Yona is the second layer (rollup) on Bitcoin driven by SVM.
Yona inherits the security of the Bitcoin cryptographic economy while achieving unprecedented programmability and execution scalability for Bitcoin and its assets.
To achieve this goal, Yona implements trustless two-way pegs between BTC on Bitcoin and BTC on Yona, allowing for unilateral exit. This native Yona peg is called the canonical peg.
The main design feature of Yona is its transition from traditional joint TSS-MPC bridging to canonical two-way pegs—a mechanism that relies entirely on cryptographic proofs and Bitcoin consensus. In other words, the canonical two-way peg does not rely on any external consensus.
Characteristics of L2 canonical pegs
Rollups must provide the ability for unilateral deposits and withdrawals.
Unilateral deposits and withdrawals are crucial for ensuring the availability and censorship resistance of Bitcoin and token assets.
While implementing deposits is straightforward (through SPV proofs), correct unilateral exits require direct proof of their validity on Bitcoin.
We propose a more practical approach that gradually builds on existing Ethereum cryptographic economic infrastructure, aiming to gradually incorporate as much Bitcoin security as possible to be accepted by the most ardent supporters of Bitcoin.
Canonical Peg of Bitcoin (BTC)
Our BTC native peg is supported by the combination of EigenLayer and BitVM for cryptographic economic security.
BitVM allows for off-chain execution verification of Bitcoin, enabling anyone to provide fraud and punish proofs. BitVM is the cryptographic security source of the Yona canonical peg.
EigenLayer provides access to Ethereum collateral capital base and decentralized validator set. EigenLayer is the economic security source of the Yona canonical peg.
Yona Peg Operators assist in the normal operation of the canonical peg (i.e., deposit/withdrawal of BTC). Any Peg Operator must fulfill two roles:
Counterparty for BitVM deposits/withdrawals (for normal operation)
AVS Operator (for unilateral exits)
It is important to note that Yona Peg Operators can never access Bitcoin deposits that are not protected by BitVM contracts and are worth several orders of magnitude lower than AVS collateral assets.
There are multiple peg operators, with at least one required to act honestly. However, even if all operators act dishonestly, they cannot steal any deposits and the worst-case scenario is that they will burn them.
When users deposit BTC into the sidechain, they establish a withdrawal BitVM contract with the Peg Operator. Once the contract is set up, users send UTXOs directly to the BitVM address. It is important to note that this UTXO does not belong to the prover at any time.
When users (potentially different ones) provide proof of a valid withdrawal from Yona, they again use the withdrawal contract (or establish a new contract with the operator if they did not deposit BTC into Yona). If there is denial of service or censorship, Peg Operators will be unable or unwilling to create BitVM contracts. This is where EigenLayer’s economic security comes into play. On one hand, operators cannot steal deposited Bitcoin, so denying withdrawal services has no benefit. However, this is clearly not enough. Therefore, we use EigenLayer slashing to introduce significant downsides to denying withdrawals.
If for some reason, peg operators refuse to create withdrawal contracts, users can submit Bitcoin transactions with the withdrawal request and prove the absence of a withdrawal contract in our EigenLayer contract. This will result in the operator being slashed.
Similarly, in the case of unilateral exits, the withdrawer can provide proof of a valid withdrawal from Yona. Peg Operators have a maximum of N blocks to provide proof that they have completed the withdrawal request. If no proof is provided, the operator will be slashed on EigenLayer, and users can directly withdraw from the BitVM contract.
Meta-Protocol Canonical Dual Peg, Trustless Unilateral Exit
Another significant innovation is that Yona can achieve a completely trustless, purely cryptographic canonical peg of Bitcoin meta-protocols, independent of economic security.
Meta-protocols (such as BRC-20) use Bitcoin to record data and independent validators to verify meta-protocol transactions off-chain. This allows for the construction of an efficient and trustless Rollup as a fast programmable layer of the meta-protocol.
The main difference between Rollup and sidechains is that Rollup allows for trustless unilateral exits: users can withdraw their BRC-20 from Rollup by executing Bitcoin transactions without the involvement of third parties (such as Rollup operators, validators, or bridges).
Next, we will focus on BRC-20 use cases.
The peg mechanism is as follows:
To enter the rollup, users need to “burn” BRC-20 on Bitcoin L1, prove the burn to the rollup smart contract (via Bitcoin ZK light client), and can mint the same plaintext on L2. The burn can be achieved by sending a “TRANSFER” transaction to an “OP_RETURN” script with no data, thus effectuating the burn on L1.
To exit the aggregation, users need to “burn” BRC-20 on L2, “mint” them on Bitcoin L1, and attach a ZK proof of a valid withdrawal.
The ZK proof of a valid withdrawal includes:
Commitment to the inputs of the L2 withdrawal transaction and the Merkle root of the rollup state tree
Correct execution of the zkVM on Rollup, resulting in a BRC20 balance greater than or equal to the withdrawal amount
Non-violation of the total supply invariant (i.e., total supply of BRC20 = BTC supply + L2 supply + pending amounts)
The Bitcoin network itself cannot verify zero-knowledge proofs, as Bitcoin scripts lack necessary opcodes. However, since the indexer can perform verification, it is not required. BRC-20 already relies on off-chain indexers to reconstruct BRC-20 balances, with the only need being to support verification of exit transactions on the indexer.
If L2 is unavailable, proof of no heartbeat on the DA layer for a certain period (e.g., 5 days) allows users to unilaterally withdraw by sending a Bitcoin transaction, i.e., the off-chain BRC20 indexer can handle withdrawals without L2 withdrawal transactions.
If L2 begins to censor withdrawals, users can initiate withdrawals by sending Bitcoin transactions with withdrawal requests. L2 peg operators have 24 hours to execute withdrawals and submit proof. If this does not occur, users can submit proof:
Request for unilateral withdrawal via Bitcoin transaction
Delayed unilateral withdrawal in L2
Valid and unsettled balance of BRC20 available for withdrawal
By verifying this proof, the off-chain BRC20 indexer can return ownership without checking L2 withdrawal transactions.
Therefore, Yona is the first L2 to provide a fully trustless Bitcoin meta-asset peg.
Join the waiting list now:
https://yona.network/?r=rainbow-shapeless-mackerel
Tags
Web3 Vision
ZK Rollup
Bitcoin