Cryptocurrencies: why you should know about rollups

The world of blockchain and cryp­toas­sets have seen bet­ter days. Indeed, we only need to look at the resound­ing col­lapse of the FTX exchange or the recent Ethereum update – the largest in the young his­to­ry of the cryp­tocur­ren­cy – to under­stand this. Nev­er­the­less, even if this news gets a lot of atten­tion, oth­er devel­op­ments are under­way in the cryp­toas­set world… More dis­creet cer­tain­ly, but no less influ­en­tial in the long run. Among them are rollups: a new tech­nique that researchers iden­ti­fy as being deci­sive for the future of cryptocurrency.

To bet­ter under­stand the impor­tance of these tech­niques, let’s remem­ber that the blockchain is an inde­struc­tible sys­tem of records that any­one can con­sult at will. More­over, any­one can write on it, which makes the blockchain a con­stant­ly evolv­ing sys­tem. How­ev­er, it would ben­e­fit from becom­ing faster, cheap­er, and more envi­ron­men­tal­ly friend­ly, which is one of the promis­es of future trans­for­ma­tions in this sec­tor. Espe­cial­ly since these improve­ments are becom­ing increas­ing­ly urgent as blockchain is becom­ing more wide­spread across all sec­tors: sports, com­merce, and culture.

How­ev­er, it is not as sim­ple as it may seem due to many obsta­cles, main­ly due to the fact that these promis­ing devel­op­ments must pre­serve the three pil­lars of the blockchain: secu­ri­ty (the net­work must be able to val­i­date the authen­tic­i­ty of trans­ac­tions); decen­tral­i­sa­tion (it must be suf­fi­cient­ly autonomous so as not to be sub­ject to a cen­tral body); and scal­a­bil­i­ty (i.e. its capac­i­ty to process a giv­en num­ber of trans­ac­tions). This scal­a­bil­i­ty is the key­stone of cur­rent research, par­tic­u­lar­ly in cryp­tog­ra­phy. For exam­ple, Bit­coin can only process sev­en trans­ac­tions per sec­ond, com­pared with 24,000 for the VISA sys­tem. It is there­fore under­stand­able that the sim­ple val­i­da­tion of a banal pur­chase can become a dif­fi­cul­ty in the event of mas­sive trans­ac­tions on the network.

To meet these chal­lenges in part, two impor­tant con­cepts have become estab­lished in the field of cryp­tocur­ren­cies: rollup and zero knowl­edge.

The rollup mech­a­nism uses a cryp­to­graph­ic tech­nique called a Merkle tree (or hash tree). The hash trans­forms any input – a text or an image, for exam­ple – into a string of bytes of fixed length and struc­ture. In a sin­gle short trans­ac­tion, this Merkle tree makes it pos­si­ble to com­mit and con­firm not one, but thou­sands of trans­ac­tions with it, some­thing that was not pos­si­ble before.

To bet­ter under­stand the impor­tance of the rollup, we need anoth­er essen­tial notion: the block head­er. This block, the one present in the term Blockchain, refers to those links where suc­ces­sive trans­ac­tions between users are stored chrono­log­i­cal­ly since the cre­ation of the blockchain, each of the blocks and their sequence being pro­tect­ed against any modification.

Even with­in the best-known cryp­tocur­ren­cy, Bit­coin, there is a notion of a block head­er and block con­tent. This head­er con­tains only the root of the Merkle tree, while the block con­tains all trans­ac­tions. This mech­a­nism makes it pos­si­ble, for exam­ple, to design light­weight appli­ca­tions to man­age cryp­toas­sets on smart­phones. These appli­ca­tion pro­grams only use the block head­ers when pay­ing with bit­coins, for exam­ple, because they only weigh a few megabytes each, and do not embed the entire blockchain, which would be tech­ni­cal­ly impos­si­ble to manage. 

It is pos­si­ble to approve thou­sands of trans­ac­tions that can then be ver­i­fied as hav­ing been ini­ti­at­ed. And all at low cost.

These head­ers are gen­er­at­ed by cryp­to­graph­ic hash­ing and val­i­dat­ed by what is called a Proof of Work. This is the main con­sen­sus mech­a­nism of blockchains. The rollup mech­a­nism offers the same secu­ri­ty as Bit­coin’s Proof of Work but, in real­i­ty, the user is only deal­ing with head­ers and does not see the entire­ty of the trans­ac­tions con­tained in the Merkle trees. Here, with very lit­tle infor­ma­tion, it is pos­si­ble to approve thou­sands of trans­ac­tions that can then be ver­i­fied as hav­ing been ini­ti­at­ed. And all this at low cost.

This notion of rollup can be found on oth­er blockchains that include an oper­a­tor: the famous smart con­tracts, and first and fore­most Ethereum. This cryp­tocur­ren­cy is expe­ri­enc­ing an ever-increas­ing demand from users. As a result, trans­ac­tion speeds are falling, while trans­ac­tion fees are ris­ing inexorably. 

With­in Ethereum, smart con­tracts are pro­grams stored in the blockchain that are auto­mat­i­cal­ly acti­vat­ed by each trans­ac­tion. They guar­an­tee the integri­ty, valid­i­ty, and invi­o­la­bil­i­ty of trans­ac­tions, if and only if all the con­di­tions are met. The whole process is auto­mat­ed. How­ev­er, these smart con­tracts, which are exe­cut­ed with each trans­ac­tion, also slow down the val­i­da­tion system.

In a sin­gle oper­a­tion, 1,000 or 10,000 trans­ac­tions can be car­ried out. Today, Ethereum only accepts 12 trans­ac­tions per second.

The idea of inte­grat­ing rollups into Ethereum is based on the same idea as Bit­coin: free­ing up band­width. The rollup oper­a­tor, which is actu­al­ly out­side the blockchain, reg­u­lar­ly updates the root of the Merkle tree in a sin­gle trans­ac­tion filed on the main blockchain. 

This cryp­to­graph­ic mech­a­nism makes it pos­si­ble, with very lit­tle infor­ma­tion, to pro­vide evi­dence lat­er that trans­ac­tions have been car­ried out, to prove their exis­tence in the future. In a sin­gle oper­a­tion, 1,000 or 10,000 trans­ac­tions can be car­ried out. How­ev­er, Ethereum cur­rent­ly accepts only 12 trans­ac­tions per sec­ond, which caus­es trans­ac­tion costs to soar and makes this blockchain less and less attractive.

The major chal­lenge raised by this mech­a­nism is secu­ri­ty, as it is nec­es­sary to ensure that the rollup oper­a­tor does not make a mess of things. This process allows him to place a hash on the blockchain that does not imme­di­ate­ly val­i­date a pend­ing trans­ac­tion. The blockchain must be able to cer­ti­fy the hash. Two philoso­phies emerge from this. On the one hand, there are the so-called opti­mistic rollups and on the oth­er hand, the rollups that are some­what inap­pro­pri­ate­ly called zero knowl­edge (ZK) rollups.

Opti­mistic rollups are proofs of fraud issued by agents, usu­al­ly pro­grams, that observe the blockchain and users’ trans­ac­tions. If the hash placed by an oper­a­tor is fraud­u­lent with respect to the appli­ca­tion rules, the oper­a­tor is pun­ished, and the observ­er is reward­ed. All this hap­pens over a long time-win­dow of sev­er­al days. This off-chain process is called opti­mistic because all that is hoped for is that this warn­ing mech­a­nism does not get triggered. 

The oth­er fam­i­ly, ZK rollups, works dif­fer­ent­ly. Every time the rollup oper­a­tor places the root of the Merkle tree on the blockchain, it also deposits proof, in the cryp­to­graph­ic sense, that every­thing is cor­rect. This process uses a major con­cept in cryp­tog­ra­phy called SNARK, which proves that a cal­cu­la­tion has been car­ried out cor­rect­ly. Above all, this proof is very short even if the cal­cu­la­tion is very long. If the cal­cu­la­tion involves 100 mil­lion oper­a­tions, it weighs only a few hun­dred bytes at most. This is a bit of a miracle. 

These two tech­nolo­gies, opti­mistic rollups and ZK rollups, are based on the same phi­los­o­phy: to reduce the amount of infor­ma­tion per trans­ac­tion and to push the proof of valid­i­ty as far as pos­si­ble towards cryp­to­graph­ic mechanisms.

Jean Zeid