finality (fnalization)
Imagine a series of state transitions as follows:
state1 => state2 => state3
Each of these => involves a set of transactions applied as part of the updated state. The so-called finality means that once applied, a transaction cannot be revoked.
After reaching a consensus through the Ethereum mainnet, the side chain checkpoint block. This might make people think that the finality of the side chain is basically equal to the finality of Ethereum. The specific statement is: “In order to restore the block on the side chain, you need to roll back the block on Ethereum”, but this is not the case.
This is because finality is about restoring transactions, not replacing old states with new ones. Therefore, NM validators can perform the following transformations:
state1 => state2 => state3
(Replace state3 with state1, so that the assumed confirmed state2 can be restored without the need for Ethereum mainnet rollback)
Guarantee of fund ownership on the side chain
Suppose there is a state state1 = (Alice:1000,Bob:0)
So Alice has 1000 and Bob has 0. Now suppose that Bob is malicious and he effectively (or can effectively collude) controls the vast majority of POA verifiers. What will happen?
Then, Bob can simply perform the state transition state1 => state2, where state2 = {Alice:0,Bob:1000}.
This is equivalent to stealing all Alice’s funds and then handing them to Bob’s hands.
Therefore, the defense of the side chain is reduced to: Assume that N-M validators will never be persuaded to deal with this illegal state transition. Many people know this, but I think it is useful to remind everyone.
Now, there may be some people (verifiers) that can be trusted in this way, just as many of us trust different centralized service providers. Sometimes this is worth weighing. It is important to be clear about these trade-offs.
The problems of governance as a defensive measure
Sometimes someone makes the argument: “We can use governance to solve all the problems mentioned so far.”
This is of course flawed, because it basically degrades the entire system into governance.
One reason this argument worries me is that it means that the other attributes of the side chain are furnishings (in this case, why are these attributes required?). For example, if governance is the last retreat to prevent the above problems, it means that Proof of Stake (PoS), Proof of Authority (PoA), etc. are actually not important.
When is the nature of the side chain particularly useful?
In addition to the auxiliary properties of sidechains, such as faster block time leading to better UX (in fact, databases also have this advantage), in some cases, the specific properties of sidechains can be said to be particularly suitable. E.g:
- If you specifically want N−M validators to be able to perform arbitrary state transitions. An example is an enterprise application that wants to have a master control switch;
- When M = 0, and you want N validators to be able to perform arbitrary state transitions (for example, in a four-party game). Although one problem here is that one verifier can unilaterally stop the blockchain;
Final thoughts
In the past, side chains were the only viable solution for certain use cases that wanted to maintain Ethereum compatibility and interoperability. And now, as other Layer 2 expansion solutions become mature, now is a good time to consider how to make side chains more compatible with these solutions.
Finally, some additional features/attributes are good for sidechains, including:
- Large-scale migration can be realized without cost to ensure that users can withdraw without being “stuck” due to cost;
- Replace the leader election mechanism with a more powerful anti-censorship function (Proof of Rights PoS seems to be a wrong direction, see here);
- The coordinator is required to put the difference between the two states on the chain;
- Add fraud proof to prevent illegal state transition;
As Optimistic Rollup technology and optimistic VM (OVM) mature, the trade-off space of the project will change. Therefore, now seems to be a good time to update the sidechain properties and related trade-offs.
Thanks to Albert Ni for reviewing and discussing this article.
Source link: ethresear.ch
