Yona is a second-layer (rollup) on Bitcoin powered by SVM. While inheriting the security of the Bitcoin cryptographic economy, Yona enables rich programmability and unprecedented execution scalability for Bitcoin and its assets. To achieve this goal, Yona implements a trustless bidirectional peg between BTC on Bitcoin and BTC on Yona, allowing for unilateral withdrawals. We refer to this native peg as the specification peg.
The main design feature of Yona is its transition from traditional federated TSS-MPC bridging to a specification-based bidirectional peg, which relies entirely on cryptographic proofs and Bitcoin consensus. In other words, the bidirectional specification peg does not depend on any external consensus.
Features of L2 Specification Peg
Rollup must provide the capability for unilateral deposits and withdrawals.
Unilateral deposits and withdrawals are crucial for ensuring the availability and censorship resistance of Bitcoin and token assets.
While the implementation of deposits is straightforward through SPV proofs, correct unilateral withdrawals require direct proof of validity on Bitcoin.
We propose a more practical approach that gradually builds upon the existing Ethereum cryptographic economic infrastructure and aims to incorporate as much Bitcoin security as possible, in order to be accepted by the most dedicated Bitcoin supporters.
Specification Peg for Bitcoin (BTC)
Our native peg for BTC is supported by the combination of EigenLayer and BitVM for cryptographic economic security.
BitVM allows for the verification of off-chain execution of Bitcoin, enabling anyone to provide fraud proofs and punish the provers. BitVM serves as the cryptographic security source for Yona’s specification peg.
EigenLayer provides access to the Ethereum staked capital base and decentralized validator set. EigenLayer serves as the economic security source for Yona’s specification peg.
Yona Peg Operators are entities that facilitate the normal mode operation (i.e., deposit/withdrawal of BTC) of the specification peg. Any Peg Operator needs to fulfill two roles:
Counterparty for BitVM deposit/withdrawal contracts (used for normal mode operation)
AVS operator (used for unilateral withdrawals)
It should be emphasized that Yona Peg Operators can never access deposited Bitcoins that are not protected by BitVM contracts and have a value several orders of magnitude lower than the AVS staked assets. The peg operators are multiple, and at least one must act honestly, but even in the case of all operators being dishonest, they cannot steal any deposits, and the worst-case scenario would only result in burning them.
When users deposit BTC into the sidechain, they establish a withdrawal BitVM contract with the Peg Operator. Once the contract is set up, users directly send UTXOs to the BitVM address. It is important to note that at no point does this UTXO belong to the provers.
When users (possibly different users) provide proof of a valid withdrawal from Yona, they again use the withdrawal contract (or establish a new one with the operator if they haven’t deposited BTC into Yona).
In case of denial of service or censorship, the Peg Operator would be unable or unwilling to create the BitVM contract. This is where the economic security of EigenLayer comes into play. On one hand, the operator cannot steal deposited Bitcoins, so there is no benefit to denying withdrawal services. But this is not sufficient. Therefore, we introduce significant penalties for denying withdrawals through EigenLayer slashing.
If, for any reason, a peg operator refuses to create a withdrawal contract, users can submit a Bitcoin transaction with the request and prove the absence of a withdrawal contract in our EigenLayer contract. This will result in slashing the operator’s income.
Similarly, in the case of unilateral withdrawals, the withdrawer can provide proof of a valid withdrawal from Yona. Peg operators have N blocks at most to provide proof of their completed withdrawal requests. If they fail to provide proof, the operator will be slashed on EigenLayer, and the user can directly withdraw from the BitVM contract.
Specification Bidirectional Peg for Token Assets, Trustless Unilateral Withdrawals
Another significant innovation is that Yona is able to achieve a fully trustless and purely cryptographic specification peg for Bitcoin-token protocols, without relying on economic security.
Token protocols (such as BRC-20) use Bitcoin to record data and rely on off-chain indexers to independently verify token protocol transactions. This allows for the construction of an efficient and trustless Rollup as a fast programmable layer for token protocols.
The main difference between Rollup and sidechains is that Rollup allows for trustless unilateral withdrawals: users can extract their BRC-20 from Rollup by executing Bitcoin transactions without involving any third parties (such as Rollup operators, validators, or bridges).
Next, we will focus on the use cases of BRC-20.
The peg mechanism is as follows:
To enter the Rollup, users need to “burn” BRC-20 on Bitcoin L1, provide proof of burn to the Rollup smart contract (through Bitcoin ZK light client), and mint the same tokens on L2. The burn can be achieved by sending a “TRANSFER” transaction to an “OP_RETURN” script without any data, effectively implementing the burn on L1.
To exit the Rollup, users need to “burn” BRC-20 on L2 and “mint” them on Bitcoin L1, attaching a ZK proof of a valid withdrawal.
The ZK proof for a valid withdrawal includes:
Commitment to the inputs of the L2 withdrawal transaction and the Merkle root of the Rollup state tree
Correct execution of zkVM on Rollup, resulting in a BRC20 balance greater than or equal to the withdrawal amount
No violation of the total supply invariance (i.e., total supply of BRC20 = BTC supply + L2 supply + pending withdrawal amount)
The Bitcoin network itself cannot verify zero-knowledge proofs, as Bitcoin scripts lack the necessary opcodes. However, this is not necessary since the indexer can perform the verification. BRC-20 already relies on off-chain indexers to reconstruct the BRC-20 balances, and the only thing needed is support for verifying withdrawal transaction proofs on the indexer.
If L2 is unavailable, proof of no heartbeat on the DA layer for a certain period of time (e.g., 5 days) allows users to unilaterally withdraw by sending a Bitcoin transaction, eliminating the need for an L2 withdrawal transaction to be processed by the off-chain BRC20 indexer.
If L2 starts censoring withdrawals, users can initiate withdrawals by sending Bitcoin transactions with withdrawal requests. L2 peg operators have 24 hours to execute the withdrawal and submit proof. If this fails to happen, users can submit proof of:
Unilateral withdrawal request through a Bitcoin transaction
Failure to process unilateral withdrawal in a timely manner on L2
Availability of valid unsettled BRC20 balance for withdrawal
By verifying this proof, the off-chain BRC20 indexer can return ownership without checking the L2 withdrawal transactions.
Therefore, Yona is the first L2 to offer a fully trustless peg for Bitcoin-token assets.