Ethereum expansion holy grail dispute: zkRollup vs Validium

Written in front: With the prosperity trend of stablecoin and other applications, the Ethereum Layer 2 expansion battle has been on the horizon recently, and the competition for DeversiFi recently adopted the Validium solution. Matter Labs founder Alex Gluchowski wrote about the existence of this solution. Two major problems: 1. User funds can be frozen, 2. User funds can be confiscated. Therefore, it believes that the Validium scheme may be suitable for traditional high-frequency transactions or games with low trust assumptions. In contrast, no trust is required at all. The zkRollup solution is very suitable for expanding decentralized crypto payments.


The following is the translation:

DeversiFi recently launched a new version of the exchange, and its underlying power is provided by StarkEx. This is an incredible technical achievement, it improves the security level of the crypto exchange. This also marks a historic turning point: this is the first time STARKs have been used in production systems (a concise zero-knowledge proof without trusted settings).

In the background, StarkEx is actually a Validium (a Layer-2 expansion solution), and the validity of all its transactions is achieved through zero-knowledge proofs, while the availability of data remains outside the chain. This prevents the theft of funds in Validium, because every value transfer from a given user account must be authorized by that user.


The mechanism of Validium is very similar to zkRollup, the only difference is that the data availability in zkRollup is on-chain, while Validium keeps it off-chain. This allows Validium to achieve higher throughput, but it comes at a price:

Cost 1. The operator of StarkEx Validium can freeze the user’s funds

“The people who can destroy a thing, they control it.” (For people who can destroy a thing, they will control him, intuitively means to control the core, you can control all related things)——Frank Herbert, “Dune”

Without zkRollup’s data availability guarantee, Validium’s operators (or more accurately, data availability managers) can refuse any user’s right to transfer funds.

It works like this: Carriers make small changes to the Merkelized state without revealing the state changes to users. Due to the lack of this information, users cannot create Merkle ownership certificates for their accounts.


Note: If the operator changes account d3, the owner of account d1 will lack the required information for node m when proving the ownership of his account .

Is there a way to prevent data withholding attacks in Validium? Since the concept of Plasma was proposed in 2016, this problem has been widely discussed, and zkRollup is the result of research to solve this problem. In contrast, non-rollup attempts to ensure data availability in an unreliable manner will cause Validium to lose most of its competitive advantage .

Although this problem cannot be completely solved, StarkEx alleviates this problem by introducing a Licensed Data Availability Committee (DAC). The DAC must sign each update to the status through its quorum of members to confirm that it has received the data. In StarkEx, the DAC is composed of 8 participants (adding too many members will jeopardize the activity of the system), and these participants are also highly reputable organizations. They are unlikely to abuse their power, but paradoxically, high visibility, good reputation, and residence in a strong jurisdiction are what make them vulnerable. A possible situation is that the operator must implement KYC/AML regulations and is obliged to freeze all funds in accounts with a transaction history exceeding USD 10,000.

As we delve deeper, the problem becomes more interesting. StarkEx implements a verifier contract upgrade mechanism, which allows operators to immediately add new items to the verifier contract chain without delay. This cannot invalidate any old logic (for example, you cannot delete user signature checks). Instead, it allows additional constraints to be added (in terms of Solidity, you can think of constraints as `require()`statements).

This is a good security feature: if any missing constraints are found in StarkEx’s STARK circuit logic, it can be quickly repaired without introducing any new vulnerabilities. However, this function can theoretically also be used as a hidden censorship backdoor . In short, StarkEx operators can always deploy extensions to contract logic that introduces blacklists without warning users in advance. It is not completely clear from their documents, but it seems that the implementation of the new rules does not require the consent of the DAC.

If you think of StarkEx as a completely decentralized exchange agreement, this doesn’t make much sense (in contrast, imagine that Vitalik Buterin has a switch that can immediately freeze any Ethereum account).

On the other hand, if you think of StarkEx as a security enhancement for crypto exchanges (the creators of which will definitely do this), then it makes perfect sense.

Cost 2. Operators of StarkEx Validium can confiscate users’ funds

Let us expand the thought experiment. For any hypothetical reason (most likely due to circumstances beyond the operator’s control), many users’ assets are now frozen. The next question is, can the user’s funds on StarkEx be confiscated?

In fact, this can happen .

StarkEx, like many other encryption projects, implements a state-of-the-art upgrade mechanism. Users will be notified 28 days before the new version is deployed, and anyone who doesn’t like it can opt out.

However, those whose funds have been frozen have no way to withdraw.

After the grace period ends, new contract logic can be deployed to transfer the frozen funds to the designated party’s escrow wallet. Unfortunately, no affected users are able to take opposing actions.

There are also reasonable concerns that the upgrade notice period itself may not be sufficient to allow every user who does not agree to the change to log out (the so-called “massive logout” scenario). But this issue is a question of the scalability of a general contract, not unique to Validium.


zkRollup’s data availability protects users’ funds from seizure and censorship

In theory, as long as one Ethereum full node is online, zkRollup users can access the rollup status.

How it works: For each zkRollup block, the information needed to reconstruct the state change must be submitted as the call data of the Ethereum transaction, otherwise the zkRollup smart contract will refuse to perform the state transition. The state change on zkRollup will cause a small amount of gas overhead for each transaction, which will increase linearly with the number of transactions.

With Merkle tree data, the censored users can always claim funds directly from the zkRollup contract on the mainnet. All they need to do is provide a Merkle certificate of ownership of their account. Therefore, the availability of data on the chain can ensure that no one (including the zkRollup operator) can freeze or obtain user funds.

However, the on-chain storage of data availability has led to the limitation of throughput-zkRollup has a strict practical limit on the current Ethereum mainnet, which is 2000 transactions per second (TPS), while StarkEx Validium claims to have 9000 + TPS. This difference may play an important role in determining the application areas and use cases of the two technologies. For example, zkRollup is very suitable for expanding decentralized crypto payments (VISA’s TPS is around 2000), as well as for immutable smart contracts that have strict trust-free requirements. On the other hand, Validium may be more suitable for traditional high-frequency trading or games with lower trust assumptions .

in conclusion

We have shown that zkRollup and Validium (StarkEx) are somewhat similar in how they work. The main difference between them is whether the data is available on-chain or off-chain, which is crucial to understanding which applications they are suitable for. This difference means that zkRollup is a decentralized extension protocol that does not require trust, and Validium shows more attributes of the managed PoA system (whether it is throughput or risk characteristics), although its security is greatly improved.

Each technological development that reduces trust and provides users with more control over their assets is a step towards enhancing their personal capabilities. In order to move forward, we always need to make trade-offs.

Nonetheless, the crypto community is increasingly unanimous in thinking that technology has passed the stage of “don’t be evil” and it is now time for “can’t be evil”. We can achieve this through self-custody, censorship resistance, privacy, and eliminating single points of failure. These ideas constitute the basic values ​​of the system we are trying to build.

The era of scalability without trust has arrived!

Leave a Reply
Related Posts