Assuming the details in the post and docs accurately describe what the final product will look like, the main difference is that Citrea is verified optimistically using a BitVM program rather than an onchain smart contract, and as such is limited to at-best a 1-of-n security model (where n is a permissioned group of arbitrary size) rather than a single honest party security model (as in optimistic rollups, where the single honest party could be anyone, and it is assumed that they can get a fault proof transaction confirmed during a challenge period) or a trustless security model (as in validity rollups, where all rollup txs are cryptographically verified). That said, the developers of almost all rollups on other chains have chosen to ultimately rely on some kind of multisig for security, because their smart contracts can be upgraded to any arbitrary new code using a multisig (often a "committee" of trusted community members, often with no time delay). So assuming this rollup does not choose to insert some trusted multisig into the governance model, that could also be a difference.
Other than those differences the rollup works the same as other zkEVM rollups: it is EVM compatible, it posts its state data to a parent chain (in this case bitcoin), and it inherits the full double-spend resistance and data availability guarantees of bitcoin.
as such is limited to at-best a 1-of-n security model (where n is a permissioned group of arbitrary size)
Worth noting: bitvm can also work in a security model where each sidechain user has a direct contract with a bridge operator and thus does not need to trust him or her. In this case the 1-of-N is a 1-of-2 and the user is among the 2, consequently the user only needs to trust themselves (and bitcoin's standard trust assumptions, e.g. they must assume miners are not censoring them).
reply
0 sats \ 0 replies \ @kr 7 Feb
thanks, appreciate the thorough explanation!
reply