Shared sequencer - Radius

# Shared sequencer - Radius ## Prior knowledge ### Blockchain Layers #### Layer 0 Blockchain in itself is called layer zero. The components required to make blockchain real are the internet, hardware, and many other connections. Layer zero blockchain is the initial stage of blockchain that allows various networks to function, such as Bitcoin, Ethereum, and many more. Layer 0 also provides blockchain with a facility of cross-chain interoperability communication from top to different layers. Layer 0 provides the underlying infrastructure for blockchain. #### Layer 1 Layer 1 blockchain is an advancement in layer 0. Under this layer, the blockchain network is maintained functionally. However, scaling is a limitation in the layer one blockchain. Any changes and issues arising in the new protocol in layer 0 will also affect layer 1. It is also called an implementation layer. Examples of layer one blockchains are Bitcoin, Ethereum, Cardano, Ripple, etc. #### Layer 2 Layer 0 has many interactions that have been removed by layer 2. For specific blockchains, layer 2 blockchain is the scaling solution. It works with third-party integration and removes the limitations of layer 1. It is the most popular approach for solving scaling issues attached to POW networks. At present, various industries have begun implementing layer two technologies. #### Layer 3 Layer 3 blockchain is also referred to as the “application layer”. The main task of this layer is to host the DAapps and many other protocols that enable other apps. Here, the blockchain protocol is split into two significant sub-layers, that being, application and execution. It is the most potent solution made to separate blockchains with cross-chain capabilities for achieving the target of real interoperability. ![image](https://hackmd.io/_uploads/HknJfrkDp.png) ### Rollups Rollups are a Layer 2 solution that bundles up transaction data and transfers it off the main chain (or Layer 1 blockchain). Transaction execution is then performed off-chain, while assets are held in an on-chain smart contract. The transaction data will be sent back to the main blockchain upon completion. Theoretically, any Layer 1 solution can implement rollups to increase transaction efficiency in terms of throughput. With rollups, a blockchain can increase the number of transactions processed and recorded within a certain timeframe. Presently, there are two types of rollups – optimistic rollups and zero-knowledge rollups, or zk-rollups. ![image](https://hackmd.io/_uploads/ByMwCH1wT.png) ### Optimistic Rollup Optimistic rollups are protocols that increase transaction output by bundling multiple transactions into batches, which are processed off-chain. After that, the transaction data is recorded on the main chain with data compression techniques that help lower cost and increase speed. #### How do optimistic rollups validate transactions? Transactions are valid by default to increase efficiency. You may wonder if this would compromise security in favor of transaction processing speeds. However, optimistic rollups use a fraud-proving scheme, with a dispute-resolution period known as a ‘challenge period.’ Within this period, anyone monitoring the rollup can submit a challenge to verify if the transaction has been processed accurately through a fraud proof. If that batch is found to have errors, the rollup protocol will rectify them by re-executing the wrong transaction(s) and updating the block. Parties who approve incorrect transactions for execution will be penalized. ![image](https://hackmd.io/_uploads/rJZv_AZPa.png) #### Limitations of optimistic rollups While there isn’t a transaction validation process, there is a challenge period that zk-rollups do not have, which increases the time taken for transactions to be finalized. ### ZK-Rollup Zero-knowledge rollups are protocols that bundle transactions into batches to be executed off the main chain. For every batch, a zk-rollup operator will submit a summary of the required changes once the transactions in the batch have been executed. Operators have an additional role in producing validity proofs to prove that the changes are accurate. These proofs are significantly smaller than transaction data; therefore verifying them is quicker and cheaper. On Ethereum, zk-rollups reduce transaction data via compression techniques when writing transactions to Ethereum as calldata, effectively reducing user fees. ![image](https://hackmd.io/_uploads/Hy_UqRbvp.png) #### How do zk-rollups validate transactions? Zk-rollups use zero-knowledge proofs (ZKP) to validate transactions. ZKPs are used by someone called a prover who wants to convince another party, known as a verifier, that they possess knowledge, thereby verifying a transaction. This is how ZKP works: 1. The prover provides a mathematical proof that only they can generate. 2. The verifier uses this mathematical proof to verify the validity of the transaction. 3. The information can receive validity proof without revealing the contents to the verifier. #### Benefits of zk-rollups Zk-rollups can offer a high level of security for users if implemented properly. One key feature contributing to this security is the use of zero-knowledge validity proofs. They ensure that the network can only function in a valid state and that operators cannot steal user funds or corrupt the system in any way. Another benefit of zk-rollups is that users don't need to monitor the network. Zk-rollups store all data on-chain and require validity proofs. Therefore an operator can't cheat, and users don't have to worry about network misbehavior. Additionally, zk-rollups let users withdraw their funds onto the mainnet without having to cooperate with operators by proving token ownership via data availability. Similar to optimistic rollups, zk-rollups also implement an off-chain execution mechanism to increase transaction execution speeds. ### Maximal Extractable Value (MEV) MEV is a crypto term used to describe the deliberate reordering, inclusion, or exclusion of transactions when producing a new block (to be added to a blockchain) in order to extract as much profit as possible. Think of it as the extra value squeezed out of a block beyond the standard reward and gas fees by choosing which transactions to include, and in which order. MEV was mostly associated with the Ethereum network, which used a proof-of-work (PoW) consensus mechanism at the time. As such, miners were the ones with the power to reorder, include, or exclude transactions when producing blocks, and could make these choices to squeeze out extra value. #### How Does MEV Work? Understanding how MEV works requires a basic understanding of the role of block producers (be they miners or validators). They play a crucial role in securing and maintaining blockchain networks, and are responsible for verifying transactions and adding them to the network in the form of blocks. Depending on the specific chain, this process is known either as mining or validation. Simply put, block producers guarantee the integrity of transactions on the network and ensure it continues to function. Without them, no new data can be added to the chain. Block producers are the ones who collect user transaction data and organize them into blocks to be added to the network chain. The important thing to note is that it’s up to the block producers which transactions to include in their blocks. Logically, transactions are chosen based on profitability, which means those with the highest fees attached to them will be selected first. This is why users pay higher gas fees (or transaction fees) during busy periods — to ensure their transactions are selected first. If a block producer selects the transactions with the highest fees, they will make a bigger profit. Consequently, transactions with lower fees have to wait longer to be included in a block. However, there is no rule that dictates transactions must be selected or ordered based on fees. When transactions include more complex information (as they do in smart contract-enabled blockchains), block producers can include, exclude, or reorder transactions so as to make extra profit beyond the standard block rewards and fees. For example, selecting certain transactions over others and ordering them in a particular way may allow for additional profits due to resultant arbitrage opportunities or on-chain liquidation. This is the essence of MEV: the process of selecting and ordering transactions for further financial gain. ![image](https://hackmd.io/_uploads/H1bGJUyDp.png) #### MEV searchers While it seems like MEV is a strategy that solely benefits block producers, a significant amount of MEV is secured by other participants, known as “searchers”. These participants use MEV-specific operations that analyze network data in search of profitable MEV opportunities. Searchers typically pay extremely high gas fees to block producers to ensure their profitable MEV transactions and strategies are executed. Rationally, depending on the competition for an MEV opportunity, a block producer can receive gas fees of up to 99.99% of a searcher’s potential profit. Take decentralized exchange (DEX) arbitrage, for example, where searchers have been known to pay more than 90% of their MEV income in gas fees — they do so as it’s the only way to ensure a profitable arbitrage trade is executed ahead of similar trades. #### Common Examples of MEV Arbitrage, front-running, and liquidation all offer opportunities to searchers and block producers seeking to profit through MEV. Below, we take a closer look at these examples to provide a more detailed understanding of what MEV is and how it works. - **Arbitrage** When the price of an asset isn’t consistent across exchanges, there is immediately an arbitrage opportunity. In the crypto space, the same token could be priced differently on two different DEXs. When this is spotted by someone (an arbitrageur), they will move to make a trade to profit from the discrepancy. MEV takes place when a searcher’s bot identifies the pending transaction and inserts their own transaction ahead of it in order to extract the value offered by that arbitrage opportunity. - **Front-running** Searchers and block producers can take advantage of their ability to order transactions in a block to front-run a significant buy order that’s still pending in the transaction pool. MEV occurs when a similar buy order is inserted ahead of that trade in order to secure a more favorable price before the large buy order goes through, which would increase the price of that digital asset. - **Sandwiching** A similar MEV strategy is “sandwiching”, which entails placing a buy order before and a sell order after a specific price-moving transaction, thereby taking advantage of the price pressure from both sides. - **Liquidations** DeFi allows users to take out loans against deposited digital assets as collateral. If the market moves and the value of the collateral drops below a certain price, that position is liquidated. The smart contracts involved often pay out a reward or fee to the transaction that triggers the liquidation. An MEV opportunity exists here for any searcher or block producer running bots to spot this kind of transaction, and who are then able to insert their own liquidation transaction in the block ahead of anyone else, thereby extracting the reward value. #### The Pros and Cons of MEV - **Pros**: MEV is a rational strategy as those engaging in it are mainly trying to maximize their profits. Some would argue that it benefits the wider ecosystem by ensuring that inefficiencies are corrected as quickly as possible. For example, MEV searchers racing to be the first to capture value from arbitrage opportunities results in speedy price corrections across DEXs. Similarly, lending protocols don’t want risky loans going unchecked should collateralization levels become unbalanced, so the MEV liquidation push leads to lenders being repaid as soon as possible. - **Cons** However, MEV also presents a number of issues that mustn’t be ignored. Some implementations, such as front-running and sandwiching, produce bad outcomes for other users, who are forced to overpay on their trades, suffer from greater slippage, or lose out on value in what is essentially a zero-sum game. Additionally, MEV searcher activity can lead to higher gas prices and network congestion as they compete to insert their transactions into blocks to capture the resulting value. On a fundamental level, if the value from reordering transactions in a previous block is greater than the rewards and fees of the next block, MEV could make it economically rational for a block producer to commit to blockchain reorganization. This would then threaten the consensus and integrity of the network. As the ecosystem continues to rapidly evolve, finding solutions to these MEV-related problems is now a core area of research and development within the space. --- ## Overview ### About Radius Radius is a shared sequencing layer designed to eliminate harmful MEV and censorship while creating economic value for rollups. It uses the encrypted mempool with PVDE (Practical Verifiable Delay Encryption), an advanced cryptography and ZK-based scheme. PVDE ensures that transactions ordering process is trustless, preventing centralized sequencers from engaging in frontrunning, sandwiching, and censoring transactions. Radius serves as an effective communication tool for data consistency and enabling the interoperability between rollups. ![image](https://hackmd.io/_uploads/rkUCeSkwp.png) ### Shared Sequencing Layer The shared sequencing layer is a modular component of blockchains responsible for ordering transactions, without executing them. It separates the roles of ordering, executing, and proving transactions. ![image](https://hackmd.io/_uploads/Sy5mJBkPp.png) - Users send transactions to the sequencing layer. - The sequencing layer orders the transactions and builds a block. - The block is submitted to the rollup. - Rollup executes the transactions in order provided by the sequencing layer. - Rollup submits the transactions to the settlement layer or data availability (DA) for finalization. ### Motivation Radius is driven by three key motivations: - rollup sustainability - interoperability - ensuring the order with data availability #### Sustainability While rollups enhance blockchain scalability, they challenges such as harmful MEV (Maximal Extractable Value), such as frontrunning and sandwiching, and censorship from centralized sequencers. These issues not only lead to financial losses but also undermine trust in the overall ecosystem. Decentralizing sequencers can mitigate some risks, but it often sacrifices scalability and increases operational costs. Radius establishes a sustainable rollup ecosystem by eliminating harmful MEV and censorship with encrypted mempools, ensuring a fair blockchain environment by removing centralizing powers. #### Interoperability Interoperability is crucial in the rollup world. Today, each rollup operates independently, creating fragmented ecosystems and bad user experiences when interacting with multiple rollups. The current structure undermines the benefits of composable blockchains. Radius proposes a solution using the shared sequencing layer to enhance interoperability, enabling data synchronization and achieving the consistency of states across different rollups. The diagram below illustrates one potential solution to address the issue of rollup silos. ![image](https://hackmd.io/_uploads/ByZaJSywT.png) Atomic composability will ensure the transactions from different rollups are combined into a single transaction, eliminating risks like minting tokens in one rollup before burning in another. #### Ensuring Data Availability In Layer 1, transaction flow begins with transaction generation, block production, and finalization. In L2s, transaction flow begins with the sequencer, rollup, then data availability layer (DA). In these examples, the data availability ensured depends on the trusted layer. When the rollup is the trusted layer, users can only trust and use data once it's executed by the rollup, making data availability dependent on the rollup's execution. On the other hand, if the sequencing layer is trusted, transaction order becomes known shortly after it's submitted, allowing faster confirmations, state updates, and ensuring data availability with minimized delays, even before finalization on Layer 1 ### Ecosystem ![eco2](https://hackmd.io/_uploads/B1qiNHkPT.jpg) The Radius ecosystem is dedicated to enhancing the decentralization, interoperability, and sustainability of rollups. Collaborations with various builders and infrastructure partners are focused on collectively driving research and development to shape a decentralized future. Included within the Radius ecosystem are Altlayer, Caldera, Celestia, Herodotus, Lumoz, Madara, Nectoar, Pragma, Rollkit, Saga, Stackr, and Vistara. Radius has also established partnerships with Altlayer and Herodotus to specifically address rollup decentralization and interoperability, respectively. #### Altlayer Partnership The collaboration between Radius and AltLayer signifies progress towards establishing a decentralized and financially viable rollup ecosystem. The integration of Radius's technology with AltLayer provides developers with an accessible and efficient platform for constructing rollups, complemented by Radius's encryption-based sequencing technology. This partnership is anticipated to cultivate a sustainable and decentralized environment, aimed at enhancing rollup functionality and user benefits. AltLayer promotes an open and decentralized protocol for the development of highly adaptable rollups tailored to distinct applications. At the core of AltLayer's protocol is the Beacon Layer, serving as a collective sequencer, executor, and verifier for all interconnected rollups. Furthermore, AltLayer introduces a Rollups-as-a-Service interface, enabling the swift creation of custom rollups, accessible even to those with limited coding experience. Radius's shared sequencing layer brings an innovative element to the decentralization of rollups, integrating protections against MEV, censorship resistance, and economic endurance. The encryption-centric sequencing ensures the safeguarding of users against the risks associated with centralized sequencers. Radius's development of PVDE (Practical Verifiable Delay Encryption) employs zero-knowledge cryptography to secure transaction encryption and guard against potential MEV tactics such as frontrunning and sandwich attacks. #### Herodotus Collaboration While the rollup ecosystem presents scalability advantages, it is evolving to build a solid framework capable of maximizing rollup benefits. Challenges persist, notably in capital inefficiency and user experience, primarily attributed to limitations in scalable interoperability. Radius is committed to supporting rollups in their pursuit of true decentralization, without compromising scalability, and is establishing a foundation for enhanced interoperability among rollups. This initiative aims to propel the ecosystem by enabling the cooperative use of a shared, decentralized sequencing layer. The partnership with Herodotus, a robust data access middleware, offers smart contracts immediate access to both present and historical blockchain data through storage proofs, marking a significant step in enhancing interoperability. Herodotus's storage proof allows smart contracts to retrieve and utilize historical data from various blockchains, enabling cross-chain data use without dependence on external parties. The integration of Herodotus's storage proof system with Radius's independent shared sequencing layer, which relies on zero-knowledge and encrypted mempool technologies, promises to markedly elevate cross-rollup interoperability, ushering in a progressive era for rollup technology. --- ## Developer The following outlines the strategy to balance user protection from negative effects of Maximal Extractable Value (MEV) activities like frontrunning and sandwiching, while also creating income opportunities for blockchain networks known as rollups. The approach involves a shared sequencing layer that does not require trust, using zero-knowledge (zk) proof technology. This aims to optimize the financial efficiency and income of rollups without negatively impacting user transactions. ### Why do we need a shared sequencer? Rollups, a type of blockchain network, face the difficult task of protecting users from MEV attacks while trying to earn money from the network's capacity to process transactions. Traditionally, they have used a simple system where transactions are processed in the order they are received to protect users (FIFO), but this can limit how much money the network can make. Also, operators have to constantly show that they're playing by the rules and not messing with the transaction order. Another way rollups can make money is by allowing certain transaction bundles that could potentially harm user trust. The concern is that users have to trust that the rollup operator won't misuse this opportunity to their disadvantage. Radius uses cryptographic techniques to build a layer of trust between users and rollups. This ensures both user protection and economic efficiency. ### Design The rollup network is split into two sections: * **Top Section**: This is for everyday transactions. It uses a special cryptographic method called Practical Verifiable Delay Encryption (PVDE) to prevent MEV attacks. The overview of PVDE is provided in the end. * **Bottom Section**: This is where network builders can create transaction bundles that can make money, considering the state of the rollup and transactions in the Top Section. #### Top Section: Protection from MEV The shared sequencing layer protects transactions through: * **Encryption Service**: Transactions are encrypted using PVDE, which is a special kind of security measure that uses time-based puzzles. * **Sequencing Service**: This service arranges encrypted transactions in a fair order. Here’s how it works: 1. Users encrypt their transactions and send them to the sequencer. 2. The sequencer checks the transaction and puzzle, works out the correct order, and commits to this order before the puzzle is solved. 3. Once the puzzle is solved, the sequencer can decrypt the transaction and prepare it for the next part of the process. #### Bottom Section: Making Money with MEV Boost ![image](https://hackmd.io/_uploads/SkNRmByPa.png) The sequencer arranges transactions from the top section and puts them in the pool of transactions. Then, specialized actors and builders look at these transactions and use the bottom section to make the most profitable transaction bundles, offering a price to MEV Boost. ### System Architecture ![image](https://hackmd.io/_uploads/BkZmHrJvp.png) The architecture includes multiple layers and the transactions are conducted sequentially: 1. **Sequencing Layer:** Here, encrypted transactions are submitted and arranged. 2. **Execution Layer:** This is where the rollup processes transactions in the given order and reports the results. 3. **Settlement Layer:** This layer checks the results from the Execution Layer and confirms them. 4. **Data Availability Layer:** It stores all the data and makes sure it’s accessible when needed. ### Implementation 360°, a decentralized exchange (DEX), implements this whole structure, including both the protection service for regular transactions and the income-generating section for transaction bundles. It uses advanced strategies to create these bundles automatically, and the transactions are sent to validators in groups. Transactions in the protected section are available for MEV-Boost users to work with the income-generating section. ### Conclusion In summary, Radius offers a sophisticated yet practical approach to the dual objectives of safeguarding users from the adverse effects of MEV activities and fostering revenue generation for rollup-based blockchain networks. By incorporating a shared sequencing layer underpinned by zero-knowledge proof technology, this system presents an innovative solution that upholds transaction integrity and user trust while enhancing the economic viability of rollups. The utilization of Practical Verifiable Delay Encryption (PVDE) within the top section of the network fortifies user transactions against MEV-related threats, while the bottom section provides a structured avenue for network builders to construct profitable transaction bundles. This bifurcated design allows for the seamless operation of a rollup network that does not compromise on security or economic opportunity. Moreover, the successful implementation of this system by 360°, a decentralized exchange, exemplifies the model's applicability in real-world scenarios. The architecture ensures that user transactions remain secure and private until the sequencing process is concluded, at which point MEV-Boost participants can engage with the market of transaction bundles, further demonstrating the system's capacity to marry robust security measures with the financial incentives integral to the health and expansion of blockchain networks. This balanced approach resolves the challenge of MEV, paving the way for a fairer and more efficient blockchain ecosystem. --- ## Appendix: Practical Verifiable Delay Encryption (PVDE) Overview PVDE offers a time-lock encryption mechanism designed to safeguard against detrimental MEV practices. Traditional time-lock encryption methods are inefficient due to their extensive computational demands, which not only waste resources but also open up the potential for DoS attacks through the submission of invalid puzzles. PVDE tackles this inefficiency by producing a zero-knowledge proof for the time-lock puzzle based on the RSA group, rendering it an effective countermeasure against harmful MEV tactics. PVDE confirms that resolving the time-lock puzzle will accurately decrypt valid transactions, ensuring that the transaction content is only disclosed subsequent to the sequencer's ordering of transactions. This delay in obtaining the symmetric key needed for decryption effectively thwarts MEV strategies. The existing MEV mitigation strategies that rely on time-lock puzzles are deemed non-viable due to the difficulty in identifying invalid puzzles, which could lead to DoS attacks. PVDE is being developed as part of an MEV-resistant ZK-Rollup, utilizing a swift approach to minimize MEV by producing zero-knowledge proofs within five seconds. These proofs validate that the solution to the time-lock puzzle will lead to the proper decryption of legitimate transactions. The concept of blockchain suggests a fully decentralized structure; however, this does not extend to the contents within each block. MEV attacks arise from transaction data exposure and the centralization of miners who have the authority to determine the inclusion of transactions within a block. Utilizing their capability to censor and reorder transactions, miners can engage in front-running, back-running, or sandwich attacks, extracting profits at the expense of users, who often remain oblivious to these covert operations. In second-layer solutions (L2s), if the operator accurately processes state transitions and only includes valid transactions, it becomes challenging to detect any censorship or deliberate reordering, as the focus is solely on computational integrity. This predicament fuels the centralization vs. decentralization debate. L2 scalability constraints necessitate a limited number of operators, which inadvertently provides them with greater opportunities for MEV extraction. Furthermore, the reduced gas fees on L2s attract MEV-focused entities. It is essential to presume that operators function without permissions to maintain a transparent and secure L2 ecosystem. An established approach is required to prevent block manipulation by centralized operators in L2. PVDE guarantees complete confidentiality of transactions by revealing transaction contents only after the operator has determined their order. This is achieved by temporarily encrypting transactions with a time-lock puzzle, delaying the operator's access to the decryption key. ### Transaction Process The transaction process is initiated by the trader, who generates a time-lock puzzle and utilizes it to produce a symmetric key. This key is then employed to encrypt the transaction. Alongside this, the trader creates a validity proof for the puzzle. The trader subsequently sends the time-lock puzzle's public parameters, the encrypted transaction, the transaction's hash value, and the validity proof to the operator. Upon receiving this information, the operator first verifies the validity of the time-lock puzzle using the provided proof. The operator then works to solve the time-lock puzzle in order to retrieve the symmetric key. Meanwhile, the operator uses the Merkle Mountain Range (MMR) to determine and commit to the transaction order, which is then communicated back to the trader. The trader, upon receiving the order commitment, verifies that the order is correct and that the commitment was received within a timeframe shorter than the minimum required to compute the time-lock puzzle, ensuring that the order was not predetermined. Finally, the operator uses the symmetric key, derived from the solved time-lock puzzle, to decrypt the transaction. The transaction is then executed in accordance with the established order determined by the MMR. ### Conclusion PVDE utilizes time-lock puzzles to encrypt transactions, ensuring that operators do not expend computational efforts on invalid puzzles, thereby averting potential DoS attacks. The MEV-resistant ZK-rollup solution aims to entirely prevent MEV attacks via cryptographic means, fostering a fair and efficient trading environment.