Bitcoin Rollups and Trust-Minimized Claims

The dominant model, used by Stacks and Rootstock, relies on a permissioned committee to secure the bridge. This is a single point of failure and a regression from Bitcoin's trust model.

• Security: Custodial, requires trusting ~8-15 entities.
• Withdrawal Latency: Instant to a few hours, dependent on committee honesty.
• Adoption Driver: First-mover advantage and ~$1B+ in existing TVL.

Pioneered by rollups like those on Ethereum, this model uses a fraud proof or validity proof system secured by a bond. On Bitcoin, the challenge is the lack of a native execution environment to verify proofs, pushing trust to an off-chain verifier network.

• Security: Cryptoeconomic, but with off-chain trust assumptions.
• Capital Efficiency: Requires $M+ in bonded capital for safety.
• Complexity: Introduces new attack vectors like data withholding and verifier collusion.

The purist's approach, requiring a Bitcoin consensus change (like OP_CAT or OP_CHECKTEMPLATEVERIFY) to enable non-custodial bridges. This delegates security entirely to Bitcoin's ~1.4M BTC in miner hash power but is politically untenable.

• Security: Maximally trust-minimized, inherits Bitcoin's full PoW.
• Time to Market: Indefinite timeline, subject to multi-year community governance.
• Viability: A theoretical ideal that cedes the entire market to compromised solutions.

Stacks uses Proof-of-Transfer (PoX) to inherit Bitcoin's security for consensus, but execution is its own chain.\n- Security Model: Consensus secured by Bitcoin miners via PoX; execution is sovereign.\n- Trust Assumption: Users trust the Stacks miner set, which is economically aligned with Bitcoin.\n- Key Trade-off: Not a rollup; slower finality (~10 mins) but avoids centralized sequencer risk.

Merlin Chain uses an optimistic rollup model with ZK fraud proofs, aiming for a balance between cost and security.\n- Security Model: Data posted to Bitcoin; fraud proofs secured by a permissioned set of challengers.\n- Trust Assumption: Users trust the challenger committee (initially) and the data availability on Bitcoin.\n- Key Trade-off: Faster than Stacks but inherits the 7-day challenge period and committee trust of optimistic designs.

Build on Bitcoin (BOB) is a ZK rollup that posts validity proofs and data to Bitcoin, aiming for maximal trust minimization.\n- Security Model: Cryptographic security via validity proofs; full data availability on Bitcoin.\n- Trust Assumption: Users trust the cryptographic setup and that data is available (inherited from Bitcoin).\n- Key Trade-off: Highest security akin to zkSync or Starknet, but faces Bitcoin's high data cost and limited throughput.

Ethereum L2s settle to a smart contract. Bitcoin has no such capability, forcing L2s to invent novel, often weaker, security bridges.\n- Core Issue: No on-chain verification of state or proofs, only data posting.\n- Result: Security is a spectrum from economic (Stacks) to committee-based (Merlin) to cryptographic (BOB).\n- Comparison: Contrasts sharply with Arbitrum or Optimism which have enforceable on-chain fraud proofs.

The endgame is a modular stack where proofs are commoditized and sequencing is decentralized, minimizing single-point failures.\n- Proof Marketplace: Like Espresso Systems, enabling rollups like BOB to auction proof generation.\n- Shared Sequencer: Decentralized network for ordering transactions, mitigating risks seen in early Arbitrum and Optimism.\n- Outcome: L2s become execution layers; security and ordering are modular services.

No Bitcoin L2 is truly trust-minimized today. The choice is which trust assumption you prefer: miners, committees, or provers.\n- For Max Security: BOB's ZK path is correct, but wait for cost reductions.\n- For Speed Now: Merlin offers a pragmatic hybrid, similar to early Optimism.\n- For Bitcoin Maximalists: Stacks offers deepest Bitcoin alignment, sacrificing speed.

Bitcoin's 1MB blocks and 10-minute intervals make it a terrible data availability (DA) layer for rollups. Forcing all data on-chain defeats the purpose, creating a scalability ceiling and high costs.

• Data Bloat: Storing rollup data on L1 negates scaling benefits.
• Cost Prohibitive: ~$1M+ daily to post data for a moderately active chain.
• Speed Limit: Finality gated by Bitcoin's block time.

Modern Bitcoin rollups like Citrea and BitVM-based chains separate data from verification. They post only a cryptographic commitment (e.g., a hash) to Bitcoin, with full data on a separate DA layer.

• Trust-Minimized: Validity proofs (ZK) or fraud proofs enforce correctness.
• Scalable: DA layers (Celestia, Avail, EigenDA) handle ~$0.01/MB.
• Sovereign: Bitcoin acts as a verification court, not a storage unit.

The core innovation isn't speed—it's leveraging Bitcoin's security for dispute resolution. Models like BitVM 2 allow a single honest party to challenge invalid state transitions, forcing a fraud proof on-chain.

• Censorship Resistance: Challenges are Bitcoin transactions.
• Capital Efficient: Requires only one honest watcher.
• Protocol Minimalism: No changes to Bitcoin consensus; uses existing opcodes.

Not all claims are equal. ZK proofs (Citrea, B² Network) offer cryptographic finality but require complex circuits. Fraud proofs (BitVM 2) are conceptually simpler but have a challenge period (~1 day) and heavier on-chain footprint during disputes.

• ZK Rollup: ~1 hour proof generation, instant finality.
• Optimistic Rollup: Instant soft confirmation, 7-day challenge window.
• Bridge Risk: The withdrawal bridge remains the critical trust point.

Building a Bitcoin rollup is not just about consensus. Developers face a missing middleware stack: no native equivalent to Ethereum's EVM/Solidity tooling, indexers, or oracles.

• Execution Layer: Needs a Bitcoin-native VM (e.g., RGB, Spaces).
• Indexing: UTXO-based state is harder to query than account-based.
• Oracles: No mature Chainlink/Band Protocol equivalent for Bitcoin L2s.

Choose your rollup stack based on security model first. If you need fast, provable finality for DeFi, prioritize ZK rollups with off-chain DA. For general-purpose apps where maximal Bitcoin alignment matters, explore Optimistic/BitVM models.

• TVL is Fragile: Early $100M+ TVL is marketing, not security.
• Watch the Bridge: The weakest link defines the chain's security.
• Long Game: This is infrastructure decade one; expect rapid iteration.