Rollups for Dummies

This post was marked UNSAFE from the rollups debate

If you have spent any time in crypto recently, you already know this is a sensitive topic. As is true for many other terms in our world, there is no standard definition for the word “rollup”.

For those of you who were away from Crypto Twitter last week, let me catch you up: Jon Charbonneau wrote a fantastic technical deep dive on the fundamentals of rollup infrastructure, and it triggered a “debate on semantics” of what exactly it means to be a Rollup.

In this post, I will try to present an unbiased view - of what it means to be a Rollup - and if rollups really scale Ethereum. While Jon’s post was aimed at the blockchain system designers and people with above-average knowledge of crypto, this post is aimed more at the not-so-crypto-savvy individuals who are curious to understand the mystery that is a “Rollup”.

I will use a toy example to explain things as that’s how I myself learn the best. Then I will extrapolate that example to rollups and all their security guarantees.

Four of a Kind

It’s the peak of the pandemic and 5 friends - A, B, C, D, and E are locked in a hotel room and bored to their wits. They decide to play poker (with some red-colored coins) to kill time. To make sure no one cheats, they all decide to keep track of all the poker hands & the corresponding transactions in their personal journals. After every hand, everyone writes in their own journal what happened and how the balances of each player changed after the hand.

Players are also allowed to do side bets and trades as long as all the trades are reported to everyone. A transaction is only considered valid if it is added to all the journals. To make sure the entries across all 5 players’ journals are consistent, a new entry is added only if a supermajority of players (at least 4 out of 5, in this case) agree on the correctness of the entry and the updated states of player balances.

These 5 journals together then show a shared agreement on the state of each player’s balance. In crypto, we call such a shared agreement a Blockchain. The supermajority rule to ensure consistency & correctness is the ‘Consensus Mechanism’ used to gain this agreement.

Consensus mechanisms are something that the world is still trying to perfect. What blockchains aim to achieve is massive - Trustless coordination amongst anonymous people located in different parts of the world. Over the past decade, several different blockchains with several different consensus mechanisms have come to the fore in an attempt to reach that target.

Few have come close.

Full House

In the neighboring room, 3 friends - F, G, and H overhear all this and decide to play the exact same game, but with a different currency (blue colored coins). This group is too lazy to record what transactions happen in every hand or trade. Instead, they call the ABCDE room and strike a deal with them. Every once in a while they will report all their transactions to the ABCDE room. All players in the ABCDE room can then add the FGH transactions to their own journals. In exchange, FGH will pay a tip to ABCDE every time they report new data. FGH would still keep track of their own balances but will push all the transaction data to ABCDE.

This trade deal helps FGH inherit security from ABCDE without having to build their own journals and consensus mechanism:

  • Data Availability: It ensures that the data of transactions is recorded *somewhere* even if they are too lazy to do it themselves

  • Re-org Resistance: Once the data has been added to the ABCDE journals, it cannot be changed. The journal entries are “immutable” and no one can try to reverse any transactions.

  • Censorship Resistance: Since anyone of FGH can report data whenever they want, it ensures that no one can prevent any transactions from reaching the ABCDE journals. (e.g., if F lost a big hand, she might want to prevent reporting that data)

Note that FGH is also a blockchain. There’s a shared agreement on what everyone’s balances are. Just that the data of this blockchain is stored somewhere else.

Effectively, we have built a Rollup.

It is nothing but FGH doing some transactions, telling ABCDE to add it to their ledger, and in this way, inheriting some security guarantees from ABCDE.

BUT - there’s one part missing from the story - who validates the final balances of the FGH players after each state update?

This question might seem trivial so let me try to interest you in a hyperbolic example to explain it better:

During the game in the FGH room, there is a hand where F wins $100 and H demands a dealer’s tip. F reluctantly gives $5 out of her winnings as a tip and all transaction data is reported to ABCDE. But, F is malicious and doesn’t omit $5 from her own record of player balances. G looks at both and is confused about which one is correct.

We now have a fork in the FGH blockchain. F’s balance in her own journal is $5 higher than what it is in H’s journal. So how do we resolve conflicts during the time of forks and come to a consensus on the correct version of the blockchain?

There are two major ways of achieving this:

  1. Previous Balances + New Transactions = New Balances

    Since these would be cryptographic proofs, any player could independently verify them and confirm the correctness of the player balances.

  2. Rely on the ABCDE room: Maybe FGH are too lazy to even verify these cryptographic proofs themselves. In this case, they could choose to rely on ABCDE to validate balances and ‘define’ the correct fork of the FGH rollup. This is how it would work:


    They would hire an extremely rational assistant and ask him to operate from the ABCDE room. This operator would be a neutral entity. He would look at all the FGH data posted in ABCDE journals, and verify any validity proofs (or arbitrate fault proofs) that the observers from the FGH room send across. FGH would follow whatever rollup fork this operator chooses as the correct one.

This operator is the smart contract (validating) bridge in smart contract rollups like Arbitrum and Optimism.

The first option of fork resolution by verifying validity proofs within the FGH rollup is what is used by traditionally so-called Sovereign Rollups.

Choosing any of these options provides the final security guarantee to the FGH blockchain: Validity of state (player balances)!

Another Buy-In

Okay, there are Smart Contract rollups and there are Sovereign rollups. So why is there a debate on semantics?

To understand that, we need to understand one more concept that I deliberately left out in the above section.

The operator in the ABCDE room has one more power. It can also act as a window of trade between the two rooms. The ABCDE room has a lot of transactions going on and the entry updates can be really slow. So they can instead outsource some of their transactions to the FGH room.

To do this, they simply send their red coins to the operator. The operator locks these red coins in one of his drawers. And mints equivalent value blue coins on the side of the FGH (rollup) room. ABCDE can do faster transactions with these blue coins in the FGH room (since there is lesser congestion on the rollup). Because FGH send all data to ABCDE anyway, their transactions will get included in the main journals eventually - The operator would look at all the data and cryptographic proofs, and guarantee the validity of these transactions.

This ability of ABCDE to access additional computation, while maintaining similar security guarantees as their own blockchain, is called Scaling.

Why just ‘similar’ security guarantees and not the ‘same’?

Because now there’s an additional entity involved. ABCDE trust the operator to keep their red coins safely locked. If his drawer is ever broken into, the blue coins minted on the other side would lose all their value as they are backed by the red coins in the drawer.

The Name Game

If you remember from where this post started, we said blockchain is just a shared agreement on the state. At any point, the players could agree to a completely different state of their balances - without having any transactions to prove the validity of the state. This is because players define the rules of the game! They define what is valuable and what is not.

For example, in the ‘Sovereign’ rollup case, if F convinces G to get involved with her in the fraud, they can simply ignore the mathematical proofs and choose to follow the fork where their balances are higher. Since they form the supermajority in the FGH room, their journals would define the ‘agreed’ state of the balances of all players. They have the sovereignty to fork away and choose a new state of the rollup.

This ability to coordinate together to come to an agreed state (even if it requires overriding technical/cryptographic logic), is Social Consensus.

And that is EXACTLY what we’re trying to achieve with blockchains! Blockchains are nothing but tools for social coordination!

BUT

Here’s the fundamental fact that Jon communicated in his post too: Just like in the case of the ‘Sovereign’ rollup, FGH could also choose to ignore what the operator says is valid in the case of a Smart Contract rollup. They could simply bring in a new operator to do the work and bribe him to follow their entries too.

And THAT is the entire crux of the ‘semantics’ debate. Even in the case of a Smart Contract rollup, FGH have the sovereignty to fork away and choose a new method of getting validity. They are not bounded by one operator in the ABCDE room and can replace him anytime - even though it might not always be practical as I explain below. But the important thing to know is they have the ability to do so!

Why might it not be practical?

Because sovereignty is a spectrum.

If FGH bring in a new operator, ABCDE’s minted blue coins in the FGH room would lose all their value (since these are backed by red coins locked in the original operator’s drawer). If ABCDE want to go back to their own blockchain, they can’t give their minted blue coins to the new operator since this new operator would have nothing in his drawer to give back to them.

If ABCDE’s minted blue coins represent most of the value that is in play in the FGH room, then that would probably influence FGH’s decision to use social consensus to fork away from the original operator. All this value in the rollup would go to zero with the new fork. Hence, in this case, FGH would have ‘lesser’ sovereignty than in the case where they don’t have this operator opening up a window of trade (bridge) between the two rooms.

Summarizing

Rollups are just blockchains that have a transactional relationship with another chain. They receive:

  • Security-as-a-Service (Re-org resistance, Censorship Resistance, Data Availability)

  • In some cases, a validating bridge

In exchange, they provide:

  • Rent (transaction costs)

  • Higher computation access to users (Scalability)

Of course, at any point, the rollup governance (social consensus) can choose to modify this relationship. Their sovereignty though, is a spectrum.

For rollups with a validating bridge, it can be impractical to change the relationship because most of the assets on the rollup are backed by bridge collateral. So even though it's possible for them to modify the relationship, the decision is driven by the value of the collateral.

On the other end of the spectrum are rollups that don't use a validating bridge in the first place (or don't use it as a primary source of assets/truth). For these, modifying the relationship with the other chain isn't as impractical.

Hence they are 'more' sovereign.