0 sats \ 2 replies \ @lightcoin OP 7 Jun \ parent \ on: ZK Rollup on Bitcoin: Technical Whitepaper bitcoin
there are tradeoffs involved with account based chains vs utxo chains. one isn't necessarily better than the other. which is better depends on the use case at hand (and for some use cases, either would work just fine)
there are privacy solutions like firn, railgun, and umbra that mitigate or negate the harms of address reuse.
there are already account based chains with parallel transaction processing. though even with sequential processing, chains are getting to pretty large scale already. anyways, at a certain point, it makes more sense to shard execution rather than keep scaling the same execution environment if the goal is preserving decentralization. all that said, since a bitcoin rollup would be limited in scale by bitcoin's data availability capacity, scaling isn't even the main concern here.
no, past the limit you just can't create any more accounts.
no, past the limit you just can't create any more accounts
Awesome!
there are already account based chains with parallel transaction processing
Yes, however UTXO based chains can achieve near perfect distribution and scaling (I researched and designed this for an L3 on lightning built for performance), unlike an account ledger. The actual implementation can become much more efficient too by removing things like locks from the implementation entirely. Account ledgers mean that simple (therefore fast and reliable) ways to partition the layer don't work as accounts can have vast differences in activity. The UTXO model enables perfect distribution - basic properties such as transaction and public key hashing can be used/exploited to achieve this.
This L2 could be implemented as a UTXO layer too, so this is not an issue with core features (the ZKP and Taproot/MMR integrations are fantastic) but rather an improvement to this!
there are privacy solutions like firn, railgun, and umbra that mitigate or negate the harms of address reuse
Yes, this is awesome. However, privacy shouldn't be a bolt on addition for a settlement layer. UTXO chains are superior privacy and security wise - a UTXO model also counters most practical quantum attacks too as the signature is revealed at most for a short amount of time and never reused, discounting that clients have to be built to support a more complex UTXO model. Though bitcoin's had no problem with this and it's basically a non issue...
I am curious, are you an author from Alpen?
reply
However, privacy shouldn't be a bolt on addition for a settlement layer.
What meaningful differences do you think there are between having a privacy app like Railgun vs making privacy a "native" feature at the consensus layer of the chain?
a UTXO model also counters most practical quantum attacks too
This weakness of the account model can be mitigated by using a PQ signature algorithm in the L2. PQ signatures tend to be relatively large in size but with a ZKP L2 we can aggregate these signatures into a single PQ ZKP (e.g. STARK) so that the L1 footprint is no larger than it otherwise would be.
I am curious, are you an author from Alpen?
I work for Alpen but was not an author on this paper.
Good comments, thanks for the feedback!