Why is Vitalik Buterin's statement on "DA issues and censorship-resistant withdrawals" not rigorous?

Original title: “Correcting Vitalik Buterin’s lax remarks on DA issues and censorship-resistant withdrawals”

Original author: Faust

Original source: Geek Web3

On January 16, 2024, in a tweet initiated by DanielWang, founder of the Ethereum Layer 2 project Taiko, and interacting with Zeng Jiajun, founder of AA Wallet Soul Wallet, Vitalik said, "The key to Rollup is unconditional security: even if you are targeted by everyone, you can still withdraw your assets. This cannot be done if DA relies on external systems (outside of Ethereum). 」**

Escape Pod: Viatlik’s “Safe Withdrawal Without Conditions”

Since Vitalik talked about his views on Validium in the second half of this tweet (Validium refers to ZK Layer 2 that does not use Ethereum to implement DA data publishing), it has received a lot of attention (previously rumored that the Ethereum Foundation believes that Layer 2 = Rollup).

(It should be emphasized that the DA concept that the Ethereum community talks about refers to whether you can access the newly generated data of Layer 2, not whether you can retrieve historical data from a long time ago.) **If new data is not published on the Ethereum chain, Layer 2 Node may not be able to resolve the latest L2 Block smoothly)

However, the “Ethereum Layer 2 Definition Controversy” and “DA War” have long been heard by countless people, and this article is not going to go into any discussion of such topics, but to focus more energy on the first half of Vitalik’s speech, which is the one covered at the beginning of this article.

Vitalik shows here that rollups can enable Trustless censorship-resistant withdrawals, allowing you to withdraw your assets even if all the Layer 2 Node don’t cooperate with you Layer 2 and, he points out, only rollups can achieve such “unconditional and secure withdrawals,” which cannot be done by Layer 2 who rely on other DA data publishing methods. **

But in reality, Vitalik’s words are not rigorous. **

First of all, only assets that are bridged to Layer 2 can cross back to the ETH chain, and pure Layer 2 native assets cannot cross to Layer 1 (unless the Layer 2 native asset deploys a bridge asset contract on Layer 1).

If, as Vitalik said, “everyone is targeting you”, you can withdraw the L1-L2 bridge assets at most, but you can’t withdraw your own “Layer 2 native token”, at this time, whether you take ordinary withdraw, forced withdraw, or Escape Hatch, it is useless.

Secondly, “Secure withdrawals without conditions” do not have to rely on the DA system. **Early Layer 2 solutions before Rollup, Plasma that implements DA data publishing under the Ethereum chain, and DA system failures (that is, data withholding occurs, and no one other than the sequencer/committee can receive new transaction data/state transition information), it also allows users to submit proof of assets through historical data and safely escape from Layer 2.

In other words, Plasma’s secure withdrawals have no dependency on the DA system, and censorship-resistant withdrawals don’t have to rely on the DA system (but to ensure that historical data is available); moreover, this statement was made by Dankrad (Danksharding’s proposer) of the Ethereum Foundation, and it is also axiomatic everywhere.

Refer to Geek Web3 previous articles: “Data Withholding and Fraud Proof: Why Plasma Doesn’t Support Smart Contracts”

Second, Celestia and Blobstream aside, the data retention/DA failure problem can be solved even if ETH is not used as the DA layer. Let’s just talk about the “data availability challenge” that the Arbitrum team and the Redstone team are working on, allowing the sequencer to publish only one DA Commitment (actually datahash) on-chain, stating that data has been published off-chain. If someone can’t get the newly generated data off-chain, they can challenge the on-chain DA Commitment and ask the sequencer to disclose the data on-chain.

The design of this mechanism is very simple, and it does not need to rely on third-party DAs such as Celestia, Avail or EigenDA, but only needs the Layer 2 project party to set up its own off-chain DAC Node, which can be called the Celestia killer. **

In the following, the author intends to interpret Vitalik’s “unconditional secure withdrawals” and the “data availability challenges” that he did not mention, trying to tell you: Why are third-party DA projects such as Celestia and Avail and EigenDA not necessary for DA offchain and security-seeking Layer 2?

In addition, in our previous article on the “Bitcoin Layer 2 Risk Assessment Indicators”, we talked about the fact that censorship-resistant withdrawals are more basic and critical than DA systems, and today’s article will further explain this point. **

Actually, Vitalik’s words are not difficult to deduce, ** is talking about the ZK Rollup’s escape pod. **The Escape Pod aka Escape Hatch is a withdrawal mode that is triggered directly on Layer 1. Once this mode is triggered, the Rollup contract will enter a frozen state, reject new data submitted by Sequencer, and allow anyone to show Merkle Proof to prove their asset balance on Layer 2 and transfer their assets from the Layer 2 official bridge deposit Address. **

Further, the ** escape pod mode is a “Trustless Withdrawal Mechanism” that can be manually triggered by the parties on Layer 1 after the user’s transaction has been rejected by the Layer 2 sequencer for a long time. **

However, before activating the escape pod mode, users who are rejected by the sequencer need to call the forced withdrawal function in the Rollup contract on Layer 1 to initiate a forced withdrawal request, and throw an event to let the Layer 2 Node know that someone has initiated a forced withdrawal request.

Since Layer 2 Node will run Ethereum geth client and will receive EthereumBlock, it will be able to listen to the triggering of forced withdrawal events

If the forced withdrawal request is ignored for a long time, the user can actively trigger the escape pod mode (the default waiting period is 15 days for the Loopring protocol and 7 days for the StarkEx solution). Then, as discussed at the beginning of this article, users submit Merkle Proof corresponding to their assets, prove their asset status in Layer 2, and then withdraw the assets from the Rollup-related contract.

But to construct Merkle Proof, you need to know the full L2 state first, and you need to find an L2 Full Node to ask for data. If the kind of extreme situation that Vitalik is talking about happens, and there is no Layer 2 Node to cooperate with you, you can start a Layer 2 Full Node by yourself, get the historical data published by the L2 sequencer to the Ethereum through the Ethereum network, and synchronize one by one from the Layer 2 Genesis Block until the final state is calculated, and the Merkle Proof is constructed, and you can safely withdraw money through the escape pod.

**Obviously, the “censorship resistance” at this time is equivalent to Ethereum/Layer 1 itself. **As long as there is a EthereumFull Node to provide you with historical data from a long time ago, it is close to Trustless.

**However, after EIP-4844, the EthereumFull Node will automatically lose part of the historical data, so that the historical data of Layer 2 more than 18 days will no longer be backed up by the ETH Node network, and the censorship resistance of escape cabin withdrawals will no longer be as close to Trustless as it is today. **

After 4844, we need to trust, a relatively limited number of EthereumNode that store all historical data, willing to provide data to you (Layer 2 native Node are often very small, so don’t consider them for the time being). At that time, the trust assumption that Layer 1 historical data is retrievable /Layer 2 escape pod withdrawals will change from trustless or 0 today to 1/N, that is, assuming that 1 out of N Nodes can provide you with data. **

The EthStorage team seems to be committed to scaling this N, incentivizing more Nodes to store historical data from a long time ago. If the denominator of 1/N is large enough, the fraction is still close to 0, which is close to not introducing the trust hypothesis. This may be an appropriate solution to the problem of post-4844 historical data retrieval.

Escape pod’s relationship to DA – Validium’s ransom attack

Here we summarize again: **The escape pod is a withdrawal that allows you to prove your Layer 2 asset status through Merkle Proof and Trustless withdrawals on Layer 1. **

The reason why Vitalik mentioned that the security of assets involved in withdrawals needs to have DA as a premise, mainly means that the validium scheme can not be withdrawn due to "data withholding attacks. (Only stateroot is published, not the corresponding transaction data).

The specific principle is that the sequencer may withhold the transaction data, only release a Merkle Root (Stateroot) to the Ethereum chain, and then manage to make the new Stateroot pass verification and become the current legitimate Stateroot through the validity proof.

At this time, you don’t know the complete state corresponding to the legitimate Stateroot, and you can’t construct the corresponding Merkle Proof to initiate the escape pod withdrawal. You can’t withdraw until the sequencer is willing to release the data to you, which is what one of Arbitrum’s tech leads refers to as a “ransom problem” (I personally prefer to call it a ransom attack). **

However, the reason why DA’s off-chain validium is prone to “ransomware attacks” is that its own mechanism design is not perfect, and if a challenge mechanism related to withdrawal behavior is introduced, or a data availability challenge is introduced, the ransomware attack problem can theoretically be solved.

By the way, as mentioned earlier, Plasma, which allows users to withdraw through historical data from a long time ago, will not have a “ransomware attack” such as validiums, and Plasma is also DA off-chain (off-chain DA+ on-chain verification fraud proof).

Reference: Data Withholding and Fraud Proof: Why Plasma doesn’t support Smart Contracts

Therefore, censorship-resistant withdrawals/escape pods do not have to rely on DA, everything depends on the mechanism design of the withdrawal process. The reason why Vitalik believes that censorship-resistant withdrawals are tied to DA is because he has a preconceived mindset in his mind based on existing solutions such as Validium and Smart Contract Rollup.

But this does not mean that all DA offchain Layer 2 in the world are facing the same problems as validiums, and it does not mean that Smart Contract Rollups are the end of everything, and innovation can happen at any time (such as the data availability challenges mentioned later).

**Conversely, if your Layer 2 solution does not consider the design of escape pods and censorship-resistant withdrawals from the beginning, your Layer 2 will definitely not be trustless/secure enough. In other words, a good DA and attestation system is a sufficient condition for a censorship-resistant withdrawal, but not a necessary one.

So in our previous article, we mentioned that in the Layer 2 barrel effect, censorship-resistant withdrawals are a more basic shortcoming than DA and proof systems, and there is a reason.

Reference: “Dismantling Bitcoin / Ethereum Layer 2 Safety Models and Risk Indicators with Barrel Theory”

Celestia Killer: Data Availability Challenges for Arbitrum and Redstone

After talking about the relationship between the escape pod and the DA, let’s look back at the DA itself: Layer 2 does not have to publish DA data to Ethereum in order to avoid the sequencer engaging in “data retention”.

Redstone, Arbitrum, Metis, and others are all working on a “data availability challenge” mechanism that allows sequencers to only publish DA Commitment(datahash)+Stateroot on-chain, declaring that state transition parameters (transaction data) have been published off-chain. If someone is unable to obtain the newly generated data off-chain, they can challenge the on-chain DA Commitment and ask the sequencer to disclose the data on-chain. **

If the sequencer is challenged and does not publish data on the ETH chain in a timely manner, its previously published datahash/commitment will be considered invalid, and the associated stateroot will also be invalid. Obviously, this directly solves the data retention problem (only the stateroot is published, not the corresponding transaction data). **

Obviously, this is one more “data availability challenge” than the Layer 2 of DA offchains such as Validium and Optimium. But such a simple design is enough to create strong competition with Celestia and Avail, EigenDA, etc. Set up your own DAC to introduce data availability challenges and no longer rely on Celestia.

Conversely, however, data availability challenges also have economic issues that need to be addressed. In a battle with Arbitrum’s technical lead, the founder of ZkSync pointed out that data availability challenges are theoretically susceptible to Dos attacks. For example, the sequencer quickly publishes thousands of DA commitments on the chain, and then withholds the corresponding full data and does not publish it. In this way, it can drain all challengers’ funds and then publish an invalid block to steal user assets.

Of course, this assumption is too extreme, it is essentially a game theory problem for both the offensive and defensive sides, and in fact, the sequencer is more likely to be attacked by malicious challenger dos, and it regresses into a rollup after being challenged continuously. The game between the attacker and the defender around the data availability challenge is actually very interesting, and the corresponding mechanic design will fully test the wisdom of Arbitrum and Redstone, as well as the Metis project team (this topic can be written separately).

Either way, the data availability challenge will bring more innovation to Layer 2’s DA design, which will also make a big difference to the Bitcoin Layer 2 ecosystem.

Link to original article