pith. sign in

arxiv: 2604.21055 · v1 · submitted 2026-04-22 · 💻 cs.CR · cs.CY

Layer 2 Blockchains Simplified: A Survey of Vector Commitment Schemes, ZKP Frameworks, Layer-2 Data Structures and Verkle Trees

Ekleen Kaur , Marko Suvajdzic This is my paper

Pith reviewed 2026-05-09 23:51 UTC · model grok-4.3

classification 💻 cs.CR cs.CY
keywords layer 2 blockchainszero-knowledge proofsvector commitmentsverkle treessecurity assumptionsthreat modelzkp frameworkscryptographic reductions
0
0 comments X

The pith

Layer-2 blockchain security reduces to the hardness assumptions of Groth16, Plonk, KZG and IPA.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper sets out to deliver the first unified survey that traces every major Layer-2 component back to the concrete cryptographic assumptions that protect it. A sympathetic reader would care because moving computation off the main chain creates new surfaces—sequencers, bridges, data availability—that cannot be judged without knowing which mathematical problems they rely on. The work walks through the progression from Layer-1 primitives to modern L2 structures, examines the security assumptions behind zero-knowledge frameworks and their commitment schemes, and assembles a single threat model covering liveness, bridge exploits, and availability failures. If the mapping is accurate, anyone evaluating or building an L2 system can apply the same reductions used to prove the underlying proofs secure.

Core claim

The paper claims that existing accounts of Layer-2 risks remain fragmented and therefore supplies one coherent mapping from L2 architecture to the security assumptions of ZK frameworks such as Groth16 and Plonk together with their corresponding vector commitment schemes KZG and IPA. It analyzes the relevant hardness assumptions—discrete logarithm, computational Diffie-Hellman, bilinear Diffie-Hellman—and formalizes a threat model that explicitly addresses sequencer liveness, bridge exploits, and data-availability failures.

What carries the argument

The reduction of Layer-2 components to the cryptographic assumptions underlying ZKP frameworks and vector commitment schemes.

If this is right

  • L2 designers can justify security claims by direct reference to the same assumptions used for the proofs themselves.
  • Bridge and sequencer implementations can be audited against one consistent threat model rather than ad-hoc lists.
  • Data-availability schemes can be evaluated by checking whether they inherit the same hardness assumptions as the rest of the system.
  • New Layer-2 proposals can be compared by the strength of the cryptographic assumptions they invoke.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same reduction technique could be applied to newer proof systems that post-date the frameworks analyzed here.
  • Scalability improvements in L2 might be shown to rest on stronger or weaker assumptions than the underlying Layer-1 chain.
  • A standardized threat model could make security comparisons across competing L2 projects more objective.

Load-bearing premise

That prior literature on Layer-2 risks is too fragmented for a single rigorous mapping to cover the main ZKP frameworks and commitment schemes without important omissions.

What would settle it

An L2 attack or failure mode that cannot be expressed in terms of the discrete-logarithm, computational Diffie-Hellman or bilinear Diffie-Hellman assumptions, or a widely deployed ZKP framework missing from the survey's analysis.

read the original abstract

Layer-2 (L2) protocols address the fundamental limitations of Layer-1 (L1) blockchains by offloading computation while anchoring trust to the parent chain. This architectural shift, while boosting throughput, introduces a new, complex security surface defined by off-chain components like sequencers, bridges, and data availability mechanisms. Prior literature[31][33] offers fragmented views of this risk. This paper presents the first unified, security-focused survey that rigorously maps L2 architecture to its underlying cryptographic security. We dissect the technical progression from L1 primitives to the core of modern L2s, analyzing the security assumptions(Discrete Logarithm, Computational Diffie-Hellman, Bilinear Diffie-Hellman) of ZK frameworks (Groth16, Plonk) and their corresponding commitment schemes (KZG, IPA). We formalize a comprehensive L2 threat model encompassing sequencer liveness, bridge exploits, and data-availability failures. This work serves as an accessible yet rigorous reference for researchers and developers to reason about L2 security from a deep crypto-mathematical perspective.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The paper presents a survey on Layer 2 blockchains, emphasizing vector commitment schemes, ZKP frameworks, Layer-2 data structures, and Verkle trees. It claims to offer the first unified, security-focused analysis that maps L2 architectures to cryptographic primitives, including analysis of ZKP schemes like Groth16 and Plonk, commitment schemes like KZG and IPA, their security assumptions (Discrete Logarithm, CDH, BDH), and a threat model covering sequencer liveness, bridge exploits, and data availability failures. The work aims to serve as a reference for reasoning about L2 security from a deep crypto-mathematical perspective, addressing fragmentation in prior literature.

Significance. If the survey achieves comprehensive coverage and rigorous mapping without significant gaps, it could provide significant value as a consolidated reference for the field, helping researchers and developers navigate the security implications of L2 protocols. The strength lies in its synthesis of standard cryptographic elements into an L2 context, though as a survey it relies on external references rather than original derivations.

major comments (1)
  1. Abstract: The claim that this is the 'first' unified survey is not supported by evidence in the text, such as a comparison showing how it improves upon or differs from [31] and [33] in coverage of ZKP frameworks and commitment schemes. This assertion is central to the paper's positioning and should be substantiated.
minor comments (2)
  1. Abstract: The references to prior literature [31][33] are cited but not described; a brief overview of their contributions and identified gaps would strengthen the motivation.
  2. Threat model section: Ensure that the formalization of the L2 threat model explicitly connects each threat (e.g., sequencer liveness) to the relevant cryptographic assumptions discussed earlier.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive feedback and recommendation for minor revision. We address the single major comment below and will incorporate the suggested changes to strengthen the manuscript.

read point-by-point responses

  1. Referee: Abstract: The claim that this is the 'first' unified survey is not supported by evidence in the text, such as a comparison showing how it improves upon or differs from [31] and [33] in coverage of ZKP frameworks and commitment schemes. This assertion is central to the paper's positioning and should be substantiated.

    Authors: We appreciate the referee's observation. The abstract notes that prior literature [31] and [33] offers fragmented views, and positions our work as the first unified security-focused survey that maps L2 architectures to cryptographic primitives including ZKP schemes, commitment schemes, their security assumptions, and a comprehensive threat model. We agree that an explicit comparison would better substantiate this claim. In the revised manuscript, we will expand the introduction (or add a comparison subsection) with a detailed discussion and possibly a table contrasting our coverage of vector commitments, ZKP frameworks (Groth16, Plonk), commitment schemes (KZG, IPA), security assumptions (DL, CDH, BDH), L2 data structures, Verkle trees, and the integrated threat model against the scope of [31] and [33]. revision: yes

Circularity Check

0 steps flagged

No circularity: standard survey synthesis of external literature

full rationale

This paper is a descriptive survey that organizes and maps existing cryptographic primitives, ZKP schemes, and L2 threat models from prior literature. It explicitly positions [31][33] as fragmented external sources and claims to provide unified coverage, but introduces no derivations, equations, fitted parameters, or self-referential steps that reduce to the paper's own inputs. The central claim reduces to synthesis and organization rather than any self-definitional, prediction-from-fit, or self-citation load-bearing construction. No load-bearing step exhibits the required reduction to its own premises.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The survey draws on established cryptographic primitives and assumptions from the literature without introducing new free parameters, axioms, or entities.

axioms (1)
  • domain assumption Cryptographic hardness assumptions including Discrete Logarithm, Computational Diffie-Hellman, and Bilinear Diffie-Hellman
    These are invoked in the analysis of ZK frameworks (Groth16, Plonk) and commitment schemes (KZG, IPA) as per the abstract.

pith-pipeline@v0.9.0 · 5504 in / 1414 out tokens · 46783 ms · 2026-05-09T23:51:20.777010+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

13 extracted references · 13 canonical work pages

  1. [1]

    It works as follows:

    Hash Time Lock Contract (HTLC) & Mass Exit Initiation 3.1 HTLC Definition and Cryptographic Construction An HTLC is a conditional payment mechanism that uses a hashlock and a timelock to enforce a multi-hop payment. It works as follows:

    work page

  2. [2]

    A sender creates a secret (pre-image) and provides its hash to the receiver. 2. The sender locks the funds with a hashlock , requiring the receiver to reveal the pre-image to claim the funds

    work page

  3. [3]

    If the receiver fails to claim the funds before the deadline, the payment is returned to the sender

    A timelock is also set, giving the receiver a specific amount of time to claim the funds. If the receiver fails to claim the funds before the deadline, the payment is returned to the sender. Encryption Scheme: H(R)=P ● H here is represented as a cryptographic hash function (like: SHA-256). ● R is the secret preimage. ● P is the public hash value. HTLCs ar...

    work page

  4. [4]

    Completeness: An honest prover can always convince the verifier if the statement is true. 2. Soundness: We define soundness given a dishonest prover cannot convince to a given verifier that a chosen statement is indeed false

    work page

  5. [5]

    Zero-Knowledge: The verifier learns nothing about the secret information beyond the truth of the statement. In the scientific domain of blockchain, ZKPs are particularly useful for enhancing privacy and scalability, allowing for confidential transactions and the compression of large batches of off-chain transactions into a single, verifiable proof. Key st...

    work page

  6. [6]

    Proof generation – a cryptographic ZKP is generated, showing that the new state (balances, contracts, etc.) is valid according to blockchain’s rules

    work page

  7. [7]

    On-chain verification – the ZKP is submitted to onchain L1, PoS validators only need to check the small proof, not re-run every transaction

    work page

  8. [8]

    4.3.2 Mathematical Computations behind ZKPs The magic of ZKPs lies in a series of mathematical steps that transform a large, complex computation into a simple, verifiable proof

    Security guarantee – if the proof verifies, it is mathematically impossible for invalid state transitions to be probabilistically possible. 4.3.2 Mathematical Computations behind ZKPs The magic of ZKPs lies in a series of mathematical steps that transform a large, complex computation into a simple, verifiable proof. This process can be broken down into tw...

    work page

  9. [9]

    bilinearity

    Mathematical Computation Model of ZKPs 5.1 Assumptions for ZKP Security 5.1.1. Discrete Logarithm (DL) Assumption The Discrete Logarithm (DL) problem is a fundamental assumption in modern cryptography. Given a base element g and a point h in a cyclic group, it's computationally infeasible to find the integer x such that gˣ = h. This assumption underpins t...

    work page 2020

  10. [10]

    Evaluations on a subgroup rather than coefficients of monomials,

    Multiplication Gate (a ⋅ b=c): ○ Set Q M =1, Q O =−1, and all others to 0. ○ Equation becomes: (1 ⋅ a ⋅ b)+(−1 ⋅ c)=0 ⟹ a ⋅ b=c. 2. Addition Gate (a+b=c): ○ Set Q L =1, Q R =1, Q O =−1, and Q M =Q C =0. ○ Equation becomes: (1 ⋅ a)+(1 ⋅ b)+(−1 ⋅ c)=0 ⟹ a+b=c. 3. Custom Gates: By assigning more complex values to the Q polynomials, PLONK can enforce higher-d...

    work page

  11. [11]

    A pseudonymous user label,

    work page

  12. [12]

    A random salt to prevent preimage attacks, and

    work page

  13. [13]

    Efficient Verifiable Delay Functions

    The exact balance held by that user. Each leaf is hashed, and pairs of leaves are combined into internal nodes. Every internal node stores two pieces of information: ● a cryptographic hash of its left and right children, and ● the sum of the balances in its subtree. As this process continues upward, the tree produces a single root hash along with a cumula...

    work page doi:10.1016/j.dajour.2023.100344 2023