Three Stages of L2 Network Security: From Proof Systems to Decentralization Governance

The security of Ethereum's L2 network has always been a focus of community attention. Recently, a "Battle Tested" standard was proposed to measure the maturity of L2 networks, sparking discussions on the classification of L2 security stages. Ethereum co-founder Vitalik Buterin conducted an in-depth analysis of this, explaining the three stages of L2 network security and their development logic.

The Three Stages of L2 Network Security

Vitalik divides the security of L2 networks into three stages, primarily based on the level of control the security committee has over the trustless components:

1. Phase 0: The Security Committee has complete control and can veto the results of the proof system by a simple majority vote.

2. Phase 1: The Security Committee requires over 75% approval to override the proof system, and a certain number of external members must participate.

3. Phase 2: The Security Committee can only take action in cases of demonstrable error, such as when two redundant proof systems contradict each other.

These three stages reflect the gradual process of moving from centralized control to Decentralization, with the "voting share" of the security committee gradually decreasing.

Mathematical Model Analysis for Optimal Phase Selection

Vitalik proposed a simplified mathematical model to quantify the security at different stages. The model is based on the following assumptions:

• Each security committee member has a 10% independent failure probability.
• The probability of active failures and safety failures is equal.
• Stage 0 and Stage 1 adopt majority decision-making mechanisms of 4/7 and 6/8, respectively.
• There is a single holistic proof system.

Through the calculation of the binomial distribution, the model derived the probabilities of L2 network failures at different stages. The results show that as the quality of the proof system improves, the optimal stage gradually transitions from 0 to 1 and then to 2.

Considerations in Practical Applications

Vitalik pointed out that the assumptions of the simplified model do not fully align with reality. In practice, members of the security committee may have "common mode failures," and the proof system may consist of multiple independent systems. These factors make Stage 1 and Stage 2 more attractive than the model predicts.

From a mathematical perspective, Phase 1 seems to be skippable. However, considering the decision-making efficiency in emergencies, individual members of the security committee could be granted temporary withdrawal delay permissions to balance security and flexibility.

At the same time, entering Stage 2 too early also carries risks, especially if the strengthening work of the underlying proof system is sacrificed. Vitalik suggests that data providers should demonstrate the audit and maturity metrics of the proof system, as well as the current stage they are in.

Overall, the security development of L2 networks is a gradual process that requires finding a balance between Decentralization, security, and efficiency. With continuous technological advancements and the accumulation of practical experience, L2 networks are expected to achieve higher levels of security and reliability.