Citrea
WebsiteBlogJoin The Community
  • 👋Welcome
    • Getting started
  • ⛓️Technical Specs
    • TL;DR
    • Technical Introduction
    • Characteristics
      • Execution Environment
      • Block Production
        • Pre-Confirmations
        • Decentralized Sequencer Network
      • Proof Generation
      • Nodes
      • Bitcoin Settlement: Trust-minimized BTC Bridge
        • BitVM
        • Optimistic Verification
    • Security Properties
      • Validity
      • Data Availability
      • Re-org Resistance
      • Censorship Resistance and Force Transactions
        • Escape Hatch
  • 👤User Guide
    • Run Citrea Full Node
      • Bitcoin Testnet4
        • Testnet4 Docker Setup
        • Build Testnet4 from Source
      • Citrea Full Node
        • Citrea Binary Executable
        • Build Citrea from Source
    • Use Citrea Testnet Faucet
    • Installing an EVM Wallet
    • Taproot Recovery Address
  • 📖Developer Documentation
    • Kickstart
    • Deployment Guide
      • Deploy a Smart Contract Using Remix
      • Deploy a Token
      • Configure Hardhat
    • System Contracts
      • Bitcoin Light Client
      • Bridge
      • Fee Vaults
    • Chain Information
    • RPC Documentation
    • Deploy a Bitcoin Appchain (L3)
  • 🔎Future Research
    • Decentralized Sequencer Network
    • Lightning Integration
    • Multi Prover
    • Multi VM Approach
    • Trustless Atomic Swaps
    • Trustless Settlement
    • Volition Model
  • 🌐Community
    • Citrea Meetups
      • Meetup Guide
      • Resources
      • Code of Conduct
Powered by GitBook
On this page

Was this helpful?

  1. Technical Specs
  2. Security Properties

Validity

Citrea provides validity with a trustless and scalable computation method: ZK-STARKs. Citrea proofs are succinct and complete, meaning a single proof proves the full rollup since genesis to date.

Citrea proofs are easily verifiable on any device. A Bitcoin light node (SPV) is enough to retrieve and verify the rollup. Verification inside a single Bitcoin script is not possible because of the size and opcode limitations of Bitcoin script; however, it is possible to optimistically verify the proof in Bitcoin script through BitVM.

BitVM is a computing paradigm to express Turing-complete Bitcoin contracts. Using BitVM, Citrea proof verification is optimistically done on Bitcoin with fraud proofs. Any verifier (or guard) from the committee can punish the prover (or proposer) if it submits an invalid Citrea proof.

Thanks to full ZK verification in Bitcoin with BitVM, not only are the withdrawals verified, but the full Citrea blockchain is verified in Bitcoin too. This is the first time an L2 is trustlessly verified in Bitcoin, fundamentally different from previous sidechain efforts like drivechains.

PreviousSecurity PropertiesNextData Availability

Last updated 7 months ago

Was this helpful?

⛓️