A Trustless Sidechain-to-StarkEx Bridge Secured by Ethereum
How to transfer funds between sidechains and StarkEx trustlessly, securely, and inexpensively
- Transferring funds between sidechains and L2s is a growing need
- Current methods: via L1 (Ethereum) — slow, expensive, yet trustless; or via App (or LP) — requires trust, yet fast and inexpensive
- We propose a trustless, secure and inexpensive sidechain-to-StarkEx bridge, which relies on Ethereum’s security
- By extending such a bridge between StarkEx and multiple sidechains, we create an effective bridge connecting these sidechains
While Ethereum remains DeFi’s “capital” blockchain, with high traction and security, and bridges to multiple chains, it is increasingly congested and suffers from high and volatile tx costs. This is driving users to other platforms such as sidechains (e.g., Polygon, BSC, Solana) and L2s (OR or ZK-Rollups). These platforms vary in their costs, security, performance, and the Apps available — fueling fragmentation.
Consequently, more and more users need to transfer funds between several platforms.
Solutions offering trustless bridges between sidechains are coming online (e.g., Hop or MovR). However, trustless interoperability between L2s (specifically: rollups) and sidechains hasn’t been solved yet.
Interoperability with Optimistic Rollups is problematic by design, as the long finality time translates to high capital requirements to operate the bridge, which translate to expensive transfers.
What about ZK-Rollups? Trustless deposits and withdrawals across L1 and ZK-Rollups are already available in live systems (e.g., dYdX, DeversiFi, Loopring). And, they provide short finality time through Conditional Transfers.
But, ZK-Rollups are currently incompatible with sidechain interoperability. The reason for this is technical: ZK-Rollups currently deployed on L1 prove the validity of specific computational statements (even if the tools behind them, such as the Cairo language, support Turing completeness). This makes them incompatible with schemes that require an “interoperability smart contract” within the Rollup.
StarkNet, our decentralized, permissionless ZK-Rollup, will change this. But what can be done with StarkEx, our trustless scalability engine, here and now? We demonstrate below how StarkEx can support interoperability with sidechains.
StarkEx has been live on Mainnet since June 2020, facilitating millions of transactions worth $Bs in aggregate. We will present the StarkEx system and schemes to demonstrate how to support the inexpensive and fast transfer of funds to and from sidechains — paving the way for better interoperability between dApps running on ZK-Rollups and sidechains. But first, let us consider what defines a good interoperability system.
The Qualities of a Good Interoperability Solution
A good interoperability solution between sidechains and L2s should apply minimal trust and provide a streamlined user experience.
To be precise:
- Minimal Trust: users should be required to trust as few entities as possible, with as little as possible.
- Fast Finality: funds should be available fast.
- Low Cost: inexpensive solutions must provide low tx prices on the respective platforms and high capital efficiency in the bridge (as costs borne by the liquidity provider will be offset to the user).
L2 — Sidechain Interoperability
Until now, users that wanted to move funds between a sidechain and L2 had to choose between two naive options: a trustless yet expensive and slow option (Figure 1) or an inexpensive and fast, yet trust-requiring method (Figure 2).
Figure 1: L1-facilitated transfer between a sidechain and L2
Figure 2: App-facilitated transfer between sidechain and L2
A StarkEx-Powered Solution
We demonstrate (Figure 3) our proposed solution, where StarkEx facilitates interoperability between an L2 and a sidechain while satisfying the three qualities of an effective interoperability solution. Note that this also applies to interoperability between sidechains, using StarkEx as a conduit.
Figure 3: A StarkEx-powered, Ethereum-secured sidechains bridge
The Benefits of StarkEx
For those unfamiliar with StarkEx, we present its essential concepts. You can find the complete documentation of StarkEx here. But, to follow the schemes, the following background is sufficient:
StarkEx is Trustless
As StarkEx relies on STARK proofs, no state update can occur on L1 without a proof that this state is indeed valid. This means that funds can change hands inside StarkEx only according to the logic implemented in Cairo, which enforces the following:
- Funds can’t be transferred from a user without their valid signature on the relevant transfer request
- The committed StarkEx state on L1 reflects all the transfers that happen in the L2 environment
- StarkEx can’t execute the same transfer twice
The outcome is that the Operator (e.g., the exchange) can’t steal the user’s funds. Forced transactions, escape hatches and a dedicated upgrading mechanism complete the picture, making StarkEx fully self-custodial.
StarkEx is Fast
The Operator may consider a transaction settled once it enters the StarkEx transaction queue. This means that users can instantly submit subsequent transactions; no need to await the actual settlement of the transaction on-chain!
StarkEx is Inexpensive
On StarkEx, even complex perpetual trading transactions cost as little as 1100 gas in ZK-Rollup mode, which is 200x cheaper than an L1 implementation of the same logic. Costs are even less in Validium mode. Furthermore, StarkEx is capital efficient, finalizing transactions as soon as the proof that contains their execution is published on-chain — which typically happens only a few hours after the transaction.
Withdrawal from StarkEx to Sidechain
Figure 4: StarkEx-Sidechain Interoperability — Withdrawal
Step 1: The user sends an off-chain request to the App, specifying the amount and type of asset they want to withdraw. The App verifies that the user has sufficient funds in their StarkEx Vault.
Step 2: The App locks the specified value and type of asset in an interoperability contract found on the sidechain. The App couples these funds against an (unsigned) StarkEx’s transfer request, which orders StarkEx to transfer the relevant assets from the user’s Vault to the App’s Vault.
Step 3: The user signs the transfer request specified at Fig. 4 step 2, activating the interoperability contract on the sidechain. This transaction immediately unlocks the user’s funds for use on the sidechain.
Fallback flow: if the user fails to sign within a limited time frame, the App reclaims the money from the interoperability contract.
Step 4: The App can now execute the transfer request on StarkEx and receive the user’s funds there.
Meeting the Requirements
- This scheme is trustless: the user gets the funds on the sidechain before they give the Operator funds on StarkEx (and the latter can’t happen without the former):
- StarkEx enforces that, in order to take funds from the user, the App must know their signature.
- Providing the signature unlocks the user’s funds in the sidechain.
2. It is fast; funds are accessible to the user after twice the sidechain finality time.
3. It is inexpensive; does not involve L1 transactions, and the App can access the funds immediately on StarkEx, and a few hours later on L1.
Deposit from Sidechain to StarkEx
Figure 5: StarkEx-Sidechain Interoperability — Deposit
Step 1: The user locks their funds in the sidechain account in the interoperability contract. These funds are coupled to specific transfer request parameters on StarkEx, which would transfer money to the user’s Vault.
Step 2: The Operator executes the transfer request in Fig. 5 step 1 within StarkEx, releasing the funds to the user’s StarkEx Vault. The user may start trading these funds immediately.
Step 3: The transfer from step 2 is batched with other transactions (Fig. 5 step 3.1). StarkEx proves to L1 that these transactions happened (step 3.2), and the on-chain state is updated accordingly (step 3.3).
Step 4: A dedicated contract on Ethereum transmits the new L1 state to the interoperability contract in the sidechain. This state, i.e., the Merkle root of all the transactions on StarkEx, confirms that the user received the funds on StarkEx as requested.
Step 5: The App opens the Merkle Tree commitment to prove to the sidechain that the user indeed received funds on StarkEx in Fig. 5 step 2, unlocking the funds in the interoperability contract for the App.
Fallback flow: if the App fails to complete Fig. 5 step 5 within a limited timeframe, the user can reclaim the funds on the sidechain from the interoperability contract.
Meeting the Requirements
- This scheme is trustless: the user receives the funds on StarkEx before the App can claim the funds on the sidechain. StarkEx logic and proofs enforce that the latter cannot happen without the former:
- To receive funds on the sidechain, the Operator must show a record of a relevant transfer to the user via StarkEx.
- StarkEx enforces that such a record can be found only if the user received the funds.
- It is fast: once a transaction is confirmed in the sidechain, the App can immediately give the user the funds on StarEx.
- It is inexpensive: transactions on the sidechain or StarkEx are inexpensive, and the large cost of the L1 transaction on step 4 is shared between many deposit requests.
Furthermore, the App can get its funds on the sidechain after a few hours.
What is Next?
StarkEx’s customers will soon enjoy the trustless interoperability schemes presented above.
As for StarkNet, our permissionless decentralized ZK-Rollup: StarkNet Planets Alpha 1 is already live on Ropsten — and we plan to support interoperability with other ecosystems such as sidechains. As StarkNet proves any arbitrary logic, it can support similar mechanisms to those described here or deploy existing interoperability solutions.
One way or the other, StarkNet facilitates a high degree of interoperability, and will become a central hive of interoperability for many DeFi Apps that seek ways to expand beyond Ethereum.