pull down to refresh
5 sats \ 0 replies \ @lightcoin OP 7 Jan 2023 \ parent \ on: AMA - John Light, bitcoin researcher bitcoin
The main difference is certainty over data availability, which ultimately boils down to certainty of ownership security (i.e. that if you own coins, no one else can move them without your private key and you can transfer the coins at-will as long as you pay a market-rate fee).
The merkle root is not enough for a holder of coins on the sidechain to unilterally produce a proof and withdraw their coins, they need data about the entire state of the sidechain to be able to prove that they own some coins in the current canonical state. And there's a problem that can occur called a "data withholding fault" where sidechain block producers create a block, commit the hash to the parent chain, but don't actually broadcast the block. Then users are stuck, because they don't have enough data to produce a proof that convinces parent chain full nodes they own some coins in the current canonical sidechain state. Maybe they have data to show that they owned coins in the past, but they could have spent the coins in the block that wasn't published -- it's uncertain without the proof, so parent chain full nodes won't let those users withdraw their coins back to the parent chain. And since the block producers aren't publishing those blocks, even if the user could get a transfer tx confirmed in a sidechain block, no one would know if the tx was confirmed since the block data isn't available. So then the sidechain coins are worthless. If this was actually an attack by sidechain block producers and not just a technical failure, at this point they can extort users ("we will give you the block data if you transfer us x% of your coins" or something like that).
Rollups solve the data availability problem by publishing rollup block data (or a compressed form of it that still has enough information to reconstruct the rollup state) inside of the parent chain blocks. This, combined with the use of validity proofs to ensure the correctness of rollup state transitions, makes the rollup ownership security equal to the parent chain ownership security, since the data availability guarantees are equivalent and coins cannot be transferred on the rollup without cryptographic proof of correctness.