A ZK-based Scaling Solution with Bitcoin as DA

Key Takeaways

• Responding to Bitcoin’s growing state storage challenges, LumiBit offers an innovative scaling approach while maintaining decentralization.
• LumiBit chooses ZK-rollup over OP-rollup for its superior security, efficiency, and reduced costs, aligning well with Bitcoin’s architecture.
• LumiBit utilizes Bitcoin as the Data Availability layer, committed to preserving BTC’s nativeness and addressing scalability issues through innovative technology, leveraging Bitcoin’s robust network for secure and verifiable data.

Overview

LumiBit offers a comprehensive Layer 2 scaling solution for Bitcoin, utilizing ZK-Rollup as its technological foundation and Bitcoin as its Data Availability (DA) layer. This approach provides a secure, decentralized, fast, and cost-effective interaction experience for the Bitcoin network. Furthermore, it introduces the entire Ethereum on-chain ecosystem to Bitcoin, significantly expanding its capabilities and applications.

Bitcoin Scaling Solutions

As Bitcoin’s user base and the popularity of inscriptions keep growing, the Bitcoin blockchain is reaching its capacity limits, leading to increased usage costs. This situation also brings about growing state storage pressure on nodes, raising concerns about state bloat and threats to decentralization.

For the past few years, scalability has been a key goal in the Bitcoin community. The objective is to enhance scalability — faster transaction confirmability and higher throughput — without compromising decentralization, security, and network efficiency. While speed and throughput are crucial, any scalability solution must prioritize the network’s decentralization and security. There are various methods to achieve scalability, which we will briefly explore in the following sections.

Bitcoin’s scalability is commonly addressed through sidechains, state channels, and the more recently developed Layer 2 solutions. Due to Bitcoin’s smart contracts being limited to fundamental operations like signatures, time locks, and hash locks, many scalability solutions used in Ethereum are not directly transferable to Bitcoin. Consequently, early strategies for scaling Bitcoin have predominantly revolved around off-chain state channels and sidechains.

State channels like the Lightning Network use multisig to enable participants to transact quickly and freely off-chain, settling the final result with the main network. This approach significantly reduces network congestion, costs, and delays. However, current state channels mainly focus on payment channels and cannot support complex contract computations. As a result, they don’t contribute to a thriving on-chain ecosystem for Bitcoin, often relying on centralized solutions like exchanges for value transfer. Additionally, state channels lack publicly verifiable Data Availability (DA), preventing users from accessing the complete historical transaction state of the channel.

Sidechains, such as Merlin Chain, are independent blockchains that run parallel to the Bitcoin mainnet. They communicate with Bitcoin through bidirectional pegs and operate under their own consensus rules and block parameters. While sidechains with structures different from Bitcoin, like those using an Account model, could support an expanded on-chain ecosystem, mainstream sidechains haven’t adopted this approach. Due to their independent consensus rules and data structures, the Data Availability (DA) of sidechains is not guaranteed by the Bitcoin network, potentially compromising asset security in cases of malicious sidechain nodes.

Rollups, originally from the Ethereum ecosystem, offload transaction computations to Layer 2 while storing data on Layer 1. This allows rollups to expand capacity in a decentralized manner while inheriting Layer 1’s native security. They periodically send verifiable transaction states to the Layer 1 main chain, reducing costs and ensuring security through Layer 1 as the data availability layer. The Ethereum community has unanimously adopted rollups for scalability, and the Bitcoin community is following suit. Rollups, with their efficiency, security, and decentralization, have become the mainstream solution for Bitcoin’s scalability.

OP-rollup vs ZK-rollup

Rollup scalability methods are categorized based on their verification approach into OP-rollup (using Fraud Proof) and ZK-rollup (using Zero Knowledge Proof).

These distinctions between OP-rollup and ZK-rollup highlight the differences in security, efficiency, and user costs associated with each method.

OP-rollup, based on fraud proofs, is a rollup solution where transactions are batched and compressed off-chain to reduce L2 transaction fees for Bitcoin users. Nodes regularly submit these batched states to Bitcoin L1, assuming by default that off-chain transactions are valid, with no incorrect states submitted. This “optimistic” assumption means L1 doesn’t need extra computation if transactions are always valid, saving users from additional computational costs.

The “optimistic” assumption differentiates OP-rollup from ZK-rollup. In cases where invalid transactions are submitted (e.g., a node submits transactions contrary to user expectations), users are required to monitor state submissions made by nodes to L1 and initiate challenges against any perceived malpractices. If a challenge successfully proves wrongdoing by a node, the challenger is eligible for a reward. This challenge period allows users to dispute submissions before they’re deemed valid on Bitcoin L1. If unchallenged or proven wrong, the transaction is validated; otherwise, the entire L2 state rolls back to the previous state.

ZK-rollup, based on validity proofs (also known as ZK-Proof due to their generation via zero-knowledge proofs), is a rollup solution that periodically batches and compresses off-chain transactions with the following distinctions:

1. Transaction execution is performed through a zero-knowledge proof circuit, ensuring each transaction has a corresponding zero-knowledge proof.
2. Batched and compressed transactions generate respective zero-knowledge proofs to verify the transactions’ correctness and prevent fraud.
3. The transaction states submitted to L1 are more succinct than in OP-rollup, resulting in lower user expenses.

ZK-rollup relies on mathematical proofs rather than optimistic assumptions. The content submitted to the chain consists of zero-knowledge proofs, not transaction states. This means invalid transactions cannot be updated to L1, as they cannot generate valid zero-knowledge proofs. This mathematically grounded scaling solution eliminates the need for a challenge period, allowing users to initiate withdrawal requests at any time by submitting zero-knowledge proofs.

Compared to OP-rollup, ZK-rollup offers significant advantages in withdrawal timing, security, and transaction fees. To adapt to Bitcoin’s block structure, LumiBit chose ZK-rollup as the scaling solution for Bitcoin, resulting in lower transaction costs and faster fund confirmation times for users. Additionally, LumiBit has optimized ZK-rollup to align with Bitcoin’s network architecture.

LumiBit ZK-rollup Structure

LumiBit’s ZK-rollup solution for Bitcoin comprises:

Layer 1: Bitcoin, lacking smart contract, requires splitting the on-chain contract into a storage script and an off-chain verification client.

1. On-chain Storage Script: The publicly verifiable script sequentially stores transaction states, zero-knowledge proofs, and validation results from LumiBit L2 based on block height. It executes storage requests initiated by specific addresses.
2. Off-chain Validator: An open-source ZK proof validator verifies the transaction states and proofs in the on-chain script, returning results to it. This validator can be used by anyone for verification.

Layer 2: LumiBit provides a ZK-EVM-based scaling solution, allowing users to explore Bitcoin L2 ecosystem through interaction with ZK-EVM. On L2, user transactions, LumiBit’s historical states, and global account statuses are processed by a zero-knowledge proof generator. Nodes consolidate and package L2 states over time, submitting these alongside their corresponding proofs to the on-chain storage script.

Transaction State Aggregation

LumiBit utilizes the Halo2 zero-knowledge proof scheme to generate validity proofs for transactions. After executing user transactions, ZK-EVM produces a zero-knowledge proof for each transaction state change. These proofs are only generated if the transaction is valid and executable. For a detailed explanation of this process, refer to the article: Halo2 Explanation.

Layer 2 nodes in LumiBit package all transactions into blocks, segregating historical states. Each block contains several transactions and their respective state changes. These state changes are aggregated into a block’s total state, with nodes generating a zero-knowledge proof for this total state. Periodically, LumiBit’s Layer 2 nodes aggregate historical block states and produce a root proof through zero-knowledge proof nodes. This root proof encompasses the validity checks of historical transactions, meaning if there’s an erroneous transaction in a block, the root proof generation will not proceed.

Once the nodes complete generating the root proof and packaging historical transaction states, they send this information to the Bitcoin network. This process ensures the Data Availability (DA) correctness and relies on the Bitcoin network to maintain the consistency and security of LumiBit’s historical transaction states.

Use Bitcoin as DA Layer

“Don’t trust, verify” is a guiding principle in the Bitcoin community. Using Bitcoin as the Data Availability (DA) layer leverages its robust computational power to ensure the security of LumiBit’s Layer 2.

Data Availability refers to the ability to publicly and promptly publish data on a network. In other words, having DA on Bitcoin implies using it as the data availability layer, with the data being verifiable on the Bitcoin network at any time. DA focuses on ensuring data accessibility, not storage permanence, guaranteeing that everyone can access the data within a certain time frame.

The challenge for Bitcoin’s L2 Data Availability (DA) is finding an affordable and effective method for data uploading, publishing, and verification within the Bitcoin network. As rollup transactions are sent to Bitcoin in an aggregated form, the block capacity of Bitcoin limits the size of rollup data. Without increasing Bitcoin’s block capacity, the only solution lies in utilizing more efficient data compression, proof, and verification methods to manage this constraint effectively.

ZK-rollup enables the replacement transaction states with more succinct zero-knowledge proofs, and this applies to account states as well. The complexity of verification and proof generation is shifted off-chain, reducing both the data storage on Bitcoin L1 and the cost for users when submitting transactions on L2. This approach effectively lightens the load on the Bitcoin network and enhances efficiency for users operating within the L2 framework.

LumiBit enhances DA by storing compressed root proofs in UTXOs, ensuring data integrity and accessibility without adding extra burden to the BTC mainnet, and guarantees the security and verifiability of Layer 2 data, ensuring a seamless experience for all users. Our strategic cooperation with mining pools stabilizes DA, leveraging their computational power to maintain network efficiency and control DA costs. The integration of compressed proofs and collaboration with mining pools allows LumiBit to offer a scalable solution that is both cost-effective and environmentally conscious.

LumiBit sets up BTC nodes and leverages the DVN (Decentralized Verifer Network) mechanism for DA between LumiBit and the BTC mainnet. Users can independently execute ZK-rollup proof verifications using open-source clients.

In LumiBit, embracing the Bitcoin community’s ethos of “Don’t trust, verify,” users can independently confirm the proof verification process of Layer 2 nodes, enabling trustless interactions within the network.

Final Thoughts

In conclusion, LumiBit’s unique implementation of ZK-rollup technology and the strategic use of Bitcoin as the Data Availability layer underscore a forward-thinking approach in blockchain scalability. This combination not only propels Bitcoin’s Layer 2 infrastructure but also preserves its foundational principles of security and decentralization. LumiBit’s method stands out as a pioneering solution in the blockchain space, paving the way for more robust and versatile applications within the Bitcoin ecosystem.