Data Availability Certificate

DACs are often used alongside Data Availability Sampling (DAS). While DAS is a probabilistic technique where light nodes sample small random chunks to infer full data availability, a DAC provides a deterministic, cryptographic proof. Systems may use DAS for efficient, ongoing verification by a network of nodes, with a DAC serving as a final, succinct attestation that can be efficiently verified on-chain (e.g., in a smart contract) to trigger withdrawals or settlements.

Within smart contracts on a settlement layer (like Ethereum), a DAC functions as a verifiable condition precedent. For example, a rollup's bridge contract may require a valid DAC attesting to the availability of a state root's data before allowing funds to be withdrawn. This makes the release of locked assets contingent on proven data availability, protecting users from a scenario where funds are frozen due to unpublished data.

Most DAC implementations rely on a committee of known, staked entities (validators or attestors). The security model involves:

• Economic Security: Committee members post a bond (stake) that can be slashed for signing an invalid certificate.
• Threshold Signatures: A DAC requires signatures from a supermajority (e.g., 2/3) of the committee, providing Byzantine fault tolerance.
• Fraud Proofs: Some designs allow anyone to submit a fraud proof if data is unavailable despite a published DAC, triggering slashing. This model trades pure cryptographic trust for practical efficiency.

The security of a DAC depends on the honesty of the signing committee. A common model is an honest majority assumption, where the system is secure as long as a threshold (e.g., 2/3) of committee members are honest. Key risks include:

• Sybil Attacks: An adversary creating many fake identities to control the committee.
• Collusion: Committee members coordinating to sign for unavailable data.
• Implementation Flaws: Bugs in the multi-party computation (MPC) or signature aggregation protocol.

The primary threat a DAC is designed to mitigate. An attacker (e.g., a malicious sequencer) publishes a block header but withholds the corresponding transaction data. Without a DAC, light clients and other chains cannot verify the block's validity. A valid DAC should be cryptographically unforgeable without the actual data, making a successful withholding attack equivalent to breaking the committee's security assumptions.

A critical distinction. Liveness ensures new blocks are produced. Data Availability ensures the data for those blocks is published. A chain can be live but have poor data availability (censorship). DACs specifically guarantee the latter. The security requirement is that if any honest committee member can download the full data, the certificate can be produced, preventing liveness failures from masquerading as data availability issues.

Advanced DAC designs (e.g., in Celestia or EigenDA) use erasure coding to enhance security. Data is encoded so that only a random sample of 50% of the data needs to be available for full reconstruction. This allows light clients to perform data availability sampling (DAS) with high confidence. The security guarantee shifts from needing to download all data to successfully sampling a sufficient number of random chunks.

For optimistic rollups, a DAC is essential for the challenge period. Verifiers must have access to transaction data to submit fraud proofs. If the DAC is compromised, fraud proofs become impossible, allowing invalid state transitions. For zk-Rollups, while validity is proven, data availability is still required for execution and user fund recovery, making the DAC a liveness safeguard.

Contrast with other data availability solutions:

• On-Chain Data: Highest security (inherits L1 security) but expensive.
• Data Availability Committees (DACs): Trusted committee model, as described here.
• Validity Proofs: Prove data was available at a point in time (e.g., EigenDA's proof of custody).
• Economic Bonding: Sequencers post bonds slashed for withholding data, adding a crypto-economic layer to committee security.

A data protection method that expands the original data with redundant parity chunks, allowing the full dataset to be reconstructed even if some chunks are missing or withheld. This is a prerequisite for secure Data Availability Sampling.

• Reed-Solomon codes are commonly used in blockchain implementations.
• Transforms the problem from "is all data available?" to "is enough data available?"
• A malicious block producer must hide a large, contiguous portion of data to succeed, making withholding statistically detectable.

A cryptographic scheme (Kate-Zaverucha-Goldberg) used to create a constant-sized commitment to a polynomial. In data availability, it proves that erasure-coded data is correctly constructed from the original block data.

• Provides a single, short proof that all data chunks are consistent.
• Allows samplers to verify they are sampling from the correct encoded data without needing the full set.
• Eliminates the need for fraud proofs related to incorrect encoding, moving to a proof-of-correctness system.

A trusted, off-chain set of entities that sign attestations confirming they have received and stored a copy of a block's data. This is a simpler, more centralized alternative to cryptographic DACs.

• Used by many Layer 2 rollups (e.g., early versions of StarkEx, Arbitrum Nova) for lower cost and complexity.
• Introduces a trust assumption in the committee's honesty and liveness.
• Members typically run high-availability nodes and provide signatures that are posted on-chain.

Two security models that rely on data availability.

• Fraud Proof Systems (Optimistic Rollups): Assume state transitions are valid unless proven fraudulent. DACs are critical here, as a challenger needs the data to construct a fraud proof.
• Validity Proof Systems (ZK-Rollups): Provide a cryptographic proof of correct execution. Data availability is still required for state reconstruction and user exits, but the security model is different.
• Both models fail if their required data is unavailable.