The Good Tech Companies - Nuffle: The Ethereum Finality-As-A-Service Layer
Episode Date: January 11, 2025This story was originally published on HackerNoon at: https://hackernoon.com/nuffle-the-ethereum-finality-as-a-service-layer. Discover how Nuffle harnesses EigenLayer's ...cryptoeconomic security and NEAR's data availability to enhance Ethereum finality and fix rollup fragmentation. Check more stories related to tech-stories at: https://hackernoon.com/c/tech-stories. You can also check exclusive content about #ethereum-interoperability, #ethereum-rollups, #ethereum-layer-2-scaling, #blockchain-interoprability, #2077-research, #blockchain, #multi-chain-infrastructure, #good-company, and more. This story was written by: @2077research. Learn more about this writer by checking @2077research's about page, and for more stories, please visit hackernoon.com. Nuffle leverages EigenLayer's crypto-economic security and NEAR's data availability to enhance Ethereum's finality and enable efficient cross-rollup state verification. This innovation addresses state and liquidity fragmentation, improves cross-chain UX, and enables new applications like multichain lending and cross-chain DEXes.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Nuffle, the Ethereum finality as a service layer, by 2077 Research.
In retrospect, rollups have emerged as the definitive scaling solution for Ethereum on
decentralized technology as a whole. Nine months after Ethereum's Denkan upgrade,
which targeted rollup data availability scaling, transaction throughput has exceeded 200
transactions per second, representing a five-fold increase year-to-date. The two leading roll-ups,
Arbitrum and OpManet, have achieved stage 1 decentralization, surpassing several prominent
alternative layer 1 networks in decentralization metrics, with additional roll-ups potentially
targeting stage 2 decentralization in 2025.
Zero-knowledge-proof technology has progressed to enable verification of Ethereum-equivalent
transactions at subsent costs, establishing a pathway for efficient verification of thousands
of standard user transactions on the contemporary Ethereum blockchain. However, this advancement
presents new challenges. Multiple teams are de-veloping
independent blockchains atop Ethereum, with limited interoperability between them.
This limitation primarily stems from roll-ups in frequent finalization,
which impedes meaningful cross-chain communication. Furthermore, optimistic roll-ups,
which currently host the majority of ecosystem activity and total value locked
TVL,
face inherent technical constraints that prevent direct communication outside shared bridges,
creating a significant barrier to interoperability between major networks like Arbitrum and BASE.
The community has proposed various solutions, ranging from intent-based bridging and atomic swaps to comprehensive chain abstraction. Despite their differences,
these solutions share a fundamental requirement, a reliable source of truth, a protocol enabling secure state verification between rollups that is both rapid and cost-effective.
Among the prominent solutions, which typically rely on optimistic oracles,
across specialized operator consensus, Stargate via Layer 0, or centralized sequencer trust,
Polymer Hub, Nuffle Labs' fast finality layer, NFL, presents a compelling balance between efficiency,
security, and Ethereum alignment. This article examines NFFL's innovative approach to enabling
cross-roll-up state verification through Eigenlayer's restaking mechanism and NEARDA,
explores its architectural
design and development roadmap, and analyzes potential applications and their implications
for the ecosystem. A refresher on rollups. To understand the challenges NFFL addresses,
let's examine the fundamental architecture of rollups, their objectives, and their inherent
limitations. A rollup is a blockchain that utilizes another independent
blockchain for transaction ordering, data availability, and consensus, while executing
transactions externally in a manner verifiable by the parent blockchain. While many definitions
refer to the parent chain as Layer 1, L1, and the roll-up as Layer 2, L2, some frameworks don't
require L2s to use the L1 for data availability.
For clarity, this paper focuses specifically on rollups rather than the broader L2 category.
Of course, in our case, the parent L1 is the Ethereum blockchain.
It's responsible for sharing its consensus with the rollups, we'll elaborate on this later.
Let's analyze how rollups leverage Ethereum for their
core functions, transaction ordering, data availability, and consensus. Transaction
ordering rollups incorporate an entity called a sequencer, responsible for managing transaction
inclusion and ordering via the L1 network. The sequencer functions analogously to a block
producer in traditional blockchains. Specifically, IT accepts incoming transactions from users sequentially, aggregates them into batches,
comparable to L1 blocks, and periodically publishes these batches to a designated smart
contract on the L1. A smart contract on the L1 maintains an authoritative record of all
published transactions and their ordering. Rollup nodes must monitor this contract
to retrieve new blocks and transaction information. Once a batch is included in ANL1 block and that
block achieves finality through L1 consensus, the inclusion and ordering of all transactions
within that batch are guaranteed by the L1's security properties. To some extent, the sequencer
is a starter of the rollup. It helps the rollup actually
accept new transactions in the network, facilitating moving the state forward.
Some rollups implement decentralized sequencing, rotating set of specialized entities reducing the
risk of downtime of an otherwise centralized sequencer, and based sequencing, which doesn't
use any sequencer as the source of trust before it publishes the batch to the L1.
Based sequencing allows anyone to be a sequencer, but their batches are only used by the nodes when
published to the L1. This opens virtually no risk of sequencing downtime at the cost of slower
transaction inclusion, best case scenario is L1's 12 seconds per block. However, the sequencers do
not decide on the new state of things in the
rollup, even after execution of their own batches. Hence, sequencers start, but not necessarily,
run, the rollup, as their actions cannot directly lead to the malicious state transition.
Data availability, however, information about ordering of some transactions is not sufficient
fourth rollups nodes, as they don't possess the transactions themselves. In order to execute these transactions and determine their
outcome in the ROLUPS blockchain, the nodes must have full and unrestricted access to all
transactions in the batch. Consequently, ROLUPS sequencers must publish comprehensive transaction
data to the L1 in a manner that allows the rollup smart contract to verify data availability.
Once transaction data for a batch is included and finalized on Thel1,
its availability is guaranteed for all participating nodes.
Before Denkun upgrade, Ethereum rollups were posting transaction data in the input data call data of sequencing calls on the L1. Therefore, all transactions must have been
posted to the L1's blockchain forever.
This might sound reasonable, as we want all nodes, including future ones, to be able to
reconstruct the state of the rollup. However, this is very inefficient, as the Ethereum L1
cannot store large data on its ledger, whereas rollups, the high speedlanes of Ethereum,
are very data-intensive. Instead, we can make the rollup smart contract verify validity of the sequence transactions,
so Thothay nodes instantly follow the state in the contract, rather than reconstructing it from
all transactions starting from Genesis. Blobs Ethereum's Denkun upgrade last March had
introduced blobs, temporary cells of data that are stored outside the blockchain and pruned,
deleted by the networkase validators, after approximately 18 days.
As rollup bridges make it possible to reconstruct the state without re-executing transactions,
this property became very useful for rollups, which migrated from call data to blobs shortly after the upgrade. Speaking numbers, before Denkun, roll-ups totaled TPS was around 50. Today,
it's over 200, with theoretical limits at 400 to 800 TPS depending on the roll-up.
Beyond capacity improvements, Blobs eliminated the requirement to pay EVM gas costs for transaction
data storage, establishing a separate channel with specialized temporary storage and independent fee
pricing.
This architectural change has dramatically reduced transaction costs in rollups,
with fees dropping from 10 to 40 cents per transaction to sub-cent levels in networks like Base. Enshrined bridge, consensus, for simplicity, we've just flipped the definition
of the rollup upside down. Usually, all explanations start with a two-way bridge between the rollup and
its L1. It's fairly common among rollups to use the L1's native currency as its own,
to simplify estimating gas fees based on expenses of sequencers and proposers.
Moreover, many rollups want to get popular tokens in their ecosystem from day one,
for which bridging them from their L1 is the best choice.
Implementing a bridge-smart contract from L1 to the rollup is quite straightforward.
Rollup nodes already listen to all things happening in its contract. Thus we can implement
an L1 deposit function that all nodes will interpret as a command for issuing the respective
wrapped token on the rollup itself. However, trustless withdrawals require the bridge contract to validate all roll
transactions and determine their legitimate outcomes. This enables the bridge to process
valid withdrawal requests by releasing funds to authorized initiators on the L1.
This validation mechanism makes the bridge the definitive source of the rollup's canonical state.
Nodes align with the bridge's state transition regardless of alternative chain forks. Unlike traditional blockchains, rollups do not implement independent consensus rules for
chain's election. The bridge contract on the L1 is what defines the canonical chain.
Rollup settlement while sequencers manage transaction ordering and publication,
they represent only one component of rollup architecture. Rollups also incorporate
entities called proposers, responsible for convincing the L1 bridge of specific state
outputs resulting from newly sequenced batches. In essence, while sequencers establish transaction
occurrence and ordering, proposers demonstrate the outcomes of these transactions according to
the rollup's processing logic, such as its virtual machine. The proposer's
role varies significantly based on the roll-ups state validation approach. Two fundamentally
different methodologies exist, defining two categories of roll-ups, optimistic and zero
knowledge, ZK. Optimistic roll-ups and optimistic roll-ups, proposers regularly submit state updates
to the L1 bridge, typically alongside or shortly
after the sequencer's batch publications. These state updates include the new state route,
a cryptographic commitment to the roll-up's entire new state, after executing all transactions in
the Lattest batches. To prevent invalid state updates, the bridge implements a challenge period,
typically seven days, during which specialized actors called challengers can dispute the proposal by submitting a fraud proof.
This proof demonstrates that transactions were executed incorrectly by re-executing
the disputed transaction on the L1 and comparing results.
If a challenger successfully proves that a proposer submitted an invalid state transition,
the state output is reverted and the challenger is rewarded, often from a bond that proposers must post. This creates an economic game where
proposers are incentivized to submit only valid state transitions. Zero-knowledge rollups in ZK
rollups, proposers generate mathematical proofs, called validity proofs, or, more technically
correct, ZK proofs, that demonstrate the
correctness of every state transition. These proofs show that all transactions in a batch
were executed according to the rollup's rules without revealing the specific details of their
execution. The L1 bridge can quickly verify these proofs using efficient cryptographic operations
for about the cost of a token swap. Once a proof is verified, the bridge accepts the state update
as settled. This means proposers must do significant computational work before submitting state updates,
but those updates are settled much faster compared to optimistic rollups.
Settlement, Finality, and Interoperability. Settlement time through canonical bridges
varies significantly between rollup types, from 7 days for optimistic
roll-ups due to their challenge period, to several hours for ZK roll-ups due to proof generation
overhead and batch publishing costs. While this model works well for securing high-value
transactions that can tolerate delays, it creates significant friction for the broader DeFi ecosystem.
Consider how this impacts real-world usage. A user who wants to use their
Arbitrum-based collateral to take out a loan on base must first bridge their assets and wait up
to seven days before they can be used. A trader spotting an arbitrage opportunity between Uniswap
pools on different rollups would see the opportunity disappear long before they could
execute on it. A gaming application wanting to let players trade items across different rollup deployments would face unacceptable UX with such long delays. The crucial insight here
is that rollup nodes can actually observe state changes much faster, typically within seconds of
L1 block confirmation. While this state hasn't gone through full settlement in the canonical
bridge, it's based on transaction data that's already been ordered and finalized on Ethereum. Many centralized exchanges already leverage this property, crediting user deposits
from rollups after just a few block confirmations by running their own nodes and verifying transaction
finality on L1. This creates an interesting dichotomy in the rollup ecosystem. While
rollup shaves successfully scaled Ethereum's transaction throughput, they've introduced severe state and liquidity fragmentation. Each rollup effectively operates
as an independent blockchain that cannot efficiently verify the state of other rollups
without waiting for bridge settlement, despite all of them deriving their security from the
same underlying chain, Ethereum. What are the existing solutions to liquidity and state
fragmentation? The ecosystem has developed various approaches to overcome these limitations,
from centralized bridges to specialized off-chain networks.
These solutions typically make different trade-offs between three key properties.
Security. How strong are the guarantees that state verification is correct?
Speed. How quickly state can be verified across chains?
Cost. How expensive it is to maintain and use the solution. Most existing solutions optimize for speed and cost at the
expense of security often relying on trusted operators, multisigs, or optimistic mechanisms
with minimal economic backing. This has led to several high-profile bridge hacks, most notably the $625 million Ronin Bridge
exploit, highlighting the risks of sacrificing security for convenience. The fundamental
challenge is establishing a secure, source of truth about roll-up states that can
verify state changes within seconds or minutes rather than hours or days,
provide strong crypto-economic security guarantees. Operate cost-effectively
for both infrastructure providers and users. Integrate seamlessly with existing roll-up
architectures. This opportunity to enable secure fast state verification between roll-ups has
sparked significant innovation. Various teams are approaching the problem from different angles,
looking to create infrastructure that can power the next generation of cross-chain applications without compromising on security. In the following sections, we'll
explore how NFFL approaches this challenge through its novel combination of eigenlayers
restaking and near DA, creating a fast finality layer that strikes a careful balance between
security, speed and cost-effectiveness. Understanding Nuffle Fast Finality Layer,
NFFL, the Nuffle Fast Finality Layer, NFL, represents a novel approach to enabling secure
cross-chain interactions by providing fast state verification between rollups.
Rather than forcing developers to choose between security and speed, NFFL leverages Eigenlayer's
restate death to create a crypto-economically secured fast
finality layer that can attest to roll-up states within seconds. At its core, NFFL operates as an
actively validated service, AVS, running on Eigenlayer. A decentralized network of operators,
each running full nodes for participating roll-ups, verifies and attests to state updates.
These attestations are backed by the operator's
restate death, creating strong economic incentives for honest behavior. By combining this with NEAR's
data availability layer for efficient block data storage, NFFL enables applications to securely
verify cross-chain state in 2-3 seconds, orders of magnitude faster than canonical bridge settlement.
What makes NFFL particularly compelling is its pragmatic design approach.
Rather than trying to replace or compete with Ethereum's security model,
it provides a complementary layer optimized for use cases that require faster finality.
Applications can choose whether to rely on NFFL's crypto-economic security or wait for
full L1 settlement based on their specific needs. This flexibility allows NFFL's crypto-economic security or wait for full L1 settlement based on their specific
needs. This flexibility allows NFFL to improve the user experience for many cross-chain interactions
while maintaining strong security guarantees. The system introduces three key innovations.
1. A decentralized operator network that achieves consensus on roll-up states by comparing locally
executed state transitions against block data posted to nearDA. 2. A checkpoint-based task system that
enables efficient aggregation and verification of operator attestations while maintaining
accountability through eigenlayers slashing mechanisms. 3. A data storage mechanism using
NearDA allowing for easy retrieval of attested rollup data across all rollups.
This design allows NFFL to strike a careful balance between security, speed, and cost effectiveness, three properties that have traditionally been at odds in cross-chain
infrastructure. By providing fast yet secure state verification, NFFL opens up new possibilities for
cross-chain applications ranging from lending protocols to liquidity aggregators. In the following sections, we'll explore NFFL's architecture
in detail, examining how its various components work together to enable this new primitive for
cross-chain interaction. We'll also analyze its security model, discuss potential applications,
and look at the protocol's roadmap for future development.
In overview of NFFL core components, Operator CETA at the heart of NFFL lies its operator network,
a decentralized system that extends Ethereum's security to enable fast cross-rollup verification.
Rather than creating yet another siloed network requiring its own security assumptions,
NFFL is built as an actively validated service. AVS, on Eigenlayer. Allowing
it to tap directly into Ethereum's existing validator ecosystem. This architectural choice
is fundamental to understanding NFFL's security model. The same validators who secure Ethereum's
consensus can restate their ETH through Eigenlayer to become NFFL operators. In doing so, they put their stake DETH at risk
to back their attestations about rollup states. This creates a powerful security bridge between
Ethereum's consensus and NFFL's fast finality layer. When a rollup publishes new block data
to the L1, relayers forward it to NEARDA. Operators retrieve the block data through
both sources and make sure
they are equivalent. We'll explain further why publishing rollup data on NEARDAIS necessary
to make applications utilizing NFFL more convenient for users and developers.
After retrieving new rollup batches, the operators execute them in their rollup nodes.
Given they all run the same node software, they'll always appear with
same and correct state output. This state output then gets signed by all operators. When the
majority of operators agrees on a specific state, it's accepted by the system and can be transmitted
to registry contracts across all roll-ups. The economic security of such system has a very
interesting property that stems from Eigenlayer's slashing mechanics.
In Eigenlayer, actively validated services can implement a verification mechanism that is capable of detecting invalid attestations from operators and slash, liquidate, their deposit afterwards.
As NFFL somewhat preliminary settles, roll up state off-chain before it's settled in the bridge,
it's possible to objectively detect fraud by waiting for settlement delay and notifying the AVS contract about output inconsistency in the
attestation in the bridge. This economically disincentivizes fraudulent attestations,
as they can be detected and slashed by any entity watching the L1 and NFFL's state,
even without them running roll-up nodes. In other words, NFFL ensures, the network's claims,
operators are putting significant capital at risk to back their claims about roll-up states.
What makes this particularly powerful is how it aligns incentives across the system.
Operators earn fees for honest participation while risking significant losses for dishonesty.
The more ETH restaked into NFFL, the stronger these incentives become.
And because this security is derived from Ethereum through Eigenlayer, it partly benefits
from the same robust economic security model that secures hundreds of billions in value on
Ethereum itself. Messaging FLOW NFFL's messaging system represents an innovative approach to
handling cross-chain state verification at scale.
Instead of recording every state at station on-chain, which would be prohibitively expensive,
NFFL introduces AtWall layer system of messages and tasks that enables efficient off-chain
operation while maintaining strong on-chain security guarantees on demand.
Messages are the basic unit of communication in NFFL. When operators verify a new state,
they create and sign a message attesting to that state. These messages exist primarily off-chain,
circulating between operators and the aggregator without incurring on-chain gas costs.
There are two distinct types of messages that flow through the system.
State route update messages contain an operator's attestation about a roll-up state at a specific block height.
Each message includes not only the state route itself but also a reference to the near DA transaction containing the block data,
creating a verifiable link between the attested state and its underlying data.
Operator set update messages track changes in NFFL's operator set.
These messages are crucial for the system's security as they enable
roll-up registry contracts to maintain an up-to-date record of valid operators, ensuring
attestations are only accepted from authorized participants with stake at risk. Backslash dot.
While messages enable efficient state verification, they alone aren't sufficient to ensure the system's
economic security. This is where tasks come in. Tasks area on-chain units
of work that checkpoint the system's state at regular intervals. Rather than submitting every
message to Ethereum, operators periodically construct a sparse Merkle tree containing
all messages from a specific time period. The root of this tree is then submitted as a task response,
creating an efficient on-chain commitment to all off-chain attestations.
This checkpoint system is particularly clever because it enables selective verification of
any message without requiring all messages to be stored in-chain. Through Merkle proofs,
anyone can verify that a specific message was included in a checkpoint, enabling efficient
challenge mechanisms while keeping baseline costs low. You can think of it as creating a blockchain OFADI stations, where the checkpoints serve as block headers that commit
to all messages within a time period. The aggregator plays a crucial role in this system
by collecting operator signatures and making them available through an API. When operators sign
messages, they send them to the aggregator which verifies the signatures have reached quorum,
weighted by stake death, before exposing them for use by applications. This creates a clean interface for developers while maintaining the system's decentralized security properties.
We'll elaborate on aggregator service in the following section.
Aggregator service The aggregator acts as the coordination layer of NFFL,
efficiently managing the flow of messages
between operators and applications. While conceptually straightforward, its design
reflects careful consideration of both practical developer needs and decentralization principles.
At its core, the aggregator solves the tragedy of the commons problem in signature aggregation.
Without a dedicated service, each application using
NFL would need to independently collect and verify signatures from all operators,
an inefficient and costly process. Instead, the aggregator provides a single point of
collection for operator signatures, verifying quorum and exposing verified at stations through
a simple API. The signature aggregation process works as follows. Operators independently
sign messages attesting to state updates. These signatures are sent to the aggregator for
collection. The aggregator verifies signature validity and tracks quorum. Once sufficient
stake weight is reached, the aggregated signature becomes available. Applications can fetch these
attestations through the aggregator's API. This design significantly reduces the complexity for developers integrating NFL.
Rather than managing complex cryptographic operations or tracking operator stakes,
applications can simply request attestations for specific state updates through a clean API interface.
The aggregator handles all the complexity of signature collection, verification, and BLS aggregation behind the scenes.
Signature aggregation lets explore BLS aggregation used by NFFL further.
BLS signatures have a powerful mathematical property that allows multiple signatures to be combined into a single signature.
Instead of verifying N individual signatures from operators, which would be computationally expensive and gas-intensive, applications can verify a single aggregated signature that proves
collective agreement. The efficiency gains here are substantial. When NFFL operators sign a message,
they generate standard BLS signatures using their private keys. The aggregator can then combine
these individual signatures into one compact signature that proves
quorum agreement. The size and verification cost of this aggregated signature remains constant
regardless of how many operators participated, a property that makes the system highly scalable.
Moreover, the aggregated signature can be verified against the combined public keys of the signing
operators, weighted by their staked amounts to ensure economic security is properly accounted for. The registry contract then only needs to
perform one signature verification operation to confirm that sufficient stake weight has
attested to the state update. Aggregator and Checkpoints
It's important to note that, while the aggregator provides convenience,
it doesn't compromise NFFL's security model. The signatures it collects are
publicly verifiable, and its role is purely organizational rather than authoritative.
Applications can always independently verify that aggregated signatures represent legitimate
quorum from staked operators. The aggregator can either forge signatures nor hide valid
attestations, it simply makes them more accessible. The aggregator also plays a vital
role in the checkpoint system. By collecting all messages over time, it can construct the sparse
Merkle trees used in checkpoint tasks. This creates an efficient record of all attestations
that have passed through the system, enabling later verification if needed for security
challenges or auditing purposes. Registry contracts The registry
contract, deployed on each participating rollup, serves as the critical bridge between NFFL's
off-chain ATA stations and on-chain state verification. These contracts enable applications
to trustlessly verify the state of other rollups by validating NFFL's crypto-economically secured
DAT stations. What makes the registry particularly interesting
is how it maintains the security properties of NFFL across different chains. Each registry
contract keeps a local copy of NFFL's operator set, tracking changes through operator set update
at the stations. This means that while the operator set is managed through eigen layer on
Ethereum, its state is reliably mirrored across all participating rollups enabling them to independently verify attestations when an application needs to
verify another rollup state for instance a lending protocol checking collateral on arbitrum from
optimism it submits the relevant attestation to its local registry contract this attestation
includes the aggregated blS signature we discussed earlier,
along with the specific state route being attested to and its associated near DA transaction
reference. The verification process in the registry is remarkably efficient thanks to BLS
signature aggregation. The contract only needs to perform a single signature verification against
the weighted public keys of the current operator set. If signature is valid and represents sufficient stake weight, the registry accepts the attested
state as verified. This creates a trustless bridge between rollups that's both secure and
cost-effective. The registry creates a trust-minimized bridge between rollups that's
both secure and cost-effective. Through verification of aggregated signatures against the operator
set's weighted public keys, it can confirm that a state update has received sufficient
attestation weight to be considered valid. This enables applications to reliably verify
states across different roll-ups while inheriting FFL's economic security guarantees.
The registry also plays a crucial role in NFFL's challenge system. If a NAT station is later
proven fraudulent through the challenge system, the registry can invalidate it, protecting
applications from relying on incorrect state. This creates multiple layers of security,
immediate crypto-economic guarantees from state debt combined with longer-term fraud protection
through challenges. Fault classification and and Security Design in NFFL
NFFL's security model centers around detecting and penalizing two primary types of operator
misbehavior—safety faults and liveness faults. Safety faults are violations that affect the
integrity of the network by producing incorrect states or outcomes inconsistent with system rules.
There are two key types of safety faults that operators can commit.
Equivocation occurs when an operator signs multiple conflicting messages for the same event.
For example, signing attestations for different state routes at the same block height or attesting
to multiple different timestamps for the same block. Such behavior undermines the network's
ability to reach consensus on the canonical state. Invalid attestation happens when an operator signs a provably incorrect statement.
This could be attesting to an operator set update that doesn't match the on-chain state delta,
or signing a state root that doesn't correspond to correct execution of the block's transactions.
These faults can be objectively verified through on-chain data.
While safety faults directly attack correctness,
liveness faults affect the network's availability and efficiency. If operators consistently abstain
from participating in message signing, it impacts both network availability and increases verification
costs for users who need more signatures to reach quorum. The protocol tracks operator
participation through checkpoint tasks to identify and penalize such behavior.
The challenge process varies based on the type of fault and message being challenged.
For checkpoint tasks, challengers can prove either message inclusion or exclusion faults.
If a message with valid attestations from the checkpoint's time period was omitted,
or an invalid, out-of-period message was included, the challenge succeeds.
This is verified through Merkle proofs
against the checkpoint's message tree. Individual messages can be challenged after their checkpoint
period by proving the message's content was invalid. For example, operator set update messages
can be invalidated by showing the claimed update ID or operator delta doesn't match on chain state.
State root update messages can be challenged by demonstrating
the claimed state route is inconsistent with correct transaction execution. This multi-layered
verification system allows the protocol to maintain both fast operation through off-chain
messaging while preserving strong security guarantees through crypto-economic mechanisms.
By making invalid behavior provably detectable and economically punishable through eigenlayers
slashing, NFFL creates strong incentives for honest operation while enabling efficient
challenges when violations do occur. Real-world applications of NFL
By establishing a way for rapid and dust-cheap cross-rollup state reads, NFL opens a wide range
of applications that were not feasible with the current technological stack of the ecosystem. Let's explore some of the ideas, from something theoretical and simple to more complex
and specific applications, useful in the most popular areas of today's Ethereum ecosystem.
Hello protocol Let's start with a simple example, described in Nuffle Labs' official documentation,
a protocol that allows users to send, hello, messages between different rollups.
While basic, this demonstrates the core mechanics of how applications can leverage NFFL for cross-chain
communication. Consider a user wanting to send a message on network number 1 that will be read on
network number 2. The process begins when they submit a transaction on network number 1 recording
their, hello, message in the network's state. At this point, the message a transaction on network number one recording their hello message in the network
state. At this point, the message exists only on network number one and would normally require
waiting for the canonical bridge settlement, potentially hours or days, before it could
be verified by other rollups. This is where NFFL comes in. When the block containing this message
is produced, it gets posted to Near DAA by the network's relayer.
NFFL operators, running full nodes for both networks, verify this block data matches what their network number one node computed locally. Upon verification, they sign messages attesting
to the new state root. These attestations flow through NFFL's aggregator service,
which collects signatures until sufficient state weight has attested to the state. Once Quorum is reached, the aggregated signature becomes available through NFFL's API,
typically within seconds of the original block production.
Now comes the interesting part, consuming the message on network number 2.
The Hello Protocol's contract on network number 2 can accept a transaction containing
the storage proof showing the message exists in network number 2 can accept a transaction containing the storage proof showing
the message exists in network number 1's state. The NFFL attestation proving this state is valid,
a reference to the near DA transaction containing the block data. The protocol routes this data to
network number 2's registry contract, which verifies the attestation's signature against
its record of NFFL operators. If valid, this proves
the message exists in network number one's verified state, allowing the protocol to safely process it.
What makes this powerful is its combination of speed and security. The entire flow from message
submission to cross-chain verification can complete in seconds rather than hours or days
with canonical bridges. Yet the security comes from crypto-economic
guarantees backed by restaked ETH through Eigenlayer, rather than trusted operators
or optimistic assumptions. While sending, hello, messages may seem trivial, this same pattern
enables much more sophisticated cross-chain applications. The ability to quickly and
trustlessly verify state across rollups creates building blocks for everything from cross-chain DeFi to chain abstracted user experiences.
Fast and cheap token bridging building on these fundamentals.
Let's explore a more practical application.
A token bridge leveraging NFFL for rapid cross-rollup transfers.
The current bridge landscape forces difficult tradeoffs between speed, cost, and security.
But NFFL can reshape these dynamics and enable an improved bridging experience for users.
Today's leading bridges illustrate these tradeoffs clearly. Stargate, powered by Layer 0,
achieves relatively low costs but takes 10-30 minutes to complete transfers due to its operator network needing to achieve and relay consensus across multiple chains. Across provides near-instant transfers but at 10 to 100x higher costs,
primarily due to expensive UMA oracle outputs and slow, 6-hour rebalancing cycles that impact
liquidity efficiency. NFFL introduces a new paradigm here. By leveraging Eigenlayer's AVS
framework rather than maintaining a separate
operator network, NFFL can achieve consensus in roll-up states within seconds. This consensus
can be efficiently relayed through registry contracts across all participating roll-ups,
enabling bridge designs that combine Stargate's cost efficiency with even faster finality than
across. Consider a user moving ETH from Arbitrum to base. When tokens
are locked in the bridge contract on Arbitrum, NFFL operators quickly verify and attest to this
state change through their full nodes. Once the aggregator collects sufficient at stations,
the bridge contract on base can immediately verify the token lock through its registry
contract and release funds to the user. This speed and efficiency make many existing
bridge optimizations less relevant. For instance, intent-based bridging systems are often proposed
to work around slow finality. Users submit intents to bridge tokens, and these intents are matched
and executed by specialized actors. But with NFFL providing consensus nearly as fast as intent
matching would take,ges can instead use more
efficient liquidity pool designs similar to Stargate, but without its speed limitations.
The cost benefits here are substantial. Bridge operators don't need to maintain separate
consensus infrastructure or pay for expensive oracle outputs. Users receive tokens on the
destination chain in seconds while paying mainly for the basic gas costs of verification. Liquidity providers can manage positions more efficiently with faster rebalancing
cycles. As an added benefit, the system maintains strong security through eigenlayer slashing
mechanisms. Any fraudulent attestations would result in operators losing their stake debt,
while bridges can still verify final settlement through canonical bridges as an additional safety layer. Multi-chain lending protocol cross-chain lending represents perhaps
the most compelling immediate application of NFFL. Current lending protocols face significant
limitations due to chain fragmentation. Take Aave. Despite being deployed across multiple rollups,
each deployment operates in isolation, which creates several problems. Users wanting to use collateral across chains must bridge assets and weight,
fragmenting liquidity and reducing capital efficiency. Moreover, some deployments on
smaller roll-ups don't even have enough liquidity for any meaningful lending,
questioning AVE's marketing position of simple lending for everyone at any size.
Just use AVE might be better
framed as just use AVE, but only on its largest deployments, in this case. NFFL enables a
fundamentally different approach. Consider a lending protocol that maintains pools across
multiple rollups but uses NFFL to share collateral state between them. A user could deposit USDC as
collateral on base,
then immediately borrow USDT on Arbitrum against that same collateral, even though USDT isn't
deployed on base at all. The protocol's Arbitrum contract simply verifies the base collateral
position through NFFL attestations, with no bridging required. This creates powerful new
possibilities for capital efficiency.
Users can access the best rates across any supported roll-up without moving assets.
Liquidity providers can deploy capital where it's most needed without maintaining separate positions per chain. And because positions can be monitored in near real-time through
NFFL attestations, protocols can offer better rates while maintaining security.
The benefits extend
beyond basic lending. Consider a leveraged trading protocol that allows users to open positions
across multiple DEXs. A trader could deposit collateral on Arbitrum, then use it to open
leveraged positions on both Arbitrums and Basie's DEXs simultaneously. The protocol can monitor all
positions through NFFL attestations,
enabling quick liquidations if needed while giving traders access to the best prices across
the entire ecosystem. This model is dramatically simpler and more efficient than existing approaches.
Rather than complex bridge mechanisms or centralized price feeds, protocols can
directly verify positions through registry contracts. The fast finality from NFO
means they can operate with lower safety margins while maintaining security. And users get a
seamless experience accessing liquidity across the entire ecosystem. Cross-chain DEX. Deploy once,
use everywhere The current approach to scaling decentralized exchanges across rollups often
leads to absurd inefficiencies.
When protocols like Uniswap deploy to a new rollup, users initially face pools devoid of liquidity and missing critical trading pairs. Consider the recent Uniswap v3 deployment on
ZK-SYNC. Despite significant excitement and flow of funds from a recent ZK airdrop,
many pools remained unusable for days after launch due to insufficient liquidity.
Meanwhile, the same protocol's deployments on Arbitrum, Base, and other established chains
maintain deep liquidity, low fees, and efficient pricing for thousands of pairs.
This fragmentation creates friction throughout the ecosystem. Liquidity providers must split
their capital across chains, leading to worse pricing and higher slippage
everywhere. Users need to bridge tokens and wait whenever they want to access better liquidity on
another chain. Protocol teams must manage multiple deployments, each requiring separate maintenance
and monitoring. You've guessed it right, NFFL enables a fundamentally different approach again.
Let's explore this through two increasingly powerful
patterns. Consider a new DEX deploying exclusively to Arbitrum, chosen for its established DeFi
ecosystem and favorable gas costs. Rather than launching separate instances across chains,
it maintains unified liquidity pools on Arbitrum while enabling trading access from any roll-up.
Here's how a user on base might interact with it.
1. Alice wants to swap 10,000 Here's how a user on base might interact with it.
1. Alice wants to swap 10,000 USDC for ETH on base.
2. The DEX's base interface queries Arbitrum pool state via NFFL attestations.
3. Alice sees she can get better pricing than BASY's fragmented pools offer.
4. She approves the trade on base. 5. The transaction executes on arbitrum,
with the result attested back to base. The benefits of this unified liquidity are substantial.
Liquidity providers can concentrate their capital in one place, leading to better pricing and lower slippage. The protocol team only needs to manage one deployment, simplifying development
and reducing operational costs.
And users get consistent access to deep liquidity regardless of which roll-up they're using.
Such a protocol could utilize bridging pattern we've explored earlier to seamlessly manage swap
flow. At the waiting time of just a few seconds, the actual fact of bridging can be fully abstracted
away. This moves us excitingly close to the chain abstraction thesis that has recently become quite popular in the crypto community.
If it doesn't matter for the dApp what chain you're on, why would you care what chain you
and all these apps are on? A user can simply proceed to the app's website, connect their
wallet, and perform a wanted action. Done, but NFFL enables an even more powerful pattern, wrapping existing DeFi protocols
for cross-chain access. Instead of building competing liquidity pools, developers can create
helper protocols that make Arbitrum's massive Uniswap pools accessible from any rollup.
For example, consider Bob who needs to swap a long-tailed token pair on base.
Currently, his options are limited,
either bridge to another chain and wait, or accept extreme slippage from Basie's thin liquidity.
With an NFFL-powered wrapper around Arbitrum's Uniswap deployment, Bob could
1. Query available liquidity across all Arbitrum Uniswap pools via NFFL attestations.
2. Find deep liquidity for his desired pair in an established
arbitrum pool. 3. Execute the trade from base through the wrapper protocol. 4. Receive his
tokens on base once NFFL attests to the swap completion. This pattern is transformative
because it turns existing successful deployments into universal infrastructure. Instead of waiting
months or years for liquidity to build on new rollups, protocols can instantly tap into established
pools. This is dramatically more capital efficient and creates a better user experience.
The possibilities extend far beyond simple swaps. With NFFL's real-time state verification,
protocols could offer sophisticated features like cross-chain limit orders. A user could place a limit order on base against Arbitrum's liquidity, with the wrapper
protocol monitoring price movements through NFF Lotte stations and executing when conditions are
met. This model could reshape how we think about protocol deployment across rollups.
Rather than automatically deploying everywhere or joining the network effects of a specific chain,
protocols could strategically choose their primary chain based in factors like
gas costs for their specific operations, technological stack, virtual machine,
sequencing type, DA, etc. Regulatory considerations, then through NFFL,
they can still serve users across the entire roll-up ecosystem while
maintaining simpler, more efficient operations. The implications for MEV are also interesting.
With unified liquidity accessible across chains, MEV searchers would need to monitor and interact
with fewer deployments. This could lead to more efficient price discovery and better execution
for users across all roll-ups. As you may have already
noticed, this pattern of single-chain deployment with multi-chain access through NFFL could extend
well beyond DEXs. Any protocol that benefits from liquidity depth or network effects could
adopt this model lending protocols, options platforms, NFT marketplaces, and more.
The key insight is that NFFL makes cross-chain access nearly as
seamless as same-chain interaction, enabling protocols to optimize their deployment strategy
without sacrificing accessibility. In other words, NFFL makes Ethereum an ecosystem again.
Nuffle roadmap and future development. While NFFL already enables powerful new cross-chain applications, the protocol continues to evolve.
NFFL's development roadmap focuses on three key areas. Protocol security implementing
comprehensive challenge and slashing mechanisms through eigenlayer. Activating permissionless
operator participation with robust state management. Enhancing cross-chain state
verification with improved cryptographic Primitives,
BLS Right-Pointing Arrow ECDSA, Network Scalability Optimizing Signature Schemes
and State Propagation, Improving Checkpoint Efficiency and Verification Costs, Developer
Experience Building SDK and Tooling for Easy Integration, Expanding Support for Different
Roll-Up Types and VMs, creating documentation
and examples for common use cases.
In the following sections, we'll explore some of the most significant planned improvements
in detail.
BLS TO ECDSA One of the most significant planned changes
is the transition from BLS to ECDSA signatures.
Currently, NFFL uses BLS signatures to enable efficient aggregation. Multiple operator
signatures can be combined into a single signature that proves quorum agreement.
While this reduces verification costs, it creates challenges for operator set management across
chains. The issue stems from how BLS signature verification works. When verifying an aggregated
BLS signature, the verifier must use
exactly the same set of public keys that created it. This means that when the operator set changes
on Ethereum, all rollups must update to the exact same operator set before they can verify new
attestations. Even a small mismatch in operator sets between chains can prevent signature
verification and require to synchronize all messages of
operator set changes. ECDSA signatures, while requiring more space and computation to verify,
offer more flexibility. Individual operator signatures can be verified independently,
allowing for smoother transitions when the operator set changes. Rollups can verify
attestations as long as they recognize the signing operators,
even if their view of the complete operator set temporarily differs from Ethereum's.
This greater flexibility may be worth the minor increase in verification costs.
Dynamic operator SETS This signature change ties directly into another major protocol improvement,
implementing dynamic operator sets. The current system uses a static,
whitelisted set of operators. While this simplified initial development, it limits
the protocol's decentralization and scalability. A dynamic operator system would allow new operators
to join the network permissionlessly by staking through eigenlayer. This introduces several
technical challenges that need to be carefully addressed. First, the protocol must manage operator entry and exit queues.
When operators want to join or leave the network, these changes need to be coordinated across all
participating chains. The queue system ensures smooth transitions without disrupting the
network's ability to verify attestations. Second, the protocol needs mechanisms to
track operator performance and stake weight. As operators join and leave, the protocol needs mechanisms to track operator performance and stake weight.
As operators join and leave, the system must maintain accurate records of each operator's
stake and their rights to participate in consensus. This becomes more complex with a dynamic set
compared to the current whitelisted approach. Finally, the protocol must handle operator set
updates across chains efficiently. When the operator set changes on Ethereum, these updates need to propagate to all participating
rollups through their registry contracts. The planned ECDSA transition will help here by
making these updates more flexible. Taking off the training wheels another critical area of
development is the activation of permissionless challenge and slashing mechanisms. These mechanisms
are essential for enforcing honest behavior and providing the economic security guarantees that is the activation of permissionless challenge and slashing mechanisms. These mechanisms are
essential for enforcing honest behavior and providing the economic security guarantees
that NFFL release in. The challenge system centers around the checkpoint task mechanism.
When operators submit checkpoints containing Merklized messages from a time period,
anyone can challenge these checkpoints if they believe they contain invalidat stations.
A successful challenge can arise from several types of faults. First, safety faults that directly affect network
integrity. These include equivocation, where an operator signs multiple conflicting messages for
the same case, like attesting to different state routes for the same block. They also include
invalid at stations, where an operator signs off on provably incorrect
state transitions or operator set updates. Second, liveness faults that impact network
availability. If operators consistently abstain from participating in message signing,
this affects the network's ability to verify states efficiently. The challenge mechanism
must balance penalizing such behavior while accounting for legitimate downtime.
Backslash. The protocol will implement a collateral-based challenge system.
Challengers must lock collateral when submitting a challenge, which they forfeit if the challenge proves invalid. However, if they successfully prove an operator fault, they receive a reward
from the slashed operator's stake. This creates economic incentives for monitoring operator behavior while preventing
frivolous challenges. For state route updates, the challenge process is particularly interesting.
After an operator attests to a roll-up state, this can be challenged by proving either that
the relevant block data wasn't properly posted to Near DA or that the attested state doesn't
match the canonical state after settlement. This requires challengers
to provide proofs through the rainbow bridge for near-DA verification, creating multiple layers of
security. The slashing mechanism itself will be implemented through eigen-layer-smittleware
contracts. When challenges succeed, operators lose a portion of their stake dead. The slashing
parameters are designed so that potential loss significantly exceed any gains
from malicious behavior. Some of this slashed stake is awarded to successful challengers,
while the remainder might be distributed to honest operators or used for protocol development.
These mechanisms create a comprehensive security framework. Operators face significant financial
penalties for misbehavior, challengers are incentivized to monitor the network, and applications can rely on crypto-economic guarantees backed by restaked
ETH. The challenge periods are much shorter than optimistic roll-UP fraud proofs, while still
providing strong security through eigenlayer slashing mechanics. The future of fast finality
on Ethereum. While NFFL provides an immediate solution for cross-rollup state
verification, it's worth examining how the protocol fits into Ethereum's broader scaling roadmap.
The key question many ask is, will NFFL still be relevant as rollup technology advances?
The answer becomes clear when we examine fundamental settlement limitations in
different rollup designs. Optimistic roll-ups, despite their popularity
and maturity, cannot fundamentally settle faster than their fraud pro of window, typically seven
days. While solutions like Optimism's Superchain and Arbitrum Orbit enable faster communication
between roll-ups sharing a bridge, they don't help with interoperability outside their specific
ecosystems, for example, between those two. ZK rollups face different but equally
important constraints. Even as ZK proof technology improves dramatically, there are practical limits
to settlement speed. Even if we reach a point where proofs can be generated for every L1 block,
Ethereum must still have capacity to verify multiple ZK proofs per block across different
rollups. When this becomes possible, settlement
will still be bound by L1 block time, at least 12 seconds under current parameters.
NFFL offers a different approach by utilizing signed sequencer attestations from rollups.
Instead of waiting for batches to be published on L1, NFFL operators can verify and attest to
state changes as soon as they're produced by the
sequencer. This enables cross-chain state verification in seconds while maintaining
strong crypto-economic security through Eigenlayer. Importantly, NFFL should not be
viewed as competing with or threatening Ethereum's roll-up security model. Rather,
it provides a complementary tool that enables new possibilities within the modular Ethereum ecosystem.
ApplicationScan use NFFL for rapid state verification while still relying on canonical settlement
through L1 when needed.
This creates a richer toolkit for developers to build cross-chain applications with security
models appropriate to their specific needs.
Conclusion NFFL represents a novel approach to solving one of the most pressing
challenges in Ethereum's modular ecosystem, enabling secure and efficient cross-roll-up
state verification. By leveraging Eigenlayer's restaked ETH for economic security and NearDA
for efficient data storage, NFFL creates a fast finality layer that can verify roll-up states
within seconds rather than hours or days.
The protocol's thoughtful design choices reflect deep understanding of the challenges in cross-chain infrastructure. Rather than attempting to replace roll-up's security model, NFFL provides a
complementary layer optimized for specific use cases that require faster finality.
The checkpoint-based task system enables efficient off-chain operation while
maintaining strong on-chain security guarantees. And the registry contract architecture allows
roll-ups to trustlessly verify states while inheriting NFFL's economic security.
Perhaps most importantly, NFFL enables a new generation of cross-chain applications that
were previously impractical. From unified lending protocols that
share collateral across roll-ups to DEX wrappers that make established liquidity universally
accessible, NFFL's fast state verification creates building blocks for true chain abstraction.
This has profound implications for capital efficiency and user experience across the
ecosystem. The protocol's roadmap demonstrates commitment to continuous improvement.
Planned upgrades like the transition to ECDSA signatures and implementation of dynamic operator
sets will enhance decentralization and scalability. The activation of comprehensive
challenge and slashing mechanisms will strengthen security guarantees. And integration with
additional DA solutions beyond NEAR will make NFFL even more universal.
As Ethereum's roll-up ecosystem continues to evolve, the need for secure cross-chain
state verification will only grow. NFFL's approach of extending Ethereum's security
through restaking while optimizing for speed and cost-effectiveness positions it well to
serve this need. By enabling new forms of cross-chain interaction while maintaining strong
security guarantees, NFL contributes to making Ethereum's modular vision a reality.
Tip authors note. A version of this article was originally published here.
Thank you for listening to this HackerNoon story, read by Artificial Intelligence.
Visit HackerNoon.com to read, write, learn and publish.