Correct Vitalik’s loose remarks about DA issues and censorship-resistant withdrawals

Vitalik missed the “data availability challenge” of Arbitrum and Redstone, which can be called a Celestia killer.

Written by: Faust, geek web3

On January 16, 2024, under a tweet initiated by Daniel Wang, founder of Ethereum Layer 2 project Taiko, and interacting with Zeng Jiajun, founder of AA wallet Soul Wallet, Vitalik said: "The key to Rollup is unconditional security: even if You are targeted by everyone, and you can still take the assets away. This cannot be done if DA relies on an external system (outside of Ethereum).”

Escape Pod: “Secure withdrawals without conditions” in Viatlik’s words

Because Vitalik talked about his views on Validium in the second half of this tweet (Validium refers to the second layer of ZK that does not use Ethereum to implement DA data release), it attracted a lot of attention (previously there were rumors that the Ethereum Fund Will think Layer2=Rollup).

(It needs to be emphasized: **The DA concept discussed in the Ethereum community refers to whether you can obtain newly generated data from Layer 2, not whether you can retrieve historical data long ago. ** If it is not published on the Ethereum chain New data, Layer2 nodes may not be able to successfully parse the latest L2 block)

However, the “Ethereum Layer 2 Definition Debate” and “DA War” have long been heard by countless people. This article does not intend to make any discussion on such topics. The purpose is to focus more energy on the first half of Vitalik’s speech, also It’s the words mentioned at the beginning of this article.

Vitalik stated here that Rollup can achieve trustless censorship-resistant withdrawals. Even if all Layer2 nodes do not cooperate with you, you can still withdraw your assets from Layer2; and,** he pointed out that only rollup can achieve this " “Unconditional safe withdrawal”, while Layer 2, which relies on other DA data release methods, cannot do this. **

But in fact, what Vitalik said is not rigorous. **

First of all, only assets that are bridged from Layer1 to Layer2 can be crossed back to the ETH chain. Pure Layer2 native assets cannot be crossed to Layer1 (unless Layer2 native assets deploy a bridging asset contract on Layer1).

**If, as Vitalik said, “everyone is targeting you”, **you can withdraw the L1-L2 bridging assets at most, **but you cannot withdraw your “Layer2 native Token”, **at this time It doesn’t matter whether you use a normal withdraw, a forced withdraw, or an Escape Hatch.

Secondly, “**Safe withdrawal without conditions” does not necessarily rely on the DA system. **The early Layer2 solution before Rollup, Plasma that implements DA data release under the Ethereum chain, when the DA system fails (that is, data withholding occurs, other than the sequencer/committee, no one else can receive new transaction data/ State transition information), also allows users to submit asset certificates through historical data and escape from Layer 2 safely.

In other words, **Plasma’s safe withdrawals do not depend on the DA system, and **anti-censorship withdrawals do not have to rely on the DA system (but historical data must be available); besides, **this statement is from Ethereum Dankrad of the Foundation (the originator of Danksharding) said it himself, ** is also universally accepted.

Refer to Geek Web3’s past articles: “Data Withholding and Fraud Proof: Why Plasma Does Not Support Smart Contracts”

Secondly, leaving aside Celestia and Blobstream, the data retention/DA failure problem can be solved even without using ETH as the DA layer. Let’s just talk about the “data availability challenge” that the Arbitrum team and the Redstone team are implementing, allowing the sequencer to only publish a DA Commitment (actually a datahash) on the chain, stating that the data has been released off the chain. If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain.

This mechanism is very simple in design, and does not need to rely on third-party DAs such as Celestia, Avail or EigenDA. It only requires the Layer2 project party to set up the off-chain DAC node itself. It can be called a Celestia killer. **

In the following, the author intends to interpret the “safe withdrawal without conditions” mentioned by Vitalik and the “data availability challenge” he did not mention, and try to tell everyone: **Why third-party DA projects such as Celestia, Avail, and EigenDA are not A must-have option for Layer 2 that is DA offchain and pursues security? **

In addition, in our previous article explaining "Bitcoin Layer 2 Risk Assessment Indicators", we talked about censorship-resistant withdrawals being more basic and critical than the DA system. Today’s article will also discuss this point of view. provide further explanation. **

In fact, it is not difficult to deduce what Vitalik said. He was talking about ZK Rollup’s escape cabin. Escape Hatch, also known as Escape Hatch, is a withdrawal mode triggered directly on Layer1. Once this mode is triggered, the Rollup contract will enter a frozen state, reject new data submitted by the Sequencer, and allow anyone to show Merkle Proof to prove their asset balance on Layer2, and transfer their own assets from Layer2 official bridge deposit address transfer away. **

Furthermore, the ** escape hatch mode is a “trustless withdrawal mechanism” that can be manually triggered by the parties on Layer 1 after the user’s transaction has been rejected by the Layer 2 sequencer for a long time. **

However, before activating the escape hatch mode, users who are rejected by the sequencer must first call the forced withdrawal function in the Rollup contract on Layer1, initiate a forced withdrawal request, and throw an event to let the Layer2 node know: someone has initiated a forced withdrawal. Withdrawal request.

Since all Layer2 nodes will run the Ethereum geth client and receive Ethereum blocks, they can monitor the triggering of the forced withdrawal event

If the forced withdrawal request is ignored for a long time, the user can actively trigger the escape hatch mode (the default waiting period of Loopring protocol is 15 days, and the StarkEx plan is 7 days). Then, the operation process is as discussed at the beginning of this article. The user submits the Merkle Proof corresponding to his own assets to prove his asset status in Layer 2, and then withdraws the assets from the Rollup related contract.

**But to construct Merkle Proof, you need to know the complete L2 status first, and **you need to find an L2 full node to request data. If the extreme situation mentioned by Vitalik occurs and there is no Layer 2 node to cooperate with you, ** you can start a Layer 2 full node yourself and obtain the historical data published by the L2 sorter to Ethereum through the Ethereum network, ** from Layer 2 The genesis blocks start to be synchronized one by one until the final state is calculated and the Merkle Proof is constructed, and then funds can be withdrawn safely through the escape hatch.

**Obviously, the “censorship resistance” at this time is equivalent to Ethereum/Layer1 itself. **As long as the Ethereum full node provides you with historical data from a long time ago, it is close to trustlessness.

**However, after EIP-4844, all Ethereum nodes will automatically lose some historical data, so that historical data of Layer 2 for more than 18 days will no longer be backed up by the entire ETH node. At that time, the censorship resistance of escape hatch withdrawals will no longer be as good as Today is so close to Trustless. **

After 4844, we need to trust that a relatively limited number of Ethereum nodes that store all historical data are willing to provide data to you (Layer 2 native nodes are often very few, so we will not consider them for the time being). By then, the trust assumption of **Layer1 historical data can be retrieved/Layer2 escape hatch withdrawal will change from today’s Trustless or 0 to 1/N, that is, it is assumed that 1 out of N nodes can provide you with data. **

The EthStorage team seems to be committed to expanding this N to encourage more nodes to store historical data from long ago. If the denominator of 1/N is large enough, the score is still close to 0, which is close to no trust assumption being introduced. This may be an appropriate solution to the problem of historical data retrieval after 4844.

The relationship between escape pods and DA – Validium’s ransomware attack

Here we will summarize it again: **The escape hatch allows you to prove your Layer 2 asset status through Merkle Proof and make trustworthy withdrawals on Layer 1. **

The reason why Vitalik mentioned that the security of assets involved in withdrawals requires DA as a prerequisite is that the Validium solution can prevent withdrawals due to "data withholding attacks". (Only stateroot is released, and the corresponding transaction data is not released).

The specific principle is: the sequencer may hold on to the transaction data and only publish a Merkle Root (Stateroot) to the Ethereum chain, and then through validity proof, try to make the new Stateroot pass the verification and become the current legal Stateroot.

At this time, everyone does not know the complete status corresponding to the legal Stateroot, and cannot construct the corresponding Merkle Proof to initiate the escape hatch withdrawal. **You can’t withdraw money unless the sorter is willing to release the data to you. This is vividly called a “ransom problem” by a technical director of Arbitrum (I personally prefer to call it a ransom attack). **

**But the reason why DA is prone to “ransom attacks” in Validium off-chain is because its own mechanism design is not perfect enough. **If a challenge mechanism related to withdrawal behavior is introduced, or a data availability challenge is introduced, theoretically Can solve the problem of ransomware attacks.

By the way, as mentioned earlier, Plasma, which allows users to withdraw money through historical data from long ago, will not have “ransom attacks” like Validium, and Plasma is also DA off-chain (off-chain DA+ on-chain verification fraud proof).

*Reference: *Data Withholding and Fraud Proof: Why Plasma Doesn’t Support Smart Contracts

**So, censorship-resistant withdrawals/escape hatches do not necessarily depend on DA, everything depends on the mechanism design of the withdrawal process. **The reason Vitalik believes that censorship-resistant withdrawals are bound to DA is because he started from existing solutions such as Validium and smart contract Rollup, and already had a fixed mindset in his mind.

**But this does not mean that all Layer 2 of DA offchain in the world face the same problems as Validium. **It does not mean that smart contract type Rollup is the end of everything. Innovation may happen at any time (such as the data availability challenges mentioned later) .

On the other hand, if your Layer 2 solution does not consider designs such as escape hatches and anti-censorship withdrawals from the beginning, your Layer 2 will definitely not be trustworthy/safe enough. **In other words, a good DA and proof system are sufficient conditions for achieving censorship-resistant withdrawals, but they are not a necessary condition.

Therefore, in our previous article, we mentioned that in the Layer 2 barrel effect, censorship-resistant withdrawal is a more basic shortcoming than DA and proof systems, and there is a reason.

*Reference material: *“Using the barrel theory to dismantle Bitcoin/Ethereum Layer 2 security model and risk indicators”

Celestia Killer: Data Availability Challenges for Arbitrum and Redstone

After talking about the relationship between the escape hatch and DA, let’s look back at DA itself: Layer 2 does not have to publish DA data to Ethereum to avoid “data withholding” by the sequencer.

Redstone, Arbitrum, Metis, etc. are all developing a “data availability challenge” mechanism, which allows the sequencer to only publish DA Commitment (datahash) + Stateroot on the chain, stating that the state transition parameters (transaction data) have been published off-chain. **If someone cannot obtain the newly generated data off-chain, they can challenge the DA Commitment on the chain and require the sequencer to disclose the data to the chain. **

If the sequencer fails to publish data on the ETH chain in time after being challenged, the datahash/commitment it previously published will be considered invalid, and the associated stateroot will also be invalid. **Obviously, this directly solves the data withholding problem (only stateroot is released, and the corresponding transaction data is not released). **

Obviously, this presents an additional “data availability challenge” compared to Layer 2 of DA offchains such as Validium and Optimium. **But such a simple design is enough to create strong competition against Celestia, Avail, EigenDA, etc. **Set up a DAC yourself and introduce data availability challenges, so you no longer need to rely on Celestia.

But in contrast, **data availability challenges also have economic issues that need to be solved. **The founder of ZkSync pointed out during a battle with Arbitrum’s technical director that **data availability challenges are theoretically susceptible to DoS attacks. **For example, the sequencer quickly releases thousands of DA commitments on the chain, and then withholds the corresponding complete data without releasing it. It can drain all challenger funds in this way and then issue an invalid block, stealing user assets.

Of course, this assumption is too extreme. It is essentially a game theory problem between the attacker and the defender. In fact, the sequencer is more likely to be attacked by malicious challengers and degenerate into a Rollup after being challenged continuously. The game situation between the offensive and defensive sides surrounding the data availability challenge is actually very interesting, and the corresponding mechanism design will also fully test the wisdom of Arbitrum, Redstone, and the Metis project team (this topic can be written separately).

But in any case, the data availability challenge will bring more innovation to the design of Layer 2’s DA solution, which will also make a significant contribution to the Bitcoin Layer 2 ecosystem.