Dogecoin’s Commitments and Verification

Here, it is essential to emphasize the meaning and function of commitments. In the technical framework of WowChain, commitments are a critical element. For instance, suppose someone questions an off-chain transaction or state transition and requests to verify the disputed transaction or state result directly on the Dogecoin blockchain. This requires the relevant parties to temporarily upload part of the data to the Dogecoin blockchain, where Dogecoin nodes act as “judges” to resolve the dispute. However, in WowChain, the proposer immediately submits the result of the ZK circuit execution to the Dogecoin chain, which is further verified by validators. But the question arises: how do we ensure that the temporarily uploaded data is relevant to the WowChain validators and not just random junk or unrelated data? To solve this, we need a mechanism that enables Dogecoin nodes to independently determine whether the data submitted to the chain is related to the dispute. This relies on specific properties of commitments.

The Role of Commitments

Proposers can periodically publish commitments on the Dogecoin blockchain, which are associated with a series of off-chain state transitions or transactions. In other words, a commitment maps to a large set of off-chain data. Despite this, the commitment itself is concise; even if associated with thousands of transactions or state transitions, its size can be minimal. It can be roughly understood as the hash of a large batch of off-chain data (though the actual process is more complex).

In blockchain-related scenarios, it is common to hash raw data and publish the hash value as a commitment on a designated platform. For example, in some Ethereum Layer 2 projects, after processing a batch of transactions off-chain, the sequencer might not directly send transaction data to the Dogecoin blockchain but instead publish the hash of the new data (datahash) as a commitment. The original data corresponding to the datahash is then released off-chain.

If someone cannot obtain the original dataset corresponding to the datahash off-chain, they can demand that the sequencer publicly disclose the data on the Dogecoin blockchain. In this case, the datahash published earlier as a commitment plays its role: once the sequencer discloses the data on-chain, smart contracts or third-party observers can immediately verify whether the data matches the datahash. This example illustrates how commitments take effect. Light nodes or cross-chain bridge projects often use Merkle proofs and Merkle roots, which are another form of commitments with broader applications.

In WowChain and mainstream Ethereum Layer 2 designs, proposers periodically aggregate a large batch of off-chain processed transactions and state changes, generate commitments, and then publish these commitments on the Dogecoin blockchain. This is equivalent to publishing a summarized and compressed value of a large batch of off-chain data on the Dogecoin blockchain, significantly reducing the amount of data uploaded to the chain.

Generally, after a commitment is submitted, it needs to be verified. For Ethereum Layer 2 solutions, the Ethereum blockchain can run complex smart contracts to verify ZK proofs associated with the commitment and determine its validity. If valid, the smart contract updates the recorded Layer 2 state root. If the ZK proof fails verification, the commitment is rejected, and the state root is not updated.

However, the Dogecoin blockchain lacks Turing-complete smart contract systems, making certain scenarios unfeasible. For example, the Dogecoin blockchain cannot directly verify the validity of zero-knowledge proofs. Implementing such capabilities would require forking the Dogecoin mainnet to support new opcodes. In the current setup, for a Layer 2 solution to inherit Layer 1 security or ensure the validity of Layer 2 state updates, a challenge-based mechanism on the blockchain is needed.

As mentioned earlier, the proposer periodically publishes state-change commitments to the Dogecoin blockchain. Generally, we optimistically assume that the proposer’s commitments are correct and that the related off-chain data is accurate. However, we allow anyone to challenge the validity of these commitments and their related data. This process of initiating a challenge and providing on-chain evidence to prove issues with a commitment is called a challenge.

In the WowChain model, when a user challenges a commitment, they question the outcome of the off-chain state transition. The proposer can retrieve the full dataset associated with the commitment from the off-chain storage layer and send the data specified by the challenger to the blockchain.

Both parties can use multiple rounds of interaction to pinpoint the problematic data. Once identified, the proposer uploads this small piece of data to the Dogecoin blockchain, minimizing the amount of data revealed.

Once the specific problematic data is identified, the next step is to use Dogecoin scripts to verify it on-chain. If the data proves invalid, the proposer who published the commitment is penalized for fraudulent behavior.

If the commitment is not challenged, it will be finalized. Once finalized, the associated off-chain data also becomes irreversible. In this way, WowChain ensures ledger data is as immutable as the Dogecoin mainnet.

Unlike BitVM, WowChain simplifies the process of “multiple rounds of interaction to identify problematic data” into a single interaction. In BitVM and Arbitrum, this process may take hours.

The process where users challenge the correctness of a commitment is known as the challenge-response protocol. If a commitment is successfully challenged, it is revoked on the Dogecoin blockchain. The WowChain off-chain proposer node submits a new state commitment. Since state commitment submission is decided unilaterally by the proposer, unrelated to the sequencer’s on- and off-chain transaction publications, even if a state commitment is challenged and revoked, the transaction order established off-chain by WowChain remains unchanged. As long as the transaction order observed by each node is consistent, their local records of the current state remain intact.

This is akin to the sequencer notifying everyone in advance of the next transaction to calculate “1+1=?” Each rollup node receiving this transaction calculates the correct result = 2. If a proposer on the Dogecoin chain declares a hash corresponding to “1+1” but the hash actually corresponds to the number 3, nodes will initiate a challenge.

The commitment published on the Dogecoin chain does not affect rollup nodes’ judgment. It only serves as a public record of the current state hash (commitment) on Dogecoin. Once finalized, all past history associated with the commitment becomes immutable.

New nodes joining the Layer 2 network only need to review the historical data on the Dogecoin chain, parse the Layer 2 history’s transaction data and state hashes, and sync with other rollup nodes to determine the latest Layer 2 state. This eliminates the need to rely on other rollup nodes for historical data, effectively treating Dogecoin as a massive bulletin board.