Last Friday we announced Kailua, a hybrid dispute game for optimistic rollups. Our announcement of potential 1-hour finality sparked both excitement and questions from the community. Let's dive into what this means and address the key questions.
The rundown on rollup dispute windows
Targeted Transaction Censorship
Untargeted Block Congestion
Majority Attack
Gas Price Attack
Censorship by a majority of the L1 implies that the majority of L1 miners/validators are dishonest. With this implication, all dispute-based protocols, such as optimistic rollups, are inherently insecure.
A dishonest L1 majority could coordinate to seize the rollup’s TVL for itself, even without the need for a bribe.
Such insecurity would hold whether the dispute window was in minutes, days, or even years!
An adversary could congest the chain with high fee transactions to effectively prevent disputes from landing. This is all within the reasonable assumptions of security of on-chain disputes.
This issue is addressed directly by adaptive dispute cutoffs (alt. version here) - another key innovation in OP Kailua.
This results in timeouts that change in response to high fees.
Minority Attack
Gas Throughput Attack
Under censorship by <50% of the L1, missing every other block on average still leaves plenty of room for the single transaction required by Kailua to land, even within an hour! This one-shot dispute intent approach is one of the major innovations of Kailua highlighted in the original blog post.
The takeaway is that under a sound rollup threat model, Kailua paves the way for fast finality.
Accounting for possible lapses in chain uptime is also possible with a modification to the originally proposed adaptive cutoffs approach, where the timeout only proceeds when there is sufficient gas usage, avoiding issues similar to the “shanghai attacks”.
This results in timeouts that respond to liveness failures.
tl;dr How can Kailua guarantee 1-hour finality?
The current 7-day dispute window is well known and convenient, but its underlying assumptions imply a dishonest L1 majority that can execute much stronger attacks than what time-sensitive dispute mechanisms can handle! Once you accept that full censorship by the L1 itself would derail the entire ecosystem, regardless of dispute window size, the remaining barrier to one-hour withdrawal finality is how your dispute mechanism works.
Specifically, once a challenge is initiated in Kailua, there is no timeout for a response, so the prover can take as much time as necessary, providing resilience against outages. Despite the lack of a time restriction, even the absolute worst-case fault proof possible can be computed in under an hour thanks to the scale-out model of the RISC Zero zkVM!
Causing withdrawal delays is disincentivized through stake slashing in Kailua and other dispute mechanisms. However, these delays are more finely controllable only in Kailua. This is a crucial distinction: even in an ideal L1 environment, providing a 1-hour guarantee during dispute and normal L1 operation wasn’t possible before Kailua! Only during L1 congestion does Kailua delay finality to retain security!
Even while operating optimistically under any-size dispute window, Kailua is designed to enable fast-forward finality through validity proving on-demand. Again, thanks to the RISC Zero zkVM’s scale-out architecture, the entire window of finalized blocks can be proven in parallel!
The week-long challenge window
Today’s widely adopted 7-day challenge window is largely motivated by the possibility of one of the above type of attacks taking place against a rollup. However, taking into consideration the low impact of minority censorship, and the viable defenses against congestion attacks, the dishonesty of an L1 majority remains the only serious potential attack vector in play. As we’ve pointed out, the assumption that this attack vector exists breaks the core honest L1 majority assumption necessary for on-chain dispute mechanisms to protect any optimistic protocol.
However, some proponents of the 7-day window additionally argue that the length of the window itself isn’t the only deterrent again this attack vector, but rather the opportunity for a form of human intervention and public outcry against the blatantly demonstrable censorship happening for 7 days. We can’t really speak for the efficacy of this approach. The outcome of such an event would be very unpredictable. Arguably, majority censorship is demonstrable even without the need to wait for 7-days!
In any circumstance, Kailua is still right for you and your rollup’s security independent of the length your dispute timeouts! Even if you wish to eliminate this unpredictability altogether, Kailua can let you require validity proofs and completely avoid disputes!
How Kailua faces congestion
The liveness of the chain under an honest L1 majority assumption can be threatened through congestion attacks. To combat this, Kailua uses adaptive dispute cutoffs (alt. version here), which provide dispute timeouts that change in response to chain activity.
Under this approach, a predetermined gas price and amount are first set, and then the dispute timeout counts down only while there is sufficient gas available at the predetermined price for possible disputes to have been triggered.
Similarly, this approach can be adapted to set a lower-bound on the activity of the L1 chain in order to act as a signal on its liveness, and protect against attacks that affect the throughput of the L1.
This, of course, has the potential to significantly affect finality when disputes do not occur! However, it does mitigate congestion attacks for as long as they last, even if more than 7 days!
FAQ
Which flavor of finality is this?
Since there are differences in implementation and jargon, finality and finalization can refer to different things in different contexts. Mainly, for rollups:
Transaction finality is when rollup transaction publication is irreversible.
Withdrawal finality is when rollup balances are transferred to the L1.
In the “Finality Delays” section of our technical post “Kailua: How it Works”, we clarify that there are multiple factors that contribute to “finality”. Translating “finality” from the general context of dispute systems to rollups, it was meant imply withdrawal finality.
Can I use Kailua but keep 7-day finality?
Kailua can be fully configured by you to meet your needs and concerns. Chains with billions of dollars of TVL might not be zealously optimistic about 1-hour finality, but they can still reap all of the collateral and cost savings of using Kailua as their permissionless ZK fault proof system.
Can Kailua secure high TVL chains?
Kailua is a configurable hybrid approach. For higher security with no disputes, you can configure Kailua to operate using full validity proofs, but at higher operational costs.
Kailua paves the path for chains irrespective of TVL to either directly take the leap to full validity proofs or take an intermediate step.
What happens during a prover outage?
Initiating a challenge against a faulty withdrawal in Kailua does not require a proof, and is only a single transaction that ensures the faulty withdrawal will never attain finality. The proof comes after the challenge as the response.
This means that as long as your challenger is contesting these faults, your proving backend has all the time in the world! However, even if you don’t want to manage your own prover, Boundless will have your proving needs covered!
Start Using Kailua Today
We welcome your questions and concerns about Kailua and will do our best to address them promptly. Our team is committed to being transparent and responsive as we work to advance rollup technology.
Interested in implementing Kailua? Fill out our interest form to get in contact with us.
