Data Availability Sampling (DAS)

Data Availability Sampling (DAS) is a core scaling mechanism for blockchains implementing data availability layers, such as Ethereum with danksharding or modular chains like Celestia. It solves the data availability problem, where a malicious block producer could withhold transaction data, making it impossible for the network to verify the block's validity. Instead of downloading an entire, potentially large block, a light client performs multiple rounds of random sampling, downloading small, randomly selected chunks of the block's erasure-coded data. If all requested samples are successfully retrieved, the client can be statistically confident the entire dataset is available.

The process relies on two key technologies: erasure coding and KZG polynomial commitments. First, the block data is expanded using erasure coding (e.g., Reed-Solomon codes), creating redundant data chunks so the original data can be reconstructed even if a portion is missing. A KZG commitment cryptographically commits to this extended data. The light client then randomly selects a small set of these chunks to sample. The probability that a client would successfully retrieve all samples if a significant portion of the data was missing is astronomically low, providing high security with minimal data transfer.

This enables a major scalability leap. By separating data availability verification from execution, DAS allows block sizes to increase dramatically without forcing all nodes to process the full data. Light nodes can securely operate with minimal resources, while full nodes or validators handle data storage and reconstruction. This architecture is fundamental to modular blockchain designs and rollup scaling solutions, where rollups post their transaction data to a base layer that provides guaranteed data availability, secured by a decentralized network of sampling nodes.

Data Availability Sampling (DAS) is a cornerstone of scaling solutions like Ethereum danksharding and Celestia. Its primary function is to solve the data availability problem, where a malicious block producer could withhold transaction data, making it impossible for the network to verify the block's validity. Instead of downloading an entire large block (e.g., 2 MB), a light client performs multiple rounds of random sampling, requesting small, random chunks of the data. If the data is fully available, all requests succeed; if not, the client quickly detects missing data and rejects the block.

The process relies on encoding block data with an erasure coding scheme like Reed-Solomon. This expands the original data, creating redundant data blobs. The key property is that any sufficiently large random subset of these blobs can be used to reconstruct the entire original data. A light client uses a random seed to generate coordinates for, say, 30 random samples. It then queries the network for the data blobs at those coordinates. Successful retrieval of all samples provides high statistical confidence—often exceeding 99.99%—that the entire dataset is available.

For the system to be secure, sampling must be unpredictable and enforceable. The random seed for sampling is derived from the block header itself, preventing a malicious producer from knowing which chunks will be checked. Furthermore, the erasure-coded data is committed to in the block header via a Merkle root or a KZG polynomial commitment. This allows clients to cryptographically verify that each received data chunk is part of the original committed data, ensuring the producer cannot send valid but incorrect chunks for the sampled locations.

A critical mass of independent light nodes performing DAS creates a powerful security guarantee. While one node might get lucky and sample only available chunks, hundreds of nodes performing random checks make it statistically impossible for an adversary to hide missing data. This collective verification allows the network to safely scale block sizes, as no single participant needs to process all the data. The Data Availability Committee (DAC) model is a simpler, trusted alternative to pure DAS, but DAS provides a trust-minimized, cryptographic foundation for decentralized scaling.

Erasure coding is a data protection method that transforms an original data block into a larger set of encoded pieces, where only a subset is needed to reconstruct the original. In blockchain contexts like DAS, a technique called Reed-Solomon encoding is commonly used to expand a block's data into a two-dimensional matrix of data and parity shares. This redundancy is critical because it allows light clients to sample random, small pieces of the data with high confidence that the entire dataset is available, even if some shares are missing or withheld by malicious nodes.

Commitments are cryptographic proofs that bind a prover to a specific piece of data without revealing the data itself. For DAS, a Merkle root or a KZG polynomial commitment is computed from the erasure-coded data. This commitment is published to the blockchain, serving as a short, verifiable fingerprint. When a light client requests a random sample, the network provides the specific data share along with a Merkle proof linking it back to the published commitment. This allows the client to cryptographically verify that the sample is part of the originally committed data.

The synergy between these prerequisites enables the core DAS security guarantee. Erasure coding provides the redundancy that makes sampling statistically effective, while commitments provide the cryptographic integrity for each sample. A client only needs to successfully download and verify a small number of random samples to achieve a high statistical certainty—often 99.99%—that the entire erasure-coded data block is available. This combination allows for scalable block verification without requiring any single node to download the full dataset.

Data Availability Sampling (DAS) is a cornerstone mechanism for scaling blockchains via data availability layers like Celestia or Avail. Its primary function is to solve the data availability problem: ensuring that all data for a new block is published and accessible so that network participants can independently verify transactions and detect fraud. In a modular stack, a dedicated data availability (DA) layer publishes this data, while execution layers like rollups process it. DAS enables light clients, which cannot store entire blocks, to perform random checks on small pieces of the data, gaining high statistical confidence that the full dataset is available.

The protocol works by having the block producer erasure-code the block data, expanding it with redundant pieces. Light nodes then randomly query a small, constant number of these pieces from the network. If a malicious block producer withholds even a small portion of the original data, the erasure coding ensures that a significant fraction of the expanded data is also missing. Through repeated random sampling, light nodes can detect this unavailability with near-certainty. This creates a powerful security property: it becomes computationally infeasible to fool the network into accepting a block where data is hidden.

This capability is fundamental to the security model of optimistic rollups and zk-rollups. For an optimistic rollup, fraud proofs require the full transaction data to be available for challenge. For a zk-rollup, while validity is proven, the data is still needed for state reconstruction and interoperability. DAS ensures this data is reliably posted without requiring every verifier to download it. It effectively decouples verification security from resource requirements, allowing for highly scalable block sizes while maintaining decentralized security enforced by a large network of light nodes.

Implementing DAS requires a robust peer-to-peer network for data retrieval and often leverages technologies like 2D Reed-Solomon erasure coding and KZG polynomial commitments. The commitments allow nodes to verify that each sampled piece is correct relative to the block header. Projects like Ethereum Proto-Danksharding (EIP-4844) incorporate simplified forms of data sampling, while dedicated DA layers build entire networks optimized for this function. The end result is a trust-minimized foundation where execution layers can securely offload their data publishing needs.