Add SUP: Batched Commitments for AltDA-based OP Stack Chains #1
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| --- | ||
| sup: NNNN | ||
| title: Batched Commitments for AltDA-based OP Stack Chains | ||
| champion: vdrg (@vdrg) | ||
| author: alvarius (@alvrs), tdot (@tchardin), vdrg (@vdrg) | ||
| created: 2025-01-23 | ||
| eligible: YYYY-MM-DD | ||
| requires: | ||
| status: Draft | ||
| --- | ||
|
|
||
| ## Description | ||
|
|
||
| A protocol upgrade that enables batching multiple DA commitments into a single L1 transaction for AltDA-based OP Stack chains. This introduces a new commitment type (`BatchedCommitmentType`) that allows multiple sub-commitments to be submitted in a single transaction while preserving individual challengeability, resulting in significant gas cost savings by sharing the base transaction cost across multiple commitments. | ||
|
|
||
| ## Motivation and Impact | ||
|
|
||
| AltDA-based OP Stack chains currently submit DA commitments to L1 individually, with each commitment requiring its own transaction. This approach incurs separate base transaction costs (21,000 gas on Ethereum) for each commitment. This inefficiency leads to higher operational costs for chain operators and, ultimately, higher fees for users. | ||
|
|
||
| The implementation of batched commitments will provide several key benefits: | ||
|
|
||
| 1. **Cost Reduction**: By combining multiple commitments into a single L1 transaction, some chains will save significantly on L1 transaction costs, as only a single 21,000 gas fee will be paid per batch instead of per commitment (excluding the additional calldata costs). | ||
| 2. **Preserved Security**: Each sub-commitment within a batch remains individually challengeable, maintaining the security properties of the existing system. | ||
| 3. **Minimal Infrastructure Changes**: The proposal requires minimal changes to the existing derivation pipeline, as the AltDA Data Source will handle the decoding of batched commitments transparently. | ||
|
|
||
| ## Design | ||
|
|
||
| ### Overview | ||
|
|
||
| The design introduces a new commitment type while maintaining compatibility with existing commitment types and challenge mechanisms. Here are the key design decisions: | ||
| 1. **New Commitment Type** | ||
| - Introduce `BatchedCommitmentType = 2` to represent batched commitments | ||
| - Support both existing commitment types as sub-commitments: | ||
| - `Keccak256CommitmentType (0)`: 32-byte fixed-size | ||
| - `GenericCommitmentType (1)`: Variable-size | ||
| 2. **Encoding Structure** | ||
| - Length-prefixed format for sub-commitments enabling parsing by the AltDA data source | ||
| - Preserved derivation version for compatibility | ||
| 3. **Derivation pipeline** | ||
| - Single L1 transaction contains multiple sub-commitments | ||
| - AltDA Data Source decodes and processes each sub-commitment independently | ||
| - Existing challenge mechanisms remain unchanged | ||
|
|
||
|
|
||
| ## Specification | ||
|
|
||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. | ||
|
|
||
| ### Batched Commitment Encoding | ||
|
|
||
| The L1 transaction data MUST follow this format: | ||
|
|
||
| ``` | ||
| [1 byte: derivation_version = 0x01] | ||
| [1 byte: commitment_type = 0x02] // BatchedCommitmentType | ||
| [1 byte: subcommitment_type = 0x00 or 0x01] | ||
| [variable length: sub_commitments] | ||
|
|
||
| ``` | ||
|
|
||
| Each sub-commitment MUST be encoded as: | ||
|
|
||
| ``` | ||
| [2 bytes: comm_len (big-endian)] | ||
| [comm_len bytes: commitment_data] | ||
|
|
||
| ``` | ||
|
|
||
| ### Example Encoding | ||
|
|
||
| For two Keccak256 sub-commitments (each 32 bytes), the L1 transaction data would be structured as follows: | ||
|
|
||
| | Field | Example (Hex) | Explanation | | ||
| | --- | --- | --- | | ||
| | derivation_version | 0x01 | OP Stack derivation version | | ||
| | batched_commitment_type | 0x02 | Indicates a batched commitment | | ||
| | subcommitment_type | 0x00 | Keccak256CommitmentType | | ||
| | comm1_len | 0x0020 | length = 32 | | ||
| | comm1_data | [32 bytes] | First commitment hash | | ||
| | comm2_len | 0x0020 | length = 32 | | ||
| | comm2_data | [32 bytes] | Second commitment hash | | ||
|
|
||
|
|
||
| ### Implementation Requirements | ||
|
|
||
| 1. The derivation pipeline MUST: | ||
| - Detect BatchedCommitmentType (0x02) and process accordingly | ||
| - Extract and validate each sub-commitment independently | ||
| - Maintain existing challenge mechanisms for each sub-commitment | ||
| 2. The batcher MUST: | ||
| - Support configuration for consuming multiple frames when using Batched Commitments (similar to current implementation for Blobs DA) | ||
| - Submit each frame to the DA Server independently | ||
| - Construct a valid batched commitment from returned commitments | ||
|
Comment on lines
+92
to
+93
There was a problem hiding this comment. Probably should add note that aggregation of the sub-commitment needs to be done in order to follow new holocene ordering rules. See for eg ethereum-optimism/optimism#13169 |
||
|
|
||
| ### Alternative Approaches Considered | ||
|
|
||
| #### Alternative Encoding for Keccak256 Sub-commitments | ||
|
|
||
| For batches containing only Keccak256 commitments, a more efficient encoding could omit the length prefix since these commitments are always 32 bytes. While this optimization would reduce gas costs, it has not been included in the main specification since Keccak256 Commitments are expected to be deprecated in the future. | ||
|
|
||
| #### Aggregating Commitments in DA Server | ||
|
|
||
| An alternative approach for constructing Batched Commitments is to do it in the DA Server. The batcher would send the concatenated frames to the server and the server would be in charge of parsing and constructing the resulting commitment. | ||
|
|
||
| However, to keep sub-commitments individually challengeable (and not change the existing logic related to challenges) the server would need to store the input frame for each sub-commitment independently, which would break the server's API semantics. | ||
|
Comment on lines
+102
to
+106
There was a problem hiding this comment. Yet another approach, for DA layers like EigenDA that allow huge blobs (right now up to 16MiB), is to change the batcher logic to allow for the channelMgr to either return huge frames, or to return multi-frames, and to send those as a single blob to the da layer. This means there is no need to deal with batched commitments and sub-commitments like is being done here. See for eg ethereum-optimism/optimism#12400 There was a problem hiding this comment. Even though we could abstract this away in the DA server (and just hash all the frames or something), the main idea of the proposal was to still support challenges, and for that we need to be able to iterate over each individual sub-commitment. But I guess what you mention is still compatible with this approach? I imagine we would need some config option or maybe even an additional There was a problem hiding this comment. Right in my mind the logic would be similar to ethereum-optimism/optimism#13169, where da dispersals are made in parallel to the da-server, and the returned "certs/commitment" would then be cached back into the channelMgr, to be pulled back out of order to follow holocene ordering rules. Right now the channelMgr allows specifying a There was a problem hiding this comment. Are you referring to |
||
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| This upgrade introduces a new commitment type while maintaining full compatibility with existing commitment types. No changes are required for existing challenge mechanisms or the DA Server specification. The AltDA data source will need to be updated to handle the new BatchedCommitmentType, but can maintain existing handling for other commitment types. | ||
|
|
||
| ## Failure Modes Analysis | ||
|
|
||
| Batched commitments are subject to same failure modes as existing commitments. | ||
|
|
||
| --- | ||
|
|
||
| ## Progress Checklist | ||
|
|
||
| _To be updated only by SUP editors_. | ||
|
|
||
| Prior to SUP merge: | ||
|
|
||
| - [ ] There is a named champion for this SUP | ||
| - [ ] All sections of SUP completed and reviewed by SUP editor | ||
| - [ ] Design review done and approved | ||
| - [ ] SUP number has been assigned | ||
|
|
||
| Prior to SUP inclusion: | ||
|
|
||
| - [ ] Specification review done and approved | ||
| - [ ] Implemented in a client and run on an Alphanet (where applicable) | ||
| - [ ] Implemented in all relevant clients and run on an upgrade Betanet (where applicable) | ||
| - [ ] FMA security reviewed and actions completed (audit, run books, etc.) | ||
| - [ ] Included in a governance proposal and has passed governance | ||
|
|
||
| --- | ||
|
|
||
| ## Copyright | ||
|
|
||
| Copyright and related rights waived via [CC0](../LICENSE.md). | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only current existing challenge mechanism is the DaChallengeContract for keccak commitments right? What's the current state of the conversation regarding getting rid of this in general given that most people are using generic commitments?
In our case we are considering potentially failing over to keccak commitments if ever EigenDA is down. The derivation pipeline must thus be able to switch dynamically between the two commitment types. Would one then need the DAChallengeContract to be used during the failover period?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah challenges are only for Keccak commitments right now. From my understanding (though I might be missing some context here), the idea is to eventually deprecate the existing keccak256 commitment type and use a specific DA Layer byte (
0xff) for keccak256. But my impression was that challenges would still be supported for them and eventually maybe even for other generic commitments?For this proposal though we wanted to also support keccak because that is what Redstone currently uses. I would also like to better understand what the plan is for deprecating the existing keccak.