Cointime

Download App
iOS & Android

On Trust Minimization and Horizontal Scaling

Ethereum is a permissionless world computer that possesses (arguably) the highest amount of economic security at the time of writing, acting as the settlement ledger for a vast number of assets, applications, and services. Ethereum does have its limitations – blockspace is a scarce and expensive resource on Ethereum layer one (L1). Layer two (L2) scaling has been seen as the solution to this problem, with numerous projects coming to market in recent years, mostly in the form of rollups. However, rollups, in the strict sense of the term (meaning rollup data is on Ethereum L1), does not allow Ethereum to scale indefinitely, only allowing up to few thousands of transactions per second.

Trust-minimized – (a feature of) an L2 system is trust-minimized if it functions without requiring trust external to the base L1.

Horizontal scaling – a system is horizontally scalable if instances can be added without imposing global bottlenecks.

In this article, we argue that trust-minimized and horizontally scalable systems are the most promising way of scaling blockchain applications, yet they are currently under-explored. We present the argument by exploring three questions:

  1. Why should applications be trust-minimized?
  2. Why build systems that are horizontally scalable?
  3. How can we maximize both trust minimization and horizontally scalability?

(Disclaimer: although we will focus on Ethereum as the base L1 in this article, most of what we discuss here applies to decentralized settlement layers beyond Ethereum.)

Why should applications be trust-minimized?

Applications can be connected to Ethereum in a trusted manner – they can write to and read from the Ethereum blockchain but trust is placed on the operators to execute business logic correctly. Centralized exchanges like Binance and Coinbase are great examples of trusted applications. Being connected to Ethereum means that applications can tap into a global settlement network with a diverse set of assets.

There are significant risks associated with trusted off-chain services. The collapse of major exchanges and services in 2022, such as FTX and Celsius, is a great cautionary tale of what happens when trusted services misbehave and fail.

On the other hand, trust-minimized applications can write to and read from Ethereum verifiably. Examples include smart contract applications such as Uniswap, rollups such as Arbitrum or zkSync, and coprocessors such as Lagrange and Axiom. Broadly speaking, trust is removed as applications become secured by the Ethereum network, as more functionalities (see below) get outsourced to L1. As a result, trust-minimized financial services can be offered without counterparty or custodian risks.

There are three key properties that applications and services can have, which can be outsourced to L1:

  • Liveness (and ordering): user-submitted transactions should be included (executed and settled) in a timely manner.
  • Validity: transactions are processed according to prespecified rules.
  • Data (and state) availability: historical data, as well as current application state, is made accessible to the user.

For each of the above properties, we can think of what is the trust assumption required; in particular, does Eth L1 provide the property or is external trust required. The table below categorizes this for different architecture paradigms.

Why build systems that are horizontally scalable?

Horizontal scaling refers to scaling via the addition of independent or parallel instances of a system, e.g. application or rollup. This requires no global bottleneck to be present. Horizontal scaling enables and facilitates exponential growth.

Vertical scaling refers to scaling via the increase of throughput of a monolithic system, such as Eth L1 or a data availability layer. When horizontal scaling runs into bottlenecks on such a shared resource, vertical scaling is often required.

Claim 1: (Transaction-data) rollups cannot horizontally scale because they can be bottlenecked by data availability (DA). Vertically scaling DA solutions require making compromises on decentralization.

Data availability (DA) remains the bottleneck for rollups. Currently, each L1 block has a maximum size target of ~1 MB (85 KB/s). With EIP-4844, there will be an additional ~2 MB (171 KB/s) made available (in the long-term). With Danksharding, Eth L1 may eventually support up to 1.3 MB/s of DA bandwidth. Eth L1 DA is a shared resource that many applications & services compete for. Therefore, although using L1 for DA provides the best security, it bottlenecks the potential scalability of such systems. Systems that utilize L1 for DA will (typically) not be able to horizontally scale and have diseconomies of scale. Alternative DA layers, such as Celestia or EigenDA, also have bandwidth limits (although larger, at 6.67 MB/s and 15 MB/s, respectively). But it comes at the expense of shifting the trust assumption from Ethereum to another (often less decentralized) network, compromising on (economic) security.

Claim 2: The only way to horizontally scale trust-minimized services is to obtain (close to) zero marginal L1 data per transaction. The two known approaches are state-diff rollups (SDR) and validiums.

State-diff rollups (SDRs) are rollups that post state differences across an aggregated batch of transactions to Ethereum L1. For the EVM, as transaction batches grow larger, the per transaction data posted to L1 diminishes to a constant that is much smaller than that of transaction-data rollups.

For example, during the stress-test event of high in-flood of inscriptions, zkSync saw a reduction of calldata per transaction down to as low as 10 bytes per transaction. In contrast, transaction-data rollups like Arbitrum, Optimism, and Polygon zkEVM, typically see around 100 bytes per transaction for normal traffic.

A validium is a system that posts validity proofs of state transitions to Ethereum, without associated transaction data or state. Validiums are highly horizontally scalable, even under low traffic conditions. This is especially true as the settlement of different validiums can be aggregated.

Besides horizontal scalability, a validium can also provide onchain privacy (from public observers). A validium with private DA has centralized and gated data and state availability, meaning that users have to authenticate themselves before accessing data and that the operator can enforce good privacy measures. This enables a level of user experience similar to traditional web or financial services – user activities are hidden from public scrutiny but there is a trusted custodian of user data, in this case the validium operator.

What about centralized vs decentralized sequencers? To keep systems horizontally scalable, it is crucial to instantiate independent sequencers, either centralized or decentralized. Notably, although systems using shared sequencers enjoy atomic composability, they cannot horizontally scale, as the sequencer can become a bottleneck as more systems are added.

What about interoperability? Horizontally scalable systems can interoperate without additional trust if they all settle to the same L1, as messages can be sent from one system to another via the shared settlement layer. There is a tradeoff between operating cost and messaging delay (which can potentially be solved at the application layer).

Trust-minimization for horizontally scalable systems

Can we further minimize trust requirements for liveness, ordering, and data availability in horizontally scalable systems?

It is of note that, at the cost of horizontal scalability, we know how to salvage trustless liveness and data availability. For example, L2 transactions can be initiated from the L1 for guaranteed inclusion. Volition can offer opt-in L1 state availability for users.

Another solution is to simply _decentralize _(but not rely on the L1). Instead of a single sequencer, systems could become more decentralized by utilizing decentralized sequencers (such as Espresso Systems or Astria), therefore minimizing the trust required for liveness, ordering, and data availability. Doing so places limitations compared to single-operator solutions: (1) performance may be bounded by the performance of the distributed system, and (2) for validiums with private DA, the default privacy guarantee is lost if the decentralized sequencer network is permissionless.

How much trust can we additionally minimize for single-operator validiums or SDRs? There are a couple of open directions here.

Open direction 1: Trust-minimized data availability in validiums. Plasma solves the state availability problem to a certain extent–It solves the problem either for withdrawals only for certain state models (which includes the UTXO state model), or requires users to be online periodically (Plasma Free).

Open direction 2: Accountable pre-confirmations in SDRs and validiums. The goal here is to provide users with fast pre-confirmation of transaction inclusion from a sequencer, and the confirmation should allow the user to challenge and slash the economic stake of the sequencer if the inclusion promise is not fulfilled. The challenge here is that proving non-inclusion (necessary for slashing) likely requires additional data for the user, which a sequencer can simply withhold. Therefore, it is reasonable to assume that we at least require the SDR or validium to employ a (potentially permissioned) data availability committee for its full calldata or transaction history, which enables the same committee to provide proof of non-inclusion (of pre-confirmed transactions) upon a user request.

Open direction 3: Fast recovery from liveness failures. Single-operator systems can suffer from liveness failures (e.g. Arbitrum went offline during the inscription event). Can we design systems that provide minimal service disruption in this scenario? In some sense, L2s that allow self-sequence and state proposals do provide guarantees against prolonged liveness failures. Designing single-operator systems that are more resilient against shorter liveness failures is currently under-explored. One potential solution here is to make liveness failures accountable, by providing slashing against liveness failures. Another potential solution is to simply shorten the delay period (which is currently set to be around a week) before a take-over can happen.

Conclusion

Scaling a global settlement ledger while maintaining trust minimization is a hard problem. There has not been a clear distinction between vertical scaling and horizontal scaling in the rollup and data availability world today. To truly scale trust-minimized systems to everyone on earth, we need to build trust-minimized and horizontally scalable systems.

Acknowledgements

Many thanks to Vitalik Buterin and Terry Chung for feedback and discussion, as well as Diana Biggs for her editorial comments.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.