On May 5th, in response to the naming tag #BattleTested for the L2 network Stage 2 proposed by community member Daniel Wang, Ethereum co-founder Vitalik responded on X platform, saying: "This is a good reminder: Stage 2 is not the only factor affecting security, and the quality of the underlying proof system is equally important. Here is a simplified mathematical model showing when to enter Stage 2:
Each security council member has a 10% independent chance of 'breaking'; we consider activity failure (refusing to sign or key inaccessibility) and security failure (signing something wrong or key being hacked) as equally likely; the goal: minimize the possibility of protocol collapse under the above assumptions.
*Stage 0 security council is 4/7, Stage 1 is 6/8; note that these assumptions are very imperfect. In reality, council members may have 'common mode failures': they might collude, or all be coerced or hacked in the same way, etc. This makes Stage 0 and Stage 1 less secure than shown in the model, so entering Stage 2 earlier than the model suggests is the best choice.
Moreover, note that by turning the proof system itself into a multi-signature of multiple independent systems, the probability of proof system collapse can be greatly reduced (which is what I advocated in my previous proposal). I suspect all Stage 2 deployments in the past few years will be like this. Considering these factors, here is the chart. The X-axis is the probability of proof system collapse. The Y-axis is the probability of protocol collapse. As the quality of the proof system improves, the optimal stage shifts from Stage 0 to Stage 1, and then from Stage 1 to Stage 2. Using a Stage 0 quality proof system for Stage 2 is the worst.
In short, @l2beat should ideally show proof system audit and maturity indicators (preferably for proof system implementation rather than the entire rollup, so we can reuse) as well as stages."
