The Three Stages of L2 Network Security: Evolution from Zero to Two

The Ethereum community has been discussing the security of L2 networks in three stages. This is not only related to the stable operation of the Ethereum mainnet and L2 networks but also closely tied to the actual development status of L2 networks. Recently, community members proposed standards for Stage 2 of the L2 network, prompting in-depth reflection and responses from Ethereum's co-founders.

Three Stages of L2 Network Security

The security of Ethereum rollups can be divided into three stages based on the level of control the security committee has over the trustless components:

1. Phase 0: The Security Committee has complete control. Although there may be a proof system, the Security Committee can overturn it with a simple majority vote.

2. Phase 1: The Security Committee requires 75% approval to override the operating system. There must be a certain number of members outside the main organization to prevent collusion.

3. Stage 2: The Security Committee can only take action in the event of a provable error and can only choose one of the proposed answers, not respond arbitrarily.

These three stages can be represented by the "voting shares" of the security committee:

Phase 0: The Security Committee has 100% control. Phase 1: The Security Committee requires a 75% majority Stage 2: The Security Committee intervenes limitedly only in the presence of provable errors.

The Best Time for Phase Transition

The best timing for an L2 network to transition from one phase to the next depends on the level of trust in the proof system. The only reasonable reason for not immediately entering phase 2 is doubts about the proof system. The more confidence there is in the proof system, the more the network should be pushed to evolve to a higher phase.

Mathematical Model Analysis

Through a simplified mathematical model, we can quantify the security at different stages. Assume:

• Each member of the security committee has a 10% independent failure probability.
• Stage 0 requires a majority of 4/7, Stage 1 requires a majority of 6/8
• There exists a holistic proof system

Based on these assumptions, we can calculate the system failure probabilities at different failure probabilities of the proof system for each stage. The results show that as the quality of the proof system improves, the optimal stage shifts from 0 to 1, and then to 2.

Realistic Considerations

However, the assumptions of the simplified model do not fully align with reality:

• Members of the security committee may have common mode failures.
• The proof system may consist of multiple independent systems.

These factors make Phase 1 and Phase 2 more attractive than predicted by the model.

Conclusion

The existence of Stage 1 may theoretically be somewhat unreasonable, and transitioning directly from Stage 0 to Stage 2 seems more ideal. However, to address emergencies, members of the security committee can be granted the authority to delay withdrawals.

At the same time, entering stage 2 too early may also be a mistake, especially if it affects the strengthening of the underlying proof system. Ideally, there should be dedicated data providers showcasing the audit and maturity indicators of the proof system, while also displaying the current stage.

Overall, the evolution of security in L2 networks is a complex process that requires finding a balance between theoretical models and practical considerations to ensure the stability and reliability of the network.