*Special Thanks to Derek Lee from Offchain Labs and Jessie from Initia for the review and feedback.
Let’s get back to the fundamental of blockchain. Blockchain is essentially a state machine. Its state changes by transactions, and this altered shared state is used by participants. It is crucial to ensure that all participants agree on the shared state. To foster better agreement and eliminate the need for trust in specific parties, blockchain focuses decentralization. However, this decentralization can restrict scalability, making it difficult to accommodate more transactions. These issues form the blockchain trilemma.
Ethereum, as one of the first smart contract blockchains, led the creation of rollups. In this rollup model, execution is separated from Ethereum, but there remains a system for checking validity and punishing malicious activities. The approach to building this system was twofold. The first method was optimistic, where the next state is pre-confirmed and finalized with a buffer for a challenge period. The second method was by leveraging a validity proof with zk, where the state change can be verified with a zk proof on-chain in a low-cost verification process. While sidechains were another option, I excluded due to their low reliance on Ethereum for settlement.
Due to the simplicity of implementation, optimistic proof (aka. fraud proof, fault proof) was used in the production as a dominant method for settlement of the rollup state changes.
It was once thought that the zk proof system would soon become dominant, with the optimistic proof system losing ground. The zk proof system is generally expected to offer lower cost and faster finality for rollups. Significant advancements have been seen in terms of proof generation, with experiments conducted on the construction of general-purpose zkVMs based on MIPS, RISC-V, and Wasm. These include projects like ZKM, RiscZero, Succint Labs, and Fluent. Despite the clear benefits of zk rollups, the challenges of developing cost-effective and secure versions are substantial. Updating VMs like the EVM also poses a challenge, as it is difficult to incorporate new features without causing breaking changes.
Due to these challenges, the optimistic proof system is currently the most common in the rollup ecosystem, holding the majority of TVLs, around 75% of total L2 TVL. It remains uncertain whether this dominance will continue in the future. However, there are lots of developments for enhancement, with numerous initiatives aimed at improving the proof system.
Source: Blockchains (L2) | Markets | Token Terminal
Active research and developments are happening to improve the optimistic proof system and these are done in three main points like below:
Lowering the cost
Decentralizing the sequencing, challenging and finalizing process
Reducing the soft and hard finality
Significant efforts have been made in all three domains, some examples would be the recent Dencun upgrade that incorporated EIP-4844, improved data compression, and the development of an interactive proof system. Arbitrum had their new
Before diving into the detailed exploration of recent advancements in “Part4,” it's fundamental to have a thorough understanding of the established concepts and the current landscape. To start, we should look at the field's evolution in “2. Development - History of Optimistic Proof System,” and dive into the current landscape of optimistic proof projects in “3. Current Landscape.”
The optimistic proof system wasn't developed overnight. Numerous researchers and developers contributed to building a robost proof system to ensure its seamless operation in production, currently securing around $18 Billion. Let's review the milestones achieved in the past.
Optimistic rollups were first proposed by Ethereum researcher John Adler in 2019 as a layer 2 scaling solution for Ethereum. The core idea behind optimistic rollups is to move computation and data storage off the Ethereum mainnet to a separate layer 2 chain, while still inheriting Ethereum's security guarantees. The primary motivation for developing Optimistic Rollups was the congestion and high transaction fees on the Ethereum mainnet. With increasing adoption of DeFi protocols, and NFTs, Ethereum faced scalability issues that hindered the user experience and economic efficiency.
The optimistic rollups started to be experimented and developed mainly by two teams, Arbitrum and Optimism. These rollups aim to provide scalability for Ethereum by processing transactions off-chain and posting compressed transaction data and the output root on the Ethereum mainnet. As they provided lower cost for both users and dapps, the Ethereum community quickly adopted it. (Early paper on Arbitrum can be found in this link.)
Source: TVL of Arbitrum in USD
The key characteristic of optimistic rollups was their "optimistic" approach - after a simple validity check on the transaction, they assume all transactions are valid by default, and they rely on a fraud-proving mechanism where challengers can challenge the validity of transactions within a set time period (typically 7 days). If a fraudulent transaction is detected, a fraud proof is executed onchain to correctly re-process the transactions. This optimistic approach allowed optimistic rollups to achieve significant scalability improvements over Ethereum mainnet.
There were numerous challenges in the past. Initially, projects like Optimism used their own modified EVM called OVM, which limited its compatibility with EVM. A detailed analysis of the modifications can be found in this insightful article by Georgios Konstantopoulos from Paradigm. The projects also had, and continue to have, a centralized approach to resolving reversion and challenge mechanisms. This method posed a security trade-off, as transactions were not immediately final and could be reverted if a limited number of participants detected fraud within the challenge window.
Recent developments in the optimistic proof system have significantly enhanced the efficiency and scalability of Ethereum's Layer 2 solutions, such as Arbitrum and Optimism. Apart from Ethereum's Dencun upgrade, other optimizations in optimistic rollups have contributed to their efficiency. For instance, Arbitrum has focused on refining its fault-proof systems to ensure data integrity and security.
Optimism has also made substantial progress through its Superchain strategy, which aims to create an aligned ecosystem of multiple L2s using the OP Stack. The Superchain is leveraging a custom and alt DA solutions, cross-chain messaging, and shared sequencing to facilitate seamless interoperability and improved scalability.
Recent enhancements in the Optimistic Rollup ecosystem have seen a shift from non-interactive to interactive fraud proofs. Interactive proofs involve a back-and-forth dialogue to efficiently identify and correct faulty transactions. This change aims to reduce the computational cost and complexity of verifying onchain.
Let's examine the current status of rollups, focusing on projects operating under the optimistic proof system and their developments.
At present, two entities - Arbitrum and Optimism - are primarily working on enhancing the optimistic proof system. Other projects, such as Initia, Dymension, and Rollkit, are developing frameworks for their rollup ecosystem.
Arbitrum and Optimism are striving to improve the technological aspects of fraud proof, while other projects are also implementing interesting approaches. Let's briefly overview their current activities and ongoing developments.
3.1.1 Multi-Round Proof
Arbitrum's proof system uses a "multi-round fraud proof" method to verify transactions. This process occurs primarily off-chain, with the final state recorded on Ethereum's blockchain for transparency.
The central feature of this system is the "assertion tree." Validators, who post bonds using Ether, make claims (or "assertions") about the state of Arbitrum. These assertions form a chain, with each one building on the last. However, when conflicting assertions arise, the tree splits into branches, signaling a possible fraud.
Resolving these disputes involves an interactive proving technique called "dissection." The validators involved in the dispute systematically narrow down their disagreement until only a single operation remains. This operation is then run on Ethereum's Layer 1 to determine its validity.
The steps are as follows:
Two validators have a disagreement about Arbitrum's state.
They gradually reduce their dispute down to just one computational step.
This step is then run on Ethereum's Layer 1 to verify which validator is correct.
Arbitrum's approach shines in its efficiency. By isolating and examining only the disputed computation, it avoids the more costly process of re-running the entire transaction on Ethereum, as done in Optimism's single-round fraud proofs. As the single-round fraud proofs require the whole computation on the L1 chain/
3.1.2 Arbitrum BoLD
Source: A gentle introduction: BOLD | Arbitrum Docs
BoLD (Bounded Liquidity Delay) is designed as a new dispute resolution protocol specifically tailored for Optimistic Rollups on Arbitrum chains, aiming to facilitate permissionless validation. This mechanism mitigates the risks associated with delay attacks by ensuring disputes are resolved within a predetermined time window.
BoLD presents several key features that are integral to its functioning. Firstly, it introduces permissionless validation, allowing any honest party to validate and bond their funds to post correct L2 state assertions. This feature enables honest validators to challenge and win disputes against malicious actors. Secondly, BoLD guarantees that disputes will be resolved within a fixed time window, currently set to one challenge period (approximately 6.4 days) for Arbitrum One and Nova. Additionally, the total maximum time for resolving disputes includes up to two challenge periods plus a two-day grace period for potential Security Council intervention. Lastly, BoLD supports Arbitrum's advancement to a Stage 2 rollup, ensuring that anyone can validate the L2 state and submit fraud proofs to Ethereum, which bolsters the platform’s decentralization and security.
Crucially, BoLD promotes permissionless participation, encouraging any honest party to engage in the validation process. This inclusivity aims to foster greater resilience within the network by diversifying participation and reducing central points of failure. Currently, BoLD is in its alpha release phase and deployed on a public testnet. It also has been audited twice (Report by Trailofbits, Code4rena).
Source: Fault Proof VM - Cannon | Optimism Docs
The fault proof system in OP-Stack is designed to challenge and mitigate malicious activities within the network. The upcoming Fault Proof VM will be the key improvement. This system is composed of three primary components: the Fault Proof Program (FPP), the Fault Proof Virtual Machine (FPVM), and the dispute game protocol. The FPP checks the rollup state-transition to verify an L2 output from L1 inputs, sorting out any disputes over outputs on L1. This modular architecture allows independent development and deployment of multiple proof systems and unique dispute games, significantly bolstering the system's flexibility and security.
The FPVM, a minimal and composable unit in this architecture, executes the instruction cycles for proving transactions while staying unaffected by changes in the Ethereum protocol, thanks to its separation from the FPP. The dispute game protocol orchestrates the challenge mechanism by bisecting over state transitions to narrow down disputes to single instruction verifications, thereby allowing efficient proofs on the L1 EVM. This system promotes a multi-proof future inclusive of various proof methodologies like ZK proofs and aggregate proof systems.
Source: OPinit Stack | Initia Docs
Initia is a Comsos L1 blockchain, where it is building an unified, interwoven rollup ecosystem. It closely resembles the rollup ecosystem in Ethereum, but designed from the bottom up for the rollups. The validators of initia L1 runs the sequencers for the rollups and the optimsitic proof based settlement is embedded in the L1 blockchain. Let’s see how the rollups work, which are built by the OPinit Stack that supports EVM, WasmVM, MoveVM with native interoperability by IBC.
The OPinit Stack is a framework designed to launch a Minitia L2 on top of the Initia L1 blockchain. This stack is specifically constructed using the CosmosSDK, which helps in building vm-agnostic Optimistic Rollups, and is closely modeled on Optimism's Bedrock interface. By leveraging the Initia L1 governance model, it efficiently handles fraud-proof disputes, ensuring reliable transaction validations and dispute resolutions. The challenge occurs like the challenge system in Bedrock, permissioned challengers can erase the non-finalized output. Also, through L1 proposal, the output submitter can be changed.
Essential to the OPinit Stack are its two primary modules: OPHost and OPChild:
The OPHost module is designed for Layer 1 operations within the Initia ecosystem, leveraging Cosmos SDK functionalities. It includes various message types and RPC handler methods to facilitate core activities such as batch submissions, bridge creations, output data proposals, and output deletions.
The OPChild module focuses on Layer 2 operations, providing mechanisms to support token transfers, and fee pool administration. It also includes specific message types and RPC handlers to execute messages, finalize token deposits, and initiate token withdrawals from L2 to L1, ensuring streamlined L2 functionalities within the Initia architecture.
Source: Taiko Protocol Overview — Taiko Labs
Taiko is an optimistic rollup by default, through a multi-proof system. This system combines an optimistic approach with the use of ZK-proofs.
The process starts with the Proposers, who construct rollup blocks from L2 transactions and suggest them to the L1 Taiko contract on Ethereum. These proposed blocks are added to the L1 contract without the initial requirement of any validity proofs. Provers then have the opportunity to challenge the validity of a proposed block by providing a bond, which involves staking TAIKO tokens. If a block isn't challenged within the challenge period, it's deemed valid and finalized on L1, with the Prover's bond being returned. In cases where a block is challenged, a ZK-proof becomes necessary to affirm the block's validity. The Prover who was correct, whether it's the initial Prover or the Challenger, receives their bond back plus a reward. Meanwhile, the bond of the incorrect party is slashed, leading to a partial burn.
Interestingly, Taiko estimates approximately 1% of blocks will require a ZK-proof, helping to reduce computational overhead while still offering validity guarantees. To enhance its resilience, Taiko supports multiple proof backends such as PLONK, Halo2, and SGX to protect against potential bugs or vulnerabilities. This approach allows dApps to set their own trust assumptions and security levels, demonstrating Taiko's contribution to blockchain scalability and security.
3.5.1 Dymension
Fraud proofs are an integral part of the Dymension ecosystem, designed to ensure the integrity of blockchain state transitions. When a RollApp (Rollup in Dymension L1) sequencer publishes a state root, RollApp full nodes monitor these transitions. If an invalid state transition is detected, these nodes generate a unique fraud proof transaction by gathering a list of all state transitions inside the block up to the fraudulent one.
This assembled transaction, which includes details like block height, transaction index, blob shares, blob inclusion proofs, and state witnesses, is then sent to Dymension for validation. Once submitted, Dymension full nodes verify the data and recompute the state transition. If the computed transition results in a different Interim State Root (ISR) than the published one, the fraud proof is validated, leading to the reversion of the disputed state and slashing of the sequencer responsible.
The current dispute period on Dymension's mainnet is set to approximately 120,000 blocks. As current block is produced every 6 seconds, the finality is around 8 days.
3.5.2 Rollkit
Source: rollkit/specs/lazy-adr/adr-009-state-fraud-proofs.md at main · rollkit/rollkit
Rollkit's State Fraud Proofs help reduce trust issues in blockchain networks by identifying fraudulent transactions. They are used when there's a mismatch between state roots produced by full nodes and the sequencer. The full node creates a proof that's shared across the network for verification. If a mismatch is confirmed, it triggers a need for corrective action, enhancing security and decentralizing oversight.
Many people used to view optimistic rollups as inferior to zk rollups. As zk rollups become more production-ready, boasting strengths like secure interoperability and faster finality, people wonder if optimistic proof systems will lose their standing. I don't believe so, as there are many active developments aimed at resolving the major issues in the optimistic proof system.
In this section, let's examine some of these major issues and potential solutions:
Centralization of operation
High operational costs
Slow finalization
The centralization of sequencers in Optimistic Rollup projects is a critical issue, as it involves a concentrated point of control and trust within a system intended to be decentralized. In an Optimistic Rollup, sequencers are responsible for ordering transactions, aggregating them off-chain, and committing them to the Ethereum. This central role gives sequencers considerable power and control, which can introduce several centralization-related risks.
Most rollups today utilize centralized sequencers. In this setup, a single entity or organization typically runs the sequencer, which can lead to several potential issues. Most of the current rollups including OP-Mainnet and Arbitrum do not have a fully decentralized system. They rely on some centralized entities both in submitting the transaction batches and participating in the fraud challenge system. However, Arbitrum has a built-in way for users to bypass the sequencer if the sequencer goes offline or is acting maliciously.
The recent controversy, Blast rollback Incident, serves as an excellent example to understand the benefits and drawbacks of centralization. This incident underscored the risks of centralized layer 2 solutions without adequate exit strategies for users. This was evident when Blast was halted, and a transaction related to the hack was removed. The central entity operating a rollup can impact the overall ecosystem, but in this case, it helped recover $62.5M. Also, this article by Charles Yu at Galaxy is a great resource to understand the decentralization process of Arbitrum and Optimism.
4.1.2 Solution1. Permissionless Validation
Leading Optimistic Rollup Framework builders, Arbitrum and Optimism are now considering permissionless validation as the very next step to make the rollup more decentralized. They are both posed to release the update this year, making the validation process permissionless.
Arbitrum**:** Arbitrum is working toward achieving permissionless validation through its new validation protocol called BoLD (Bounded Liquidity Delay). BOLD is specifically designed to make the validation of Arbitrum chains safely permissionless, The protocol allows any honest party to participate in the validation process by bonding their funds to post correct Layer 2 (L2) state assertions. This removes the need for a centralized authority to manage validators and enables disputes to be resolved based on the correctness of the state rather than the identity of the validator. More detailed explanation can be found in “Part3.1 Arbitrum.”
Optimism**:** Optimism is aiming to achieve permissionless validation by transitioning to a decentralized fault-proof system. Initially, Optimism relied on multisig wallets governed by the Optimism Security Council and the Optimism Foundation. To further decentralize, Optimism introduced Cannon, an offchain fault-proof system currently deployed on OP Sepolia for testing. By using Cannon, Optimism is trying to transition from a system requiring explicit permissions to one where any participant can engage in transaction verification and conflict resolution. This system allows anyone to participate in the validation process by submitting withdrawal claims backed by bonds. (This is now live in the mainnet.)
4.1.3 Solution2. Sequencer Decentralization
The centralized nature of their sequencers, which are responsible for building and proposing blocks, poses a concern for centralization. To address these challenges, rollups aim to transition from a single sequencer model to a multi-sequencer setup, thereby distributing the responsibility of block validation and proposal across multiple independent entities. Below are some of the approaches that can. be taken to decentralize the sequencers.
Shared Sequencers: Outsourcing sequencing to third-party services such as to Espresso and Radius.
Distributed Sequencer Technology (DST): Utilizing a cluster of machines distributes sequencer tasks, offering high fault tolerance. This can be thought similar to DVT solutions like Obol network is building for PoS validators.
Different rollups may prioritize various aspects such as maximum decentralization, flexibility, or geographical distribution based on their specific use cases. For example, general-purpose rollups like Optimism might adopt a more decentralized approach but with a dedicated sets of sequencers like DST, while application-specific rollups, such as those designed for gaming, might lean toward a centralized model but employ Shared Sequencers to ensure reliability and reduce downtime. This field is in an early development stage.
Optimistic rollups require the storage of transactions to rebuild the state for the challenge process. This can result in high data storage costs, which comprise most of the operational costs of optimistic rollups. However, this issue is actively being researched, with solutions such as applying more compression techniques or using alternative DAs. Additionally, the interactive proof system has contributed to reducing the cost of challenges, as the computation of challenge reduced significantly.
4.2.1 Solution1. Cheaper DA
Optimistic rollups are effectively leveraging Ethereum blobs and alternative Data Availability (DA) solutions like Celestia to address the high costs associated with transaction batch data publishing.
In the context of Ethereum, optimistic rollups used to post transaction data to the mainnet as calldata, which was a significant cost. However, with the Dencun upgrade, they are now using the new data storage format called blobs, reducing the overall cost over 90%.
Source: Optimism: OP Chains (Superchain) - L2 Activity, Chain Economics, L1 DA Costs
In addition to leveraging Ethereum's own advancements, optimistic rollups are also integrating with alternative DA solutions like Avail and Celestia. By offloading transaction batch data to Celestia, optimistic rollups can reduce their reliance on Ethereum's more expensive storage, thereby further cutting down the costs associated with data publishing. This integration allows rollups to maintain high levels of throughput and transaction speed while keeping the costs manageable.
This alternative DA landscape is now getting more traction, as more rollups are launching with an optimistic proof system. As more rollups are prepared to be launched, there will be more enhancements in the alternative DA space as well. For now, the DA is neither the bottleneck of operation cost and scalability.
4.2.2 Solution2. Interactive Proof System
In Optimistic rollups, if a transaction is suspected to be fraudulent, challengers on the network can challenge the validity of the output root. During the challenge period, a fraud proof must be provided to demonstrate the incorrectness of the transaction. If the transaction is proven fraudulent, the proof is verified on-chain, leading to the invalidation of the transaction. This method ensures that only disputed transactions are subject to on-chain verification, thus keeping the majority of transactions off-chain.
The interactive proof system invites participants to generate and submit fraud proofs if they suspect fraud. The smart contract that manages the rollup evaluates these proofs against the state root that the sequencer submitted. If a discrepancy is found, the incorrect state is discarded, and the system reverts to a previously valid state. This approach ensures efficient verification without overloading the Ethereum network with unnecessary computations. Currently, this computation is performed on-chain, which can be costly. For Arbitrum, the computation required in challenges is done off-chain with the final results posted on-chain. However, this cost may be minor because there are few challenges in the current optimistic rollups. The only known case was done by Kroma in April 2024.
Optimistic rollups have two types of finalization - soft finality and fast finality. Soft finality refers to the initial state when a sequencer executes the state transition, along with having a batch of transactions being published on the Ethereum. At this point, the transactions are considered "softly final" and can be safely relied upon by users and applications on the rollup. However, there is a challenge period (typically around 7 days) during which anyone can submit a "fraud proof" to dispute the validity of the transactions in that batch. If no fraud proof is submitted within the challenge period, the batch of transactions achieves hard finality and can no longer be reverted or challenged. Usually, a native bridge requires hard finality for the asset transfer.
Slow finalization in both soft and hard finality can cause problem when building a bridge or multichain dapps. This issue is being addressed through faster execution and Hybrid proof system.
4.3.1 Solution1. Faster Execution
In terms of soft finality, the process is on executing the state transition and having the transaction batches stored in Ethereum. The executing process had seen limitation due to the EVM spec which doesn’t support the parallel execution nor database optimization. However, there are projects like MegaETH and Heiko that are building the parallel execution environment, with an optimistic proof system.
Also, rollups are trying to store the transaction batches more quickly by having a shorter block time. For Arbitrun, by generating blocks every 250 milliseconds, or as low as 100 milliseconds on configurable Orbit chains, Arbitrum ensures rapid transaction confirmations. Also, Arbitrum’s design leverages a unique "sequencing" model instead of the conventional "block building" approach, enabling faster processing by eliminating the need for transactions to wait in a mempool. This can also remove bad MEV.
4.3.2 Solution2. Hybrid Proof System
Hybrid proof systems, particularly those leveraging ZK proofs integrated with optimistic rollups, significantly enhance the finality of blockchain transactions by reducing the time required for their conclusive verification. Optimistic rollups, such as those used in Optimism’s OP Stack, inherently depend on the assumption that transactions are valid unless challenged. This leads to the necessity of a dispute or challenge window, where potentially invalid transactions can be contested. However, this challenge period introduces delays in transaction finality as it must be sufficiently long to ensure robust verification and allow for any potential challenges.
Zeth, a ZK block prover built on the RISC Zero zkVM, allows for immediate validity checks of transactions by providing cryptographic evidence that a block of transactions is correct without revealing the specifics of the transactions themselves. This reduces the reliance on extended dispute windows required for optimistic rollups and significantly shortens the finality time.
Tools like Zeth ensure that transaction sequences and data availability mechanisms are reliably maintained, and by reducing the challenge period from potentially days to hours or even minutes, the efficiency of layer-2 solutions, such as Optimism, is enhanced. Projects like ZKM has also developed hybrid proof system for Metis.
Source: Tweet by zerokn0ledge
In my opinion, the optimistic rollup will not be replaced soon. There are numerous improvements being made to it, and its simplicity will likely be adopted in other ecosystems as well. In a future article, I will try to delve into the "State of ZK Proof System," discussing recent developments and upcoming releases and compare with the optimistic rollups. However, the adoption of frameworks like Arbitrum Orbit and OP-Stack is accelerating, and I hope there are improved coordination for better infrastructure and tools in each ecosystem.
One issue I see in the rollup space is scalability. Layer1 projects like Sei, Sui, and Solana are developing infrastructure to enable robust parallel transaction executions and database optimization, aiming to make blockchain more accessible for the masses. (Check our Four Pillars’ article on parallel execution of Sei and Sui)Current rollups may not be able to handle as many transactions and reach fast finality as Sui. However, with projects like Fuel Network, MegaETH and Heiko making parallel execution possible, we can expect performance improvements in rollups soon.
Thanks to Kate for designing the graphics for this article.