Owner: @Álvaro Castro-Castilla

• Target: The network scales to +10k nodes. Each validator will receive an EC chunk. We would need >5k nodes to serve the data chunks. What are the limitations?
• The architecture of Nomos can be seen as similar to that of Ethereum, with some notable differences that affect the DA design:
  • Our Base Layer doesn't have execution. Only the (global) Coordination Layer has a minimal set of operations.
  • Our rollups are quasi-sovereign, meaning that they do not prove their state to the Base Layer, but they have to prove asset deposit/withdrawals, as well as implement the mechanism to pay for using the Base Layer DA+consensus. Note that full sovereignty means no bridging and implementing a client of the DA for the payments.
  • We also have a form of PBS, but enshrined in the L2s. The Base Layer only performs consensus on data that has been dispersed by the Builder. The Proposer is a node in the Base Layer, and the Builder is a node of the Execution Zone.
• We assume that past certain time (2-4 weeks) won't be maintained by the incentivized network (ie validators). From this time onwards, it will be found in:
  • Archival nodes (altruistic)
  • Decentralized storage (altruistic)
  • EZ storage nodes (altruistic or incentivized)
  • Incentivized durable storage like Codex (incentivized)
• We can assume the existence of VID client that is a powerful machine. This machine can take charge of:
  • Reed-Solomon Encoding
  • Kate commitments
  • Dispersion
  • Aggregation of verification signatures from validators? (if VID)
• VID vs ID+DAS
  • Can we verify the information dispersal directly through signatures, or do we need to perform sampling instead.
  • Which one is actually faster in reality? (this is in the consensus hot path!)
• Namespacing. It should be possible to download only parts of a block, based on this namespacing. While data in a block is dispersed uniformly, recovery can be done of a specific segment under the namespace. Use cases:
  • Different apps in an EZ
  • Separation of verifiable state + unverified state data. Light clients might want to download only the first one.
• Networking
  • Since we might use a mixnet for providing PoS Privacy, do we need to use it for DAS as well?
  • Current intuition is MAYBE YES. Rationale:
    • Any node can directly extrapolate the stake of a node when dispersing chunks. But if this process decouples Node ID from network ID, this is not leaked.
    • Same goes for data retrieval, but here we have an advantage: data is further disseminated to a DHT, which gives two properties (more resiliency-durability of the data and better privacy). This means that clients can reach now several nodes (including non-validator nodes) for the same chunk. Can this be used to our advantage?
  • Any design of a p2p solution for the DA needs to account for the fact that we are doing it to reduce bandwidth usage per node in first place, so naively gossipping all data to all nodes won't work.

Why do we need a custom design?

Mathematical analysis