Original Title: "Deconstructing the Bitcoin/Ethereum Layer2 Security Model and Risk Indicators with the Barrel Theory"

Original Authors: Faust & Misty, Geek Web3 / Advisor: Kevin He (@0xKevinHe), VP of Technology at New Fire Technology

Introduction: American management theorist Lawrence Peter proposed the "barrel theory", which holds that the overall performance of a system is limited by its weakest component. In other words, the amount of water a barrel can hold is determined by its shortest plank. Although this principle is simple, it is often overlooked. Previous debates on Layer2 security have mostly ignored the priority and importance of different components, focusing mainly on reliability of state transitions and DA issues, but neglecting more fundamental and important factors. Therefore, when we discuss complex systems with multiple modules, we need to first identify the "shortest plank". Inspired by the barrel theory, after conducting a system analysis, we found that there are also obvious dependencies among different components in the Bitcoin/Ethereum Layer2 security model, or in other words, the security of certain components is more fundamental and important than that of others, i.e. "shorter". Based on this, we can preliminarily prioritize the importance/fundamental level of different components in mainstream Layer2 security models as follows:

1. Is the control authority of the contract/official bridge reasonably decentralized (with multi-signature control not too centralized)?

2. Does it have anti-censorship withdrawal functions (forced withdrawal, escape pod)?

3. Is the DA layer/data release form reliable (is the DA data released on Bitcoin or Ethereum)?

4. Have reliable fraud proof/validity proof systems been deployed on Layer1 (Bitcoin L2 requires BitVM)?

I moderately absorb the research results of the Ethereum community on Layer2, avoiding dogmatism

Compared to the highly organized Ethereum Layer2 system, the Bitcoin Layer2 is like a brand new world. This new concept, which has become increasingly important after the NFT craze, shows a rising trend, but its ecosystem is becoming increasingly chaotic and chaotic. Layer2 projects are emerging one after another like mushrooms after rain, bringing hope to the Bitcoin ecosystem, but deliberately concealing their security risks. Some even claim to "deny Ethereum Layer2 and take a unique path in the Bitcoin ecosystem", showing a trend of extremism.

Considering the functional differences between Bitcoin and Ethereum, it was inevitable that Bitcoin Layer2 would not align with Ethereum Layer2 in the early stages. However, this does not mean that we should completely reject the industry consensus on Ethereum and even modular blockchain, which has long been established (referring to the "Lysenko affair" of the former Soviet biologist Lysenko, who persecuted Western genetics supporters on ideological grounds).

On the contrary, these evaluation standards that were obtained through great efforts by "predecessors" have already demonstrated strong persuasiveness after being widely recognized. Deliberately denying the value of these achievements is not a rational move.

While building the Bitcoin Layer2, we should fully understand the significance of "learning from the West and applying it to the East", and moderately absorb and optimize many conclusions from the Ethereum community. However, when borrowing viewpoints from outside the Bitcoin ecosystem, we need to be aware of the differences in their starting points and ultimately achieve unity in diversity.

This is like exploring the similarities and differences between "Westerners" and "Easterners". Regardless of whether they are Western or Eastern, the suffix "人" expresses many similar characteristics, but when corresponding to the different prefixes of "Western" and "Eastern", there may be differences in the subdivision of features. But ultimately, there is bound to be overlap between "Westerners" and "Easterners", which means that many things that apply to Westerners also apply to Easterners, and many things that apply to "Ethereum Layer2" also apply to "Bitcoin Layer2".

Before distinguishing the differences between Bitcoin L2 and Ethereum L2, it may be more important and meaningful to clarify the interconnection between the two.

Adhering to the principle of "seeking common ground while reserving differences", the author of this article does not intend to explore "what is Bitcoin Layer2, and what is not" because this topic is highly controversial, and even the Ethereum community has not reached an objective consensus on "what is Ethereum Layer2 and what is not Layer2".

However, it can be certain that different technical solutions bring different scalability effects to Bitcoin, and their security risks vary. The trust assumptions in their security models will be the focus of this article.

How to understand the security and evaluation criteria of Layer2

Actually, the security of Layer2 is not a new topic of discussion. Even the term "security" itself is a compound concept that includes multiple sub-attributes.

Previously, the founder of EigenLayer simplified "security" into four elements: "transaction irreversibility (anti-rollback), anti-censorship, reliability of DA/data release, and effectiveness of state transition".

(EigenLayer founder expressed his views on how client verification/sovereign Rollup solutions inherit the security of the Bitcoin mainnet)

Meanwhile, L2BEAT and Ethereum community OG have proposed a relatively systematic Layer2 risk assessment model. Of course, these conclusions are aimed at smart contract-based Layer2, not typical non-smart contract-based Layer2 such as sovereign Rollup and client verification.

Although this is not 100% applicable to Bitcoin L2, it still contains many commendable conclusions. Most of its viewpoints have been widely recognized in the Western community, which makes it easier for us to objectively evaluate the risks of different Bitcoin L2 solutions.

(Vitalik has stated that due to the inability of the Rollup solution to achieve theoretical perfection in the early stages of its launch, it is necessary to use some auxiliary means to improve security, and these auxiliary means are called "helper rounds" and will introduce trust assumptions. These trust assumptions are risks.)

So where do security risks come from? Considering the current situation, whether it is Ethereum Layer2 or Bitcoin Layer2, many rely on centralized nodes to act as sorters or committees composed of a small number of nodes. If these increasingly centralized sorters/committees are not restricted, they can steal user assets and run away at any time, refuse user transaction requests, and freeze assets. This involves the validity of state transitions and resistance to censorship mentioned by the founder of EigenLayer earlier.

Meanwhile, due to the fact that Ethereum Layer2 relies on contracts on the ETH chain for state transition verification and deposit/withdrawal verification, if the contract controller (which is actually the Layer2 official) can quickly update the contract logic and mix in malicious code segments (such as allowing a specified address to transfer all the tokens locked in the L1-L2 deposit/withdrawal contract), they can directly steal the assets under custody. This is attributed to the "contract multi-signature allocation problem", which also applies to Bitcoin Layer2, as Bitcoin Layer2 often relies on "notary bridges" and requires multiple nodes to release cross-chain requests through multi-signatures, so there is also a problem of how to reasonably allocate multi-signatures on Bitcoin Layer2, which we can even regard as the most basic "auxiliary wheel" on Bitcoin Layer2.

In addition, DA (Data Availability) is also extremely important. If Layer2 does not upload data to Layer1 and instead chooses some unreliable DA publishing venues, if this off-chain DA layer (generally referred to as the DAC Data Availability Committee) conspires to refuse to publish the latest transaction data to the outside world, data withholding attacks will cause the network to be scrapped and may make it difficult for users to withdraw funds smoothly.

L2BEAT has summarized and identified several key elements in the Layer2 security model regarding the aforementioned issues:

1. State Validation - verifying/proving the reliability of a system.

https://mp.weixin.qq.com/s/EheKZWDcJHYZ7vBZZPOMDA）

Of course, given that many Bitcoin Layer2 solutions currently operate in a form similar to sidechains, effectively implementing a decentralized sorter, it can to some extent solve the issue of censorship resistance. However, this is only an effective auxiliary measure and certainly not the ultimate solution.

ps: Some Layer2 solutions, such as Validium, have imperfect mechanisms in their escape pod design. When the sequencer initiates a data withholding attack/DA is unavailable, it can prevent users from withdrawing funds. However, this is due to the imperfect design of the Layer2 escape pod. In theory, the optimal escape pod withdrawal can rely solely on historical data without depending on the availability of DA/new data.

The third shortest board: The reliability of DA layer data release

Although DA is referred to as data availability in the industry, it actually refers to data publishing. The term DA/data availability is a misnomer coined by Vitalik and Mustafa without much consideration when they first named this concept.

Data release, as the name suggests, refers to whether the latest block/transaction data/state transition parameters can be successfully received by those in need. The reliability of data release varies on different chains.

(Reference: Misconceptions about Data Availability: DA = Data Release ≠ Historical Data Retrieval)

https://mp.weixin.qq.com/s/OAM_l4Pe9Gphn8H55OZUtw）

The Western community generally believes that Bitcoin, Ethereum and other well-known public chains are the most trusted DA layers. If the Layer2 sorter releases new data on Ethereum, anyone who runs the Ethereum Geth client can download and synchronize this data with almost no obstacles, thanks to the huge scale of the Ethereum network and the numerous public data sources.

It is worth mentioning that Ethereum Rollup will require the sorter to publish transaction data/state transition parameters on Layer1, which is ensured through proof of validity/fraud proof.

For example, after the sorter of ZK Rollup publishes transaction data on Layer1, it triggers contract logic to generate a datahash, and the validator contract needs to confirm that the validity proof submitted by the Proposer corresponds to the datahash.

This is equivalent to: confirming that the zk proof and stateroot submitted by the Proposer are associated with the Tx data submitted by the Sequencer, that is, New Stateroot=STF(Old Stateroot, Txdata). STF is the state transition function.

This ensures that the state transition data/DA is forcibly put on the chain. If only the stateroot and validity proof are submitted, they will not pass the verification of the validator contract.

Regarding which is more fundamental between the DA data release and proof verification system, the Ethereum/Celestia community has already had extensive discussions, and the general consensus is that the reliability of the DA layer is more important than the completeness of the fraud proof/validity proof system. For example, solutions such as Plasma, Validium, and Optimium, which have the DA layer under the Ethereum chain and the settlement layer on top of the Ethereum chain, are susceptible to "data withholding attacks". This refers to situations where:

Sequencer/Proposer can conspire with DA layer nodes off the ETH chain to update the stateroot on Layer1, but withhold the input parameters corresponding to state transitions from being released, making it impossible for outsiders to determine whether the new stateroot is correct, becoming "blind with eyes open".

If this happens, the entire Layer2 network is essentially scrapped because you have no idea what the Layer2 ledger looks like. If it is a fraud-proof Layer2 (Plasma and Optimium), the sequencer can arbitrarily rewrite data/assets under any account; if it is a validity-proof Layer2 (Validium), although the sequencer cannot easily rewrite your account, the entire Layer2 network becomes a black box at this time, and no one knows what happened inside, which is no different from being scrapped. Therefore, the mainstream Layer2 solutions in the Ethereum ecosystem are basically Rollup, and Validium and Optimium are often not recognized by the Ethereum Foundation.

）

（Reference: Data withholding and fraud proof: Reasons why Plasma does not support smart contracts）

https://mp.weixin.qq.com/s/oOPZqIoi2p6sCxBdfUP4eA

Therefore, the reliability/availability of the DA layer's state transition parameters is more important and fundamental than the completeness of fraud-proof/validity-proof systems. For Bitcoin Layer2, especially for Layer2 based on client-side verification models, even if there is no fraud-proof/validity-proof verification system set up on Layer1, as long as the DA layer works normally, everyone can still know the state transition of the L2 network if an error occurs.

Currently, it is difficult to verify the fraud proof/validity proof of the Bitcoin mainnet (not discussing BitVM here). Let's assume that the Bitcoin L2 does not have a proof verification system. Ideally, even if the L2 sequencer is malicious and publishes a stateroot that is not related to the DA data on the settlement layer/BTC, it cannot actually steal user assets in a meaningful way because the stateroot/state transition results submitted unilaterally will not be recognized by honest nodes, and it may just be self-indulgent in the end.

(As long as the nodes operated by the peripheral facilities providers such as exchanges and cross-chain bridges within the ecosystem do not collude with the sorter, the sorter cannot quickly cash in on the stolen assets by publishing incorrect data. Afterwards, as long as one honest node discovers that something is wrong and issues an alert at a critical moment, it can be corrected through social consensus. However, the cost of social consensus itself is very high and cannot take effect immediately.)

If it is a model similar to a sidechain, most nodes conspire to execute malicious state changes, and people can quickly discover the problem. As long as third-party facilities such as cross-chain bridges and exchanges do not recognize erroneous data, the malicious controllers of Layer2/sidechains cannot successfully cash out unless they persuade others to conduct OTC transactions with them directly on the chain.

(Viatlik pointed out in the article that client verification is the true foundation for ensuring the security of the blockchain network, Verify by yourself)

Here is an interesting point, both Ethereum Layer2 and Bitcoin Layer2 can achieve "client-side verification". However, Ethereum Layer2, based on client-side verification, relies on Layer1 and proof verification systems to ensure the validity of state transitions, and does not need to rely on social consensus (provided that there is a mature fraud proof/validity proof system).

Bitcoin Layer2's "client verification" solution often has a strong dependence on "social consensus", which can bring corresponding risks (for Bitcoin Layer2, this security risk is basically controllable, but it may still cause some people to lose assets. For Ethereum Layer2, because its official bridge requires proof of system cooperation, if the proof system is not perfect, the sequencer can steal user assets and run away to L1. Of course, the specific design of the cross-chain bridge components needs to be considered).

Therefore, a Layer2 system that can implement fraud proof/validity proof verification on Layer1 will always be much better than a simple "client-side verification" model.

PS: Due to the fact that most Bitcoin Layer2 solutions use fraud-proof/validity-proof systems, Layer1 cannot directly participate in the proof verification process. Therefore, its essence is still treating Bitcoin as a DA layer, and its security model is equivalent to "client-side verification".

Theoretically, it is possible to verify fraud proof on the Bitcoin chain through the BitVM solution on Layer1. However, the implementation of this solution is very difficult and will face significant challenges. Considering that the Ethereum community has already had extensive discussions on proof verification systems based on Layer1, which is well-known to everyone, this article does not intend to elaborate on "proof verification systems based on Layer1". In summary,

Summary

After a simple analysis using the barrel model, we can preliminarily conclude that in the mainstream Layer2 security models, they can be sorted according to importance/fundamental level as follows:

1. Is the control authority of the contract/official bridge reasonably decentralized?

2. Whether there is anti-censorship withdrawal function.

3. Is the DA layer/data release form reliable?

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia