- prefer transparent cryptography with no trusted setup or social committees.
- separate compute/consensus from data availability; keep a clean, swappable boundary.
- tier data by criticality and expected half-life to optimize cost versus permanence.
- make light verification the default path; anyone should verify on a phone.
- design for graceful degradation and reversible choices via governance.
threat model (high-level)
- da withholding by block producers or operators.
- long-range or governance capture of a single da provider.
- corruption of trusted-setup ceremonies (where used) or committee collusion.
- network partition and economic attacks that raise posting costs beyond thresholds.
trust stack summary
- no-ceremony cryptography: hash trees + erasure coding (celestia), fri/stark-style sampling (frida research).
- escape hatch: ethereum calldata for minimal checkpoints (fully trustless, expensive).
- avoid committee trust for mission-critical data; allow as optional low-cost tier if ever needed.
layered da stack
- tier 0 — critical roots: post checkpoint roots to ethereum calldata once per epoch; immutable forever; low bandwidth (≈32–64 kb/epoch); used for ultimate recovery and dispute resolution.
- tier 1 — active graph: post “focus blobs” (≈10k links + proofs) to celestia; retain for ≥30 days; mirror to ipfs/filecoin; verified by celestia light sampling on phones.
- tier 2 — historical tails: erasure-coded archival to filecoin/arweave/ipfs pinning; refreshed by archivers; used for deep replay and research analytics.
target sLOs and kpis
- blob post success rate ≥ 99.95% over rolling 7 days.
- median light-client acceptance latency ≤ 2 seconds per blob.
- cost per mb (tier 1) below budget b (governance parameter) with automated reroute if exceeded.
- checkpoint cadence hit rate 100% with zero missed epochs.
posting unit: focus blob
- content: batch of cyberlinks + minimal per-link metadata + optional sampling metadata.
- size target: 1–4 mb per blob (tunable); bounded by da provider limits.
- retention: min 30 days on tier 1; long-term via tier 2.
light-client verification path
- today: celestia das with √n random share sampling until acceptance threshold reached.
- feature flag: embed fri/frida-style proofs in blob metadata to enable poly-log sampling when available.
- phones-first: default clients verify availability before accepting any on-chain reference.
checkpoints and replay
- every n blocks form a state commitment (e.g., merkle/patricia root + rolling hash of blob ids).
- write the commitment to ethereum calldata; store a small proof-of-inclusion reference on our chain.
- replay requires: retrieve blobs from celestia/ipfs → apply to state → compare to last checkpoint root.
failure and degradation modes
- if celestia posting cost > max_blob_fee, pause tier-1 posting and increase checkpoint frequency; queue blobs for later or route to backup da if approved by governance.
- if retrieval fails from celestia, fetch via ipfs/filecoin mirrors; if still unavailable, mark range as contested and trigger dispute protocol using checkpoints.
- if governance capture suspected, switch da target via on-chain parameter without hard fork.
on-chain parameters (governance knobs)
- min_sampling_confidence: default 0.999 (probability data is available given samples).
- max_blob_fee: absolute or dynamic cap (e.g., usd/mb); triggers reroute or defer.
- checkpoint_interval: blocks per ethereum checkpoint; trade cost vs recovery speed.
- redundancy_factor: number of independent pinning providers for each blob.
- retention_days_tier1: minimum retention requirement before archiving.
kzg/committee exposure policy
- mission-critical data (tier 0/1) must avoid trusted setup and committee trust.
- optional experimental tier may use kzg-based or dac-backed da for non-critical, short-lived analytics; disabled by default.
interfaces and data structures
- blob descriptor (on-chain):
- hash: blake3/sha256 of blob payload.
- da_target: enum { celestia, future_frida, reserved }.
- size_bytes: uint64.
- retention_class: enum { hot, warm, cold }.
- mirrors: list for ipfs/filecoin.
- posting api (off-chain service → da adaptor):
- post_blob(payload, policy) → da_receipt { target, height/slot, commitment, inclusion_proof }.
- verify_availability(da_receipt, confidence) → bool.
- publish_descriptor(da_receipt, mirrors) → tx_hash (our chain).
- routing policy (pseudo):
fn route(policy, market):
if policy.trust_minimized_only and market.target != celestia:
target = celestia
if market.celestia_fee_per_mb > policy.max_blob_fee:
target = pause_and_queue
return target
operational runbook (excerpt)
- assemble batch every block or at size threshold.
- run erasure-coding locally for redundancy hints; compute hash.
- call post_blob to celestia; receive da receipt.
- perform light-client sampling to target confidence; on success, publish descriptor on our chain.
- push payload to ipfs/filecoin with redundancy_factor mirrors; store multihashes in descriptor.
- emit metrics: cost per mb, acceptance latency, failure reasons.
implementation timeline
- q3 2025: celestia blob poster + ipfs fallback; light sampling in mobile client; basic dashboards.
- q4 2025: ethereum calldata checkpoint writer; incident automation; cost benchmarks public.
- q1 2026: embed fri/frida-style sampling metadata; feature-flag rollout; adversarial testing.
- h2 2026: evaluate production frida-based da; migration playbook; staged cutover if justified.
comparison snapshot (july 2025)
| solution | type | trusted setup | committee trust | throughput (now/roadmap) | retention | light sampling | maturity | |---|---|---|---|---|---|---|---| | celestia | modular da l1 | none | none | high → roadmap to ~1 gb blocks | persistent | yes (das) | mainnet | | ethereum eip-4844 blobs | l1 blobspace | kzg ceremony | none | moderate; cheap for l2s | ~18 days then pruned | commitment only | mainnet (mar 2024) | | eigenda | restaked da | kzg ceremony | none | high (operator-limited) | operator-configurable | roadmap | mainnet | | avail | modular da | kzg ceremony | none | high; “infinity blocks” roadmap | persistent | yes | mainnet | | arbitrum anytrust dac | committee da | none | ≥1 honest member | variable | committee policy | no (assumption-based) | mainnet | | starknet volition/validium | hybrid | none (stark proofs) | optional dac | variable | mode-dependent | n/a | rolling out | | frida (research) | sampling algo | none | none | theoretical poly-log overhead | n/a | yes (core) | academic |
risk register (initial)
- celestia throughput or fee volatility makes tier-1 uneconomical → mitigation: max_blob_fee guard, dynamic batch sizing, temporary checkpoint frequency increase.
- ipfs/filecoin mirror unreliability → mitigation: redundancy_factor ≥ 3, periodic verify-and-repin jobs.
- ethereum calldata spikes in gas price → mitigation: elastic checkpoint_interval with floor; pre-funded gas vault and hedging.
- future frida networks slip or underperform → mitigation: keep feature-flagged and optional; do not block tier-1 operations.
monitoring and alerts
- blob_post_cost_usd_mb (p95) crossing threshold.
- light_accept_latency_ms (p95) crossing threshold.
- missing_checkpoints count > 0 within window.
- mirror_retrieve_errors > x per day.
open questions
- optimal batch sizing under varying network conditions without hurting light verification latency.
- standardized receipt format across da providers to simplify bridges and wallets.
- best-in-class erasure coding parameters for our data shape and retrieval patterns.
next actions
- implement the da adaptor skeleton and wire to celestia light clients.
- ship the calldata checkpoint writer and recovery/replay tool.
- draft the governance parameters and defaults; socialize with stakeholders.
- define the archiver incentives and service-level requirements for mirrors.
glossary (brief)
- da: data availability — the guarantee that posted data can be retrieved by anyone.
- light client: a verifier that checks availability/proofs without downloading full data.
- kzg: polynomial commitment scheme needing a multi-party trusted setup ceremony.
- fri/stark: transparent proof systems with no trusted setup; used by frida/starknet.
- dac: data availability committee; a social trust model requiring one or more honest members.