Data Availability Certificates​

A central concept in SankoChain's AnyTrust implementation is the Data Availability Certificate (DACert). A DACert contains:

• the hash of a data block

• an expiration time

• proof that N-1 Committee members have signed the (hash, expiration time) pair, consisting of

  • the hash of the Keyset used in signing

  • a bitmap saying which Committee members signed

  • a BLS aggregated signature (over the BLS12-381 curve) proving that those parties signed.

Because of the 2-of-N trust assumption, a DACert constitutes proof that the block's data (i.e., the preimage of the hash in the DACert) will be available from at least one honest Committee member, at least until the expiration time.

In ordinary (non-AnyTrust) Nitro, the Arbitrum sequencer posts data blocks on Ethereum as calldata. The hashes of the data blocks are committed by Ethereum's Inbox contract, allowing the data to be reliably read by Nitro code.

SankoChain gives the sequencer two ways to post a data block to the settlement layer: it can post the full data as above, or it can post a DACert proving the availability of the data. Arbitrum will reject any DACert that uses an invalid Keyset; the other aspects of DACert validity are checked by L3 code.

The L3 code that reads data from the inbox reads a full-data block as in ordinary Nitro. If it sees a DACert instead, it checks the validity of the DACert, with reference to the Keyset specified by the DACert (which is known to be valid because the base chain Inbox verified that). The L3 code verifies that

• the number of signers is at least the number required by the Keyset, and

• the aggregated signature is valid for the claimed signers, and

• the expiration time is at least two weeks after the current L3 timestamp.

If the DACert is invalid, SankoChain discards the DACert and moves on to the next data block. If the DACert is valid, SankoChain reads the data block, which is guaranteed to be available because the DACert is valid.