Zkrollup Specializing Parachain


Considering usability, layer 2 operator should be single for each blockchain and conversion between layer 1 and layer 2 should be seamless. By implementing zkrollup verification function as runtime built-in and, replacing on chain signature algorithm and arithmetic domain with zero knowledge friendly, we can realize simple to use zk rollup.


I think the things make zk rollup complex are mainly two. It’s because there is no

  1. composability between other layer 2
  2. compatibility between layer 1 and layer 2


This means that layer 2 projects can’t interact with together. Ethereum has several layer 2 projects but they don’t interact with together as in Scroll zkevm and Polygon zkevm don’t interact with together. Users may be confusing with this architecture because they don’t know which layer 2 they should use.


This means that users need to use different wallet on layer 1 and layer 2.When users use rollup, they need to generate extra wallet on layer 2 because of signing algorithm difference. On Ethereum main chain, the signing algorithm is Ecdsa and arithmetic domain is uint256 but on layer 2, the signing algorithm is Eddsa and arithmetic domain is Twisted Edwards scalar field. It’s a bit complicated for normal users to manage both wallet.

These problems can be solved by changing runtime data structure and implementing built-in function.



One solution of this problem is to prepare official single rollup by implementing zk rollup verification function as built-in, adding operator role and nominating layer 2 operator. Users don’t get lost about which rollup they use.


Solution of this problem is to use same signing algorithm and arithmetic domain on layer 1 and layer 2. By doing so, users don’t have to manage two different wallet and can reuse layer 1 wallet on layer 2.


As premise, users balance storage value are expressed as Twisted Edwards scalar field and runtime signing algorithm is Eddsa. There is rollup balance in addition to normal balance storage to lock the assets. There is operator role on runtime.

  1. Users reclassify their balance to rollup balance
  2. Operator collect rollup balance and generate proof
  3. Operator synchronize rolluped transactions with layer 1 and remove rollup balance
  4. Users can transfer on layer 2 with their layer 1 wallet

User’s asset is locked while their assets are in rollup balance.
Operator is selected by governance, auction or something.
Everyone can be operator.
When operator is not live more than specific time, users can withdraw their assets from rollup.
Layer 2 transactions data are provided to layer 1 calldata when operator synchronization.


In above case,

  • Users assets are protected from operator
    Operator can’t steal users asset because of zero knowledge proof verification and users can withdraw their assets when operator disappears.
  • Operator can restore layer 2 state
    When operator synchronizes layer 2 state with layer 1, its state is passed and verified on chain. Operator can restore latest valid state from it.


I think users would accept authority if it’s verifiable.
When the rollup is multiple, it causes the conflict when they refer same state.
The most significant feature of Polkadot is that we can modify data structure.
I think cryptographic data structure blockchain is interesting R&D and differentiation from other blockchain.

I would appreciate it if you feedback.
Thank you!