Yona is the second layer (rollup) on Bitcoin, powered by SVM.
Yona inherits the cryptographic security of the Bitcoin economy while enabling rich programmability and unprecedented execution scalability for Bitcoin and its assets.
To achieve this goal, Yona implements a trustless bi-directional peg between BTC on Bitcoin and BTC on Yona, allowing for one-sided withdrawals. We refer to this native peg as the “speculative peg.”
The main design feature of Yona is its shift from traditional federated TSS-MPC bridging to a speculative bi-directional peg – a mechanism that relies entirely on cryptographic proofs and Bitcoin consensus. In other words, the bi-directional speculative peg does not depend on any external consensus.
Features of L2 speculative peg:
– Rollup must provide the ability for one-sided deposits and withdrawals.
– One-sided deposits and withdrawals are crucial for ensuring the availability and censorship resistance of Bitcoin and tokenized assets.
– While implementing deposits is straightforward (via SPV proofs), correctly implementing one-sided withdrawals requires proving their validity directly on Bitcoin.
We propose a more practical approach that gradually builds on top of Ethereum’s existing cryptographic economic infrastructure, aiming to incorporate as much Bitcoin security as possible to be accepted by the most ardent Bitcoin supporters.
Bitcoin (BTC) speculative peg:
Our BTC native peg is supported by the combination of EigenLayer and BitVM for cryptographic economic security.
BitVM allows for off-chain execution verification of Bitcoin, where anyone can provide fraud proofs and punish the prover. BitVM serves as the cryptographic security source for Yona’s speculative peg.
EigenLayer provides access to Ethereum’s staked capital base and decentralized validator set. EigenLayer serves as the economic security source for Yona’s speculative peg.
Yona Peg operators are entities that facilitate the normal mode of operation of the speculative peg (i.e., depositing/withdrawing BTC). Any Peg operator needs to fulfill two roles:
– BitVM deposit/withdrawal contract counterparty (for normal mode operations)
– AVS operator (for one-sided withdrawals)
It is important to emphasize that Yona Peg Operators can never access Bitcoin deposits that are not protected by BitVM contracts and have a value several orders of magnitude lower than AVS-pledged assets.
There are multiple peg operators, among which at least one must act honestly, but even in the case of all operators being dishonest, they cannot steal any deposits, at worst burning them.
When users deposit BTC into the sidechain, they establish a withdrawal BitVM contract with the Peg Operator. Once the contract is established, users send UTXOs directly to the BitVM address. It is important to note that at no point does this UTXO belong to the prover.
When users (potentially different users) provide proofs for valid withdrawals from Yona, they again use the withdrawal contract (establishing a new one with the operator if they haven’t deposited BTC into Yona).
In the event of denial-of-service or censorship, Peg Operators will be unable or unwilling to create withdrawal contracts. This is where EigenLayer’s economic security comes into play. On one hand, operators cannot steal deposited Bitcoin, so there is no benefit to refusing withdrawal services. But that is not enough, obviously. Therefore, we introduce significant penalties for refusing withdrawals using EigenLayer slashing.
If, for some reason, the peg operator refuses to create a withdrawal contract, the user can submit a Bitcoin transaction with the request and prove the absence of a withdrawal contract with our EigenLayer contract. This results in slashing the operator’s earnings.
Similarly, in the case of one-sided withdrawals, the withdrawer can provide proof of a valid withdrawal from Yona. The Peg Operator has at most N blocks to provide proof of completing the withdrawal request. If no proof is provided, the operator gets slashed on EigenLayer, and the user can directly withdraw from the BitVM contract.
Meta-protocol speculative double peg with trustless one-sided withdrawals
Another significant innovation is Yona’s ability to achieve a fully trustless, purely cryptographic speculative peg of Bitcoin meta-protocols without relying on economic security.
Meta-protocols (e.g., BRC-20) use Bitcoin to record data and use off-chain indexers to independently validate meta-protocol transactions. This allows for building an efficient and trustless rollup as a fast programmable layer for meta-protocols.
The main difference between rollup and sidechains is that rollup allows for trustless one-sided withdrawals: users can extract their BRC-20 from the rollup by executing Bitcoin transactions without involving any third parties (such as rollup operators, validators, or bridges).
Next, we will focus on BRC-20 use cases.
The peg mechanism is as follows:
– To enter the rollup, users need to “destroy” BRC-20 on Bitcoin L1, prove the destruction to the rollup smart contract (via Bitcoin ZK light client), and be able to mint the same tokens on L2. Destruction can be achieved by sending a “TRANSFER” transaction to an “OP_RETURN” script that does not contain any data, effectively destroying it on L1.
– To exit the rollup, users need to “burn” BRC-20 on L2 and “mint” them on Bitcoin L1, attaching a ZK proof of a valid withdrawal.
The ZK proof for a valid withdrawal includes:
– A commitment to the L2 withdrawal transaction inputs and the Merkle root of the rollup state tree.
– Proof that the zkVM of the Rollup executed the computation correctly and resulted in a BRC-20 balance greater than or equal to the withdrawal amount.
– No violation of the total supply invariance (i.e., the total supply of BRC-20 = BTC supply + L2 supply + pending withdrawal amount).
The Bitcoin network itself cannot verify zero-knowledge proofs as Bitcoin scripts lack the necessary opcodes. However, since indexers can perform the verification, it is not required. BRC-20 already relies on off-chain indexers to reconstruct the BRC-20 balance, and the only thing needed is support for verifying withdrawal transaction proofs on the indexer.
If L2 is unavailable, proof of no heartbeat on the DA layer for a certain period of time (e.g., 5 days) allows users to initiate one-sided withdrawals by sending Bitcoin transactions, where off-chain BRC20 indexers can process the withdrawal without requiring an L2 withdrawal transaction.
If L2 starts censoring withdrawals, users can initiate withdrawals by sending Bitcoin transactions with withdrawal requests. L2 peg operators have 24 hours to execute the withdrawal and submit the proof. If this does not happen, users can submit the following proof:
– Initiating a one-sided withdrawal via a Bitcoin transaction
– L2 failure to process the one-sided withdrawal in a timely manner
– Having valid unsettled BRC20 balances available for withdrawal
By verifying this proof, the off-chain BRC20 indexers can return ownership without checking L2 withdrawal transactions.
Therefore, Yona is the first L2 to offer a fully trustless peg for Bitcoin meta-assets.