Taiko

Taiko uses a multi-tier proof system to validate state transitions. There are five tiers: The SGX tier, two ZK tiers with RISC0 and SP1 verifiers, the 1/8 Guardian tier and the 6/8 Guardian tier (from lowest to highest). Since the Guardian tiers are the highest, validity proofs can generally be overwritten by a single Guardian. Consequently, there is no way to force the RISC0 or SP1 tiers.

When proposing a batch (containing one or multiple L2 blocks), the proposer is assigned the designated prover role for that batch and is required to deposit a liveness bond (125.0 TAIKO) as a commitment to prove the batch, which will be returned once the batch is proven. The default (lowest) SGX tier has a proving window of 5h, during which only the designated prover can submit the proof for the batch. Once elapsed, proving is open to everyone able to submit SGX proofs and a validity bond. The two ZK tiers have a proving window of 7h.

After the proof is submitted and during its 4h cooldown window, anyone can contest the batch by submitting a contest bond. Provers have to submit a validity bond as a commitment to win a potential contest. A validity bond is TAIKO 150.0 for SGX vs 225.0 for ZK tiers, while a contest bond is TAIKO 984.375 for SGX vs. 1476.5625 for the two ZK tiers. For the Minority guardian tier, validity and contest bonds are set to 225.0 TAIKO and 1476.5625 TAIKO, respectively.

It is not required to provide a proof for the batch to submit a contestation. When someone contests, a higher level tier has to step in to prove the contested batch. Decision of the highest tier (currently the 6/8 Guardian) is considered final. If no one challenges the original SGX proof, it finalizes after 4h (the cooldown window).

All the data that is used to construct the system state is published on chain in the form of blobs. This ensures that it will be available for enough time.

The system uses a based (or L1-sequenced) sequencing mechanism. Anyone can sequence Taiko L2 blocks by proposing them directly on the TaikoL1 contract. The proposer of a block is assigned the designated prover role, and will be the only entity allowed to provide a proof for the block during the initial proving window. Currently, proving a block requires the block proposer to run an SGX instance. Proposing a block also requires depositing a liveness bond as a commitment to proving the block. Unless the block proposer proves the block within the proving window, it will forfeit its liveness bond to the TaikoL1 smart contract.

The system is designed to allow users to propose L2 blocks directly on L1. Note that this would require the user to run an SGX instance to prove the block, or forfeit the liveness bond of 125.0 TAIKO. The TaikoAdmin multisig can pause block proposals without delay.

The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is finalized the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.