Share this page!

Matthew Green Profile picture
Twitter logo
9 Jul, 8 tweets, 2 min read
Every article I read on (ZK) rollups almost gets to the real problem, and then misses it. The real problem is the need for storage. ZK proofs won’t solve this.
I keep reading these articles that talk about the problems with rollups. And they’re good articles! E.g.: medium.com/dragonfly-rese…
But they always reach a point where they realize that the problem is state storage, and then they handwave that the solution is going to be something like Mina or zkSync, which don’t fully solve the state storage problem.
The problem here is that smart contract systems have three kinds of state:

1. Public state (eg total supply of an ERC20)
2. User-owned state (eg your balance in an ERC20)
3. Useless cruft (eg a specific set of transaction structures, block headers, etc.)
ZK-style rollups can help eliminate most of the cruft (category 3).

In principle they can also push storage responsibility for some types of user-owned state onto the users themselves (with a lot of careful engineering work.)

So what’s left is “only” public contract state.
But that public contract state has to be held in a place where it is guaranteed to be available for a while, and can even be moved around if rollup servers die. I feel like all current public discussion discounts the scaling limitations this will create.
Note that I’m not saying “nobody is working on this”. Lots of people are thinking about it. I just don’t think people are publicly explaining how much of a giant PITA it will be. And how ZK solutions (even if they work) will just leave you stuck with a state storage problem.
And I’m afraid that given the incentives, there’s a very simple solution to all of this: just keep the state on a centralized server, rather than designing it to be available and move around.

But once you do that, you may as well just be Binance Smart Chain.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

Matthew Green Profile picture
9 Jul
Wait, why would we care if they were hacked? Wouldn’t that just mean more people worldwide gained access to an effective vaccine?
Is this what it feels like to become a pirate?
Ok having actually, you know, looked at the article — it’s about disruptive hacking. Stopping that seems like it’d be a pretty good thing.
Read 4 tweets
Matthew Green Profile picture
7 Jul
This new EU legislation granting providers the right to “voluntarily” scan private messages doesn’t break encryption, or take us to a regime of mandatory mass surveillance. But it definitely sets the stage.
What’s remarkable about this stuff is that it’s phrased as “protecting children from child abuse”. And as a parent I appreciate that. But has anyone explored, empirically, if any of this surveillance actually works to stop the problem?
Here in the US we’ve built an enormous surveillance system to detect instances of child sexual abuse material, it’s been running for years, and the number of reports is going up exponentially.

How many pedophiles are there? Isn’t it a smallish number?
Read 8 tweets
Matthew Green Profile picture
6 Jul
I was going to laugh off this Kaspersky password manager bug, but it is *amazing*. In the sense that I’ve never seen so many broken things in one simple piece of code. donjon.ledger.com/kaspersky-pass…
Like seriously, WTF is even happening here. Why are they sampling *floats*? Why are they multiplying them together? Is this witchcraft? Image
And here, Kaspersky decided that instead of picking a random password, they should bias the password to be non-random and thus “less likely to be on a cracker list”. 🤦🏻‍♂️ ImageImage
Read 13 tweets
Matthew Green Profile picture
4 Jul
I’m struggling to understand how a 1-bit hash error can get irreversibly incorporated into CT, while all the blockchains of the world hum along happily. groups.google.com/a/chromium.org…
The problem here is not that a hash can be corrupted, because that happens. The problem is that somehow the totally “breaks” the CT log? Seems like an avoidable design error. But it’s early and I’m still drinking my coffee.
Anyway, it seems to me that every cryptographic system should be built with the assumption that something (memory, network, 56K phone modem) will introduce errors, and the system will detect those errors — but not by exploding.
Read 5 tweets
Matthew Green Profile picture
16 Jun
This is an amazing paper. It implies (with strong statistical evidence) that the design of a major mobile-data encryption algorithm — used in GPRS data — was deliberately backdoored by its designer. eprint.iacr.org/2021/819
The GPRS standards were extensions to the GSM (2G/3G) mobile standard that allowed phones to use data over cellular networks. This was before LTE. For security, the standards included encryption to provide over-the-air security for your data. 2/
As is “normal” for telephony standards, the encryption was provided by two custom ciphers: GEA-1 and GEA-2. While there were strong export control regulations in place for crypto, there’s little overt indication that either of these ciphers was deliberately weakened. 3/
Read 14 tweets
Matthew Green Profile picture
14 Jun
My wife has upgraded both dogs to have a Tile and an Airtag each. I think she’s worried about lack of Android support?
Our dogs are each dragging around enough microprocessor hardware to land the Apollo missions. Image
For scale: these are not large dogs. Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @matthew_d_green has new unrolls!

Check out other threads from @matthew_d_green!

Read all threads by @matthew_d_green

:(