The consensus was published on the Ethereum Researcher Forum by David Schwartz and Jordi Baylina of PolygonHermez, and is organized as follows.
PoE is a new consensus mechanism developed for the zkEVM implementation. It leverages the existing Proof-of-Donation experience in v1.0 and aims to build the first decentralized zk-rollup and support permissionless participation of multiple coordinators for mass production in L2.
Improvements to this protocol are currently under consideration for v2.0 (zkEVM).
background
In zk-rollups, complete decentralization is difficult, and it has been difficult to find a good solution so far. This is because protocols such as PoS have problems in the expansion process.
On L2, it is necessary to generate a high-performance zk validity proof, which is a large amount of computationally intensive work. Therefore, some verification methods with centralized features will be generated. Because there is no guarantee that the right to generate a "batch" (L2 block) will be assigned to any random validator.
Proof of Donation/Proof of Burn (PoD/PoB) is based on a decentralized auction model for the right to produce a batch within a specific time frame. Validators need to be very efficient to be competitive, which already represents a big improvement.
But the problem with this model is that at a given time, the network is controlled by a single participant.
On the other hand, auction protocols are difficult to automate for coordinators/validators, and participation in auctions requires bidding some time in advance. This makes the process problematic.
So the new consensus protocol needs to cover the key properties required for such an L2zk-rollup consensus model:
Unauthorized access to L2 blocks
effectiveness
Avoid control by either party
prevent malicious attacks
Total verification effort proportional to the value in the network
PoE
The protocol for creating batches consists of a two-step model, the first is the sequencer and the second is the aggregator.
sequencer
In this model, the sequencer is collecting L2 transactions from users, so they select and preprocess new L2 batches in the network by sending L1TX containing all selected L2TX data. Anyone can become a sequencer, a permissionless role consisting of a gateway to the network.
Interestingly, these proposed batches will be recorded in the L1 transaction of the zk-rollup model (or in the case of Validium in a different data availability network).
When the sequencer operates, the associated batch proposal occurs:
For example, the relative economic value of transactions in the pool, such as MEV. Or high-level needs of some users (fees may vary accordingly as they will be required by the sequencer).
In order to propose a new batch to the network, the sequencer will need to pay the L1 network gas fee to generate a TX containing all batch transaction data, and the protocol defines the $MATIC token fee that needs to be deposited. This way, the sequencer has an incentive to come up with valid batches with valid transactions.
Batch fees will vary based on network load, which is calculated based on parameters automatically invoked by the protocol smart contract.
Batches are represented in the format of L1 transactions, with the information in CALLDATA, which will be used as data availability for the L2 network, and any new permissionless nodes will be able to synchronize state and also rebuild from this information.
Once mined, these L1 transactions with data availability define the L2TX to be executed and a specific order. This creates a deterministic new state that can be computed by network nodes as a virtual future state.
Of course, when the validity proof of the new state (ZKP) is generated and mined in L1, it will be due to the second part of the protocol.
Aggregator
One of the main advantages of zk-rollups is to provide proof of validity of transactions as well as fast finality. The PoE protocol attempts to improve the validity of these proofs.
Aggregators are parties that participate in a permissionless manner in the PoE consensus protocol.
In this mechanism, the right to create proofs of validity of new L2 states is earned by simply being the first aggregator.
It works like this:
The batches proposed by the sequencers in L1 are sorted by where they appear in L1, and contain transaction data. The PoE smart contract accepts the first validity proof of the latest valid state, including one or more proposed batches.
Aggregators need to define their goals to trigger proof generation, and will make some policy adjustments based on these transactions to improve efficiency.
For example, if there are batches containing a small number of TXs, some aggregators may generate proofs and generate proofs of state changes containing batches of N proposals before more transactions are discovered, which is inefficient.
For slower aggregators, if the proof sent does not propose a new state, the smart contract is executed using Revert and checked using the merkle tree hash of the entire state database.
Of course, the proof will only exist if the aggregator has correctly processed the proposed batch, which means that the aggregator needs to keep processing batches of transactions.
This mechanism avoids unilateral control and many potential attacks, because while any sequencer can propose a batch, there is a cost.
The Polygon Hermez network will launch a bootstrap aggregator in the future to support new proofs of validity at a specific frequency during the bootstrap phase.
Additionally, permissionless sequencers benefit as participants in the protocol and are a source of network scalability. A data availability model that is perfectly compatible with Volition (zk-rollup and Validium) patterns, enabling different service layers for users.
Permissionless aggregators act as agents to perform a specialized task space for cryptographic proof generation, which is expected to be costly for the zkEVM protocol. This framework provides them with a very simple and straightforward model to manage their incentives and rewards.
This architecture can save a lot of cost for decentralized zk-rollup by setting the frequency of proofs of validity based on different criteria.