Decentralize Rollup I: Decentralized Sequencing

Rollups have emerged as a leading technique for scaling Ethereum and blockchain networks more broadly. By offloading transaction data availability and execution off-chain, rollups alleviate the throughput constraints of Layer 1 chains while still inheriting their security guarantees. However, most rollups today rely on centralized sequencer nodes operated by the rollup development teams. Centralized sequencers provide excellent performance in terms of throughput and latency but come with downsides:

  • Liveness - Centralized sequencers are a single point of failure. If the sole sequencer goes offline, the entire rollup halts. This jeopardizes the guarantee that the system will remain available and process transactions.

  • Censorship Resistance - Centralized sequencers can arbitrarily censor transactions or users. There is no recourse if the operator chooses to block certain activity.

  • Rent Extraction - Centralized sequencers can impose monopoly pricing for transactions given their total control over sequencing and inclusion. This manifests in direct fees as well as indirect value extraction via front-running, sandwich attacks, and other forms of MEV.

  • Interoperability - With each rollup running its own siloed sequencer, cross-rollup composability and bridging requires complex custom integrations. Valuable features like cross-chain atomic transactions are difficult to implement across decentralized domains.

These limitations motivate the need to decentralize sequencers. But this is technically non-trivial, as sequencers are performance-critical components where decentralization can easily bottleneck throughput if not done carefully. Let's explore prominent decentralization approaches.

Permissioned Sequencers with Fair Ordering

An approach more explicitly focused on MEV mitigation is to utilize permissioned sequencer sets with imposed fair ordering. In this model, a small set of authorized sequencer nodes collaborate to determine transaction order and block contents. A typical approach is "first-in, first-out" ordering where transactions are included in the order that sequencers observe them in their local mempools.

Consensus protocols like Raft or Tendermint enable sequencers to agree on a canonical ordering that matches wall clock timing as closely as possible. Front-running is deterred since the first received transaction gets priority. Other MEV vectors like sandwich attacks are eliminated given the lack of control over order beyond delivery timestamps. Cryptographic techniques like threshold encryption of transactions prior to ordering further hamper manipulation by keeping contents hidden.

The main downside is the permissioned nature of the sequencer set. An external authority determines who is included as a sequencer and must actively monitor for misbehavior. Admittance criteria and governance processes are crucial for maintaining a responsible sequencer set. MEV is not fully eliminated as timing manipulation and latency advantages still enable some profit. But it meaningfully curtails the most abusive practices.

Permissionless Proof-of-Stake Sequencing

A conceptually simple technique is to make the sequencer set permissionless by implementing proof-of-stake based participation. The rollup defines a native staking token. Any entity can join the sequencer set by staking the requisite amount of tokens, subjecting themselves to slashing penalties for malicious actions. An on-chain smart contract manages the stakes and coordinates leader election.

A typical approach is "round robin" selection where sequencers take turns in a fixed order proposing blocks. Alternatively, each epoch can randomly select a weighted subset of sequencers by stake to be eligible leaders. In both cases, participation rates are proportional to stake ownership. This enforces Sybil resistance - attackers must accumulate a substantial stake to mount an attack or compromise liveness.

Permissionless PoS sequencers provide open access and avoids centralized control. Liveness is strengthened compared to a single sequencer through redundancies. However, it is not as robust as BFT consensus protocols that require explicit confirmation from multiple validators. Censorship resistance depends on having a sufficiently decentralized stake distribution. MEV concerns remain unaddressed as any elected leader can extract rents during their epoch. Overall, permissionless PoS represents a baseline improvement but lacks mechanisms to handle more subtle risks around manipulation.

MEV Auctions

MEV auctions take the permissionless approach further by auctioning off sequencing rights to the highest bidder. During each epoch, participants bid based on the expected profit from transaction fees and MEV they can extract as the sequencer. The winner pays their bid amount to the rollup treasury and earns the right to sequence transactions and capture all profits during the epoch.

Properly designed, MEV auctions redistribute value from rent extraction to fund public goods. They provide permissionless participation and leverage financial incentives to dynamically allocate sequencing rights. However, auctions favor centralized actors with sufficient capital to consistently win the bids. Less prominent participants struggle to ever win a meaningful share of epochs. This leads to concentration of sequencing power and MEV profits over time. The emergence of a sequencing monopoly recreates many of the problems associated with centralized sequencers.

Hybrid Approaches

Tradeoffs exist in both permissionless and permissioned paradigms. This has motivated hybrid solutions that blend elements of both. For instance, a root permissioned set of sequencers could be expanded with a staking mechanic for permissionless participation. Thresholds guarantee minimum representation from authorized nodes while allowing open entry. Alternatively, MEV auctions could be restricted to registered candidates only.

Cryptographic techniques offer another approach. Multi-party computation can secure ordering and leader election processes without requiring a fully permissioned system. Secure enclaves like Intel SGX provide trusted execution environments that isolate sensitive computation like transaction ordering without centralized intermediaries. Zero-knowledge proofs enable transparent verification of correct sequencing without exposing raw transaction data.

Shared Sequencing vs. Decentralized Sequencing

There are two leading paradigms for decentralizing rollup sequencers - shared sequencing and direct decentralized sequencing.

In shared sequencing, a network of nodes provides sequencing-as-a-service to multiple rollups. Rollups plug into the shared sequencer to handle their transaction ordering and block production needs. The shared sequencer pool is decentralized, with nodes participating in a consensus protocol to agree on transactions and propose blocks. Individual rollups do not run their own sequencer nodes.In contrast, direct decentralized sequencing refers to each rollup deploying its own decentralized network of sequencer nodes. The rollup operates a custom consensus protocol between its sequencer pool to handle sequencing duties. Sequencers are dedicated to a single rollup.

Shared sequencing provides economies of scale and network effects for decentralization. A single robust sequencer network can service numerous rollups. Individual rollups avoid the overhead of bootstrapping and maintaining their own decentralized sequencer pools. Shared sequencing also enables seamless interoperability and composability between connected rollups.

However, direct decentralized sequencing allows each rollup to tailor protocols and incentives to suit its specific needs. Hybrid coordination between sequencing and execution nodes is simpler within a single rollup domain. Distributing value generation across many decentralized sequencer pools reduces systemic risk compared to a dominant shared network.Both approaches have merits and can co-exist in a heterogeneous ecosystem. Lightweight “lazy” rollups may opt for shared sequencing while feature-rich rollups may warrant custom decentralized sequencers. Crypto-economic mechanisms around shared security and interchangeable work tokens help align incentives between shared and direct paradigms.

Decentralized Validation

As discussed earlier, decentralized sequencing mitigates issues around liveness, censorship resistance, rent extraction, and composability faced by centralized sequencer designs. Alongside sequencing, the validation process which checks state transitions and block integrity must also be decentralized for proper rollup functionality.

In validity rollups, block producers generate zero-knowledge proofs that attest to the validity of state transitions. A decentralized network of verifier nodes checks these proofs against the previous state root to confirm blocks are valid. In fraud-proof rollups, a decentralized network of watcher nodes actively monitors block data and state changes to identify invalid transitions. Watchers can post fraud proofs to slash block producers that include invalid transactions.

Decentralized validation enables trustless and transparent verification of rollup state. Without it, users would need to simply trust claims from the rollup provider that blocks are valid. Proof generation and verification distributionmakeData availability efficient while eliminating centralized points of control.

The Path Ahead

While decentralized sequencing is crucial for realizing rollups' full potential, they are just one piece of a complex puzzle. Issues around scalable data availability, cross-rollup interoperability, developer experience, and more must all co-evolve. Crypto-economic mechanisms need to provide sustainable security as bridges dissolve the boundary between Layer 1 and Layer 2. Meanwhile, sequencers sit at the core of rollup architectures, as more projects are acknowledging the need to decentralize sequencers.

Subscribe to YQ
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.