Pre-PIP Discussion: zkPoS Phase 1, Connecting to the AggLayer
Paul O’Leary, Uma Roy
Introduction
We invite the community to discuss a proposal for securely connecting Polygon PoS to the AggLayer using a zero-knowledge (ZK) verifier to validate the network’s consensus mechanism, thereby establishing the network’s finality for settling to the AggLayer. This proof of consensus would be in addition to the pessimistic proof, which ensures the safety of all chains connected to the AggLayer. For more on the pessimistic proof, see here: Introducing the Pessimistic Proof
The proof of consensus would be secured by the Plonky3 proving system via Succinct Labs’ SP1, a general purpose zkVM that allows the AggLayer to prove the execution of standard Rust. For more on the collaboration between Polygon Labs and Succinct Labs, see here: Built on Plonky3, SP1 Will Help Secure Unified Liquidity
This upgrade would introduce two major direct benefits:
- Greater network effects for users and devs, resulting from aggregating liquidity, users, and state via the AggLayer
- An upgraded bridge experience, including permissionless token transfers
Background
A year ago, the community began discussing a proposal that would see Polygon PoS become a zkEVM Validium, thereby upgrading the network to a ZK-powered Layer 2 (L2). This remains the long term goal for the endstate of Polygon PoS. The challenge of achieving this is largely a function of the commitment to preserve Polygon PoS’ low-fees, Ethereum-for-all ethos.
The Type 1 zkEVM prover that would be used to upgrade Polygon PoS to a ZK L2 is already able to prove existing Ethereum blocks at low-cost. For the application of Polygon PoS, it’s now a question of doing so at scale.
For the time being, if this discussion is favorable and the subsequent PIP is accepted by the community, the upgrade would act as an intermediate step to becoming a full ZK L2. Connecting Polygon PoS to the AggLayer would provide the benefits of the Unified Bridge, while still being able to rely on the hardened security guarantees that the validator set provides.
Technical Details
If community discussion aligns around this proposal, a future PIP or PIPs would provide the proper technical specification. However, at a high level, this upgrade would require at least the following:
- Proof of consensus: A new consensus verification contract would be deployed on Ethereum. This contract would be able to verify that Polygon PoS reached consensus, and, in parallel, that any withdrawals meet the criteria imposed by the logic of the pessimistic proof. A proposal would be created to add this to the Unified Bridge list of available verification contracts. (For additional considerations on this point, see Practical Concerns below.)
- Bridge implementation: The Unified Bridge contracts would be deployed on Polygon PoS.
- PoS Portal: The existing tokens in the PoS Portal Bridge would be upgraded to use the Unified Bridge and ownership would be burned, thereby removing multisig control over these tokens.
- Network role: Settling to the AggLayer using a proof of consensus design would require some entity to submit the required information. (For additional considerations on this point, see Practical Concerns below.)
Changes to the Client
Completing this upgrade would not require any significant client changes to Bor or Heimdall. While a future optimization may be possible with an upgrade to Heimdall v2, this is not required for initial deployment.
Changes to the Bridge
Completing this upgrade would not require changes to the StateSync mechanism that powers FxPortal or the Plasma Bridge. Additionally:
- The Unified Bridge would be deployed as a stand alone new bridge.
- Tokens mapped using PoS Portal would be upgraded to use the Unified Bridge instead of FxPortal, and PoS Portal would be deprecated.
Timeline
If this discussion is favorable, a formal PIP will follow. The primary dependency is completion of a production-ready implementation of the pessimistic proof, expected in mid-Summer. Once this is complete, the formal PIP would follow, most likely in the Fall. On this timeline, assuming community acceptance, connecting Polygon PoS to the AggLayer could occur before the end of 2024.
Parallel to these efforts, the core engineers for Polygon PoS are expecting the forthcoming Ahmadabad hardfork to be deployed in July, with the rollout of Heimdall v2 expected sometime after. Currently, neither of these upgrades are dependencies for connecting Polygon PoS to the AggLayer. However, there is an alternative implementation of the proof of consensus that would require deeper changes to Heimdall.
Practical Concerns
Signature-based Proof of Consensus
This proposal outlines using Polygon Plonky3 to represent the consensus of Polygon PoS, with the SP1 zkVM providing the maintainability and developer velocity advantages of Rust. Broadly, the goal of the proof of consensus is to represent the local chain state. This could also be accomplished by modifying Heimdall to use a different signature method.
For instance, if a BLS or ICE-FROST threshold signature was used during consensus, that single signature could represent consensus to the AggLayer. One benefit of this approach is simplicity: communication between Polygon PoS and the AggLayer could be added as a task to Heimdall in the same process which currently submits checkpoints to the L1.
One potential drawback is that this approach would require deeper changes to the network’s consensus mechanism, which may extend the development time. This design would obviate the need for a new network role.
Network Role of Communicating with AggLayer
For Polygon PoS to connect to the AggLayer using a proof of consensus, a new role would be needed. This role would be responsible for submitting the following information to the AggLayer:
- The network’s local bridge state
- The proof of consensus
How and by whom this function is performed is an area of active investigation. At a high-level, protocol researchers are considering one of the following:
- An allowlisted address performs this role at first, with the goal of making it permissionless once the AggLayer stack has had a chance to harden
- The role is permissionless immediately, in which case a network participant would perform this function in exchange for some as-yet unquantifiable reward. Should this be the preferred option and there are no additional security concerns, it would require determining by what mechanism this network participant is selected; one potential option would be using the existing leadership selection that occurs in Heimdall.
Conclusion
With 400M+ unique addresses, $2B+ assets bridged from Ethereum, and tens of thousands of apps, Polygon PoS remains one of the most used blockchains in the world. Users and developers prefer it because of its strong community, network effects, and Ethereum-for-all low fees, oftentimes orders of magnitude lower than prominent Ethereum L2s.
Core developers at Polygon Labs have spent years focused on research in and development of Ethereum scaling technology; it started with Polygon PoS. The years since have led to two conclusions: ZK technology is the only practical way to achieve verifiable off chain computation, and aggregation is the only way to achieve multichain interoperability without sacrificing chain sovereignty.
The joint effort of Succinct Labs and Polygon Labs is based on the shared belief that collaboration with open source technology builds the best possible public good. The outcome of this discussion on the future of Polygon PoS is, ultimately, in the hands of the community. We once again invite you to analyze, discuss, and hopefully reach consensus for implementing the proposal.
