One of the most valuable attributes of most blockchain applications is “trustlessness”, that is, the application can keep running in the expected manner without relying on specific participants to act in a specific form, even if their relevant interests may change in the future And make it make unexpected moves. Blockchain applications have never been completely trust-free, but some applications do have a higher degree of trust-free than others. If we want to move towards the goal of minimizing trust, we need to first be able to distinguish the level of trust.
First of all, my simple definition of “trust” is: trust is to make assumptions about the behavior of others. Before the epidemic broke out, you would not deliberately keep a distance of two meters from others because you were walking on the street to prevent someone from stabbing you suddenly. This is a kind of trust: one is trusting that people rarely lose heart, and the other is the legal system The maintainers have a strong motivation to restrain this behavior. When you run a piece of code written by someone else, you trust them to be honest when writing the code (whether it is out of their own conscience or the financial benefit of maintaining reputation), or at least enough people are checking the code To find the loopholes. Not personally growing food is another kind of trust. I believe that enough people will cultivate food for profit and sell it to you. You can trust groups of different sizes, and the types of trust are also different.
In order to analyze the blockchain, I tried to decompose trust into the following dimensions:
How many people do you need to act according to your expectations?
What is the total number of people?
What motivation do people need? Do they need to be altruists or profit-seeking people? Do they need to avoid collaboration?
If these assumptions are violated, how severe will the system be affected?
1 of 1: There is only one participant in the entire system. If this participant behaves as you expect, the system will (just) function normally. This is the traditional “centralized” model, and it is also the model we want to surpass.
N of N: The “dystopian” world. All participants in the system must act according to expectations for the system to operate normally. If any of them fails, we have no remedy.
N/2 of N: This is how the blockchain works. If most of the miners (or PoS verifiers) are honest, the blockchain can operate normally. It should be noted that the larger the value of N, the more valuable N/2. Compared to a blockchain controlled by a small number of miners/validators, a widely distributed network of miners/validators makes more sense. Nevertheless, due to the possibility of 51% attacks, we still want to take this level of security even further.
1 of N: There are many participants, and as long as at least one of them acts as expected, the system can operate normally. Any system based on fraud proof falls into this category, as does the trust setting, although the value of N is usually small in this case. Please note that we really want the value of N to be as large as possible!
Very few of N: Among the many participants, as long as a fixed number of small participants act as expected, the system can operate normally. Data availability check is one of them.
0 of N: The system can operate normally without relying on external participants. Personally verifying the block falls into this category.
Although models other than “0 of N” have a certain degree of “trust”, there are huge differences between these models! Believing that a certain person (or organization) will behave as expected is a completely different situation from believing that anyone will follow the expected form. Compared with “N/2 of N” and “1 of 1”, “1 of N” is more similar to “0 of N”. Some people may think that the “1 of N” model is very similar to the “1 of 1” model, because both models rely on one participant, but in fact the two are very different: in the “1 of N” system, If the participant suddenly disappears or becomes black, you can change to another participant, but we have no other choice in the “1 of 1” system.
In particular, note that even the software you are running, its correctness usually depends on the “very few of N” trust model, to ensure that someone will check the code when there are loopholes. After understanding this, trying to switch other parts of the application from the “1 of N” model to the “0 of N” model is like installing a security door for your home, but the windows are open.
Another important difference is that if your trust assumptions are broken, how much damage will the system be? On the blockchain, the two most common types of failures are liveness failures and safety failures. Active failure means that you are temporarily unable to perform operations (for example, withdrawing coins, packaging transactions into blocks, reading data on the chain). A security failure is a situation that the system wants to prevent (for example, an invalid block is added to the blockchain).
The following lists some trust models adopted by the blockchain layer 2 protocol. I use “small N” to refer to the set of participants in the layer 2 system itself, and “big N” to refer to the participants at the bottom of the blockchain. My assumption is that the community of layer 2 is always smaller than the underlying blockchain. In addition, the term “active failure” I use specifically refers to the situation where the token cannot be raised for a long time. Unable to use the system but able to withdraw funds almost instantaneously is not counted as an active failure.
“Channels” (including state channels, lightning network, etc.): Use the “1 of 1” trust model to ensure activity (your counterparty can temporarily freeze your funds, but you can spread the funds across multiple channels To reduce the risk), use the “N/2 of big N” model to ensure security (it is possible to lose funds in 51% attacks).
Plasma (centralized operator): Use the “1 of 1” trust model to ensure liveness (the operator can temporarily freeze your funds), and the “N/2 of big N” model to ensure security (it is possible to attack at 51%) Lost funds in China).
Plasma (semi-decentralized operator, such as DPOS): Use the “N/2 of small N” trust model to ensure liveness, and the “N/2 of big N” model to ensure security.
Optimistic rollup: Use the “1 of 1” or “N/2 of small N” trust model to ensure liveness (depending on the type of operator), and the “N/2 of big N” model to ensure security.
ZK rollup: Use the “1 of small N” trust model to ensure liveness (if the operator fails to package your transaction, you can withdraw money, if the operator does not immediately package your withdrawal transaction, you cannot package more transaction packages, You can withdraw money by yourself with the help of any full node in the rollup system); there is no risk of security failure.
ZK rollup (enhanced light withdrawal): There is no risk of active failure and safety failure.
Finally, there is the issue of “motivation”. To motivate participants to follow expectations, do the participants you trust need to be very altruistic, slightly altruistic, or rational enough? By default, “fraud proofs” require participants to be slightly altruistic, but their degree depends on the complexity of the calculation (see “Verifier Dilemma” for details), and there are many ways to improve the process to make it more reason.
If we add a mechanism to pay for services, then the behavior of helping others withdraw money from ZK rollup is rational, so there is almost no need to worry about not being able to withdraw from rollup. At the same time, if the community agrees not to accept the blockchain under 51% attacks (rolling back a long transaction history or reviewing blocks for too long), then the risks faced by other systems can be mitigated.
Conclusion: If someone says that a certain system “relies on trust mechanisms,” then we can get to the bottom! Do they mean the “1 of 1” model, the “1 of N” model, or the “N/2 of N” model? Does the system require participants to be altruistic or rational? If it is altruism, how much does it cost to participate? If the assumption is violated, how long do I have to wait to get my funds back? a couple of hours? How many days? Or is it frozen forever? After understanding these questions, we may have very different answers on whether to adopt the system.
Author/ Translator: Jamie Kim
Bio: Jamie Kim is a technology journalist. Raised in Hong Kong and always vocal at heart. She aims to share her expertise with the readers at blockreview.net. Kim is a Bitcoin maximalist who believes with unwavering conviction that Bitcoin is the only cryptocurrency – in fact, currency – worth caring about.