Enshrined Security

Enshrined consensus provides native, protocol-level guarantees for transaction ordering and finality. This is the core security model of monolithic chains like Bitcoin and Ethereum.

• Examples: Proof-of-Work (Bitcoin), Proof-of-Stake (Ethereum).
• Key Property: Security is inseparable from the chain's economic incentives and validator set.
• Trade-off: Offers maximum liveness and censorship-resistance guarantees but can be less flexible than external consensus providers.

Enshrined execution means the protocol defines and operates the single, canonical virtual machine (VM) for processing transactions.

• Primary Example: The Ethereum Virtual Machine (EVM) on Ethereum L1.
• Guarantee: All nodes validate execution identically, ensuring uniform state transitions and eliminating the need to trust external provers for correctness.
• Contrast: Contrasts with modular stacks where execution is handled by separate rollups or validiums.

Enshrined data availability (DA) ensures transaction data is published to and stored by the base layer's consensus participants.

• Mechanism: Full nodes and validators are required to store or make available the data for new blocks.
• Purpose: Enables trustless reconstruction of the chain state and is critical for the security of light clients and future L2 solutions.
• Example: Ethereum's proto-danksharding (EIP-4844) introduces a native DA layer via blob transactions.

The choice between enshrined and modular security involves fundamental trade-offs.

• Enshrined (Monolithic): Maximizes sovereignty and security cohesion but can limit scalability and innovation speed.
• Modular: Enables specialization and scalability (e.g., rollups) but introduces trust assumptions between layers (e.g., bridging, external DA).
• Hybrid Models: Chains like Celestia provide enshrined DA for other chains, while Ethereum is evolving towards an enshrined settlement and DA layer for modular rollups.

Enshrined security is directly funded by the protocol's native token economics.

• Staking/Yield: Validators are incentivized through block rewards and transaction fees denominated in the native token (e.g., ETH, ATOM).
• Slashing: Protocol-defined penalties (slashing) for malicious behavior secure the network.
• Security Budget: The cost to attack the network is tied to the total value staked (TVS) or the hashrate, creating a measurable crypto-economic barrier.

Changes to enshrined components require coordinated protocol upgrades, governed by the chain's social and technical processes.

• Process: Involves Ethereum Improvement Proposals (EIPs), client team coordination, and validator/node operator adoption.
• Challenge: Upgrades are slower and require broad consensus, reducing deployment agility but increasing stability and security review.
• Contrast: Modular components (e.g., an L2's sequencer) can upgrade independently, which is faster but can fragment security models.

These are the immutable security primitives defined by the protocol's consensus rules. Key examples include:

• Slashing conditions for validator misbehavior in Proof-of-Stake networks.
• Block finality rules that prevent chain reorganizations beyond a certain depth.
• Maximum extractable value (MEV) mitigation techniques like proposer-builder separation (PBS). These rules are enforced by all honest nodes, providing a cryptoeconomic security floor for the entire network.

Enshrined security differs fundamentally from security delegated to smart contracts or Layer 2s. For example:

• An enshrined bridge is part of the consensus protocol (e.g., Ethereum's Beacon Chain withdrawals), whereas a smart contract bridge relies on its own code and multi-sigs.
• Enshrined rollup sequencing would be mandated by L1, versus the current model where sequencers are appointed by L2 teams. This distinction highlights the trade-off between maximum security and development flexibility.

Not all protocol features are fully enshrined. Security exists on a spectrum:

• Fully Enshrined: Validator set selection, transaction ordering finality.
• Partially Reliant: Certain data availability solutions or light client protocols that depend on a subset of honest actors.
• Externally Dependent: Features like oracles or cross-chain messaging, which typically reside in smart contracts and introduce additional trust assumptions. The goal is to maximize enshrinement for core safety properties.

While enshrined features are stable, changing them carries systemic risk. This involves:

• Hard forks: Required for any modification, demanding overwhelming consensus.
• Governance attacks: Attempts to influence protocol upgrades for malicious changes become high-value targets.
• Implementation bugs: A bug in an enshrined feature (e.g., a flaw in a slashing condition) can be catastrophic, as seen in early blockchain incidents. This contrasts with a buggy dApp, which has limited scope.

In Proof-of-Stake networks, enshrined security is quantifiable as economic security. It is a function of:

• Total Value Staked (TVS): The amount of native token locked in the consensus mechanism.
• Slashing penalties: The protocol-defined cost of attacking or deviating.
• Inactivity leaks: Automated mechanisms to reduce the stake of offline validators. This creates a cryptoeconomic barrier where attacking the network becomes financially irrational, as the cost exceeds potential profit.

A major debate is whether to enshrine more Layer 2 functionality. Proposals include:

• Enshrined Data Availability: Using the L1 blockchain as a guaranteed data layer for rollups.
• Enshrined Sequencing: The L1 protocol ordering transactions for rollup blocks.
• Enshrined Proving: A native, protocol-level zero-knowledge verifier. Proponents argue this eliminates trust in L2 operator sets, while critics warn of protocol bloat and reduced innovation pace at the application layer.

A design paradigm where a blockchain's core functions (execution, settlement, consensus, data availability) are separated into distinct layers, each with its own security considerations. Enshrined security typically applies to the base consensus and data availability layers, while execution layers (rollups) may inherit or import this security. This creates a spectrum from monolithic (fully enshrined) to sovereign (self-securing) architectures.

The cost required to successfully attack a blockchain's consensus mechanism, often measured by the total value of staked assets that would be slashed (destroyed) in a malicious act. This is a core component of Proof-of-Stake (PoS) enshrined security. For example, an attacker would need to acquire and stake a majority of the native token, risking its entire value, to execute a 51% attack.

The off-chain, human-driven layer of coordination that serves as the ultimate fork choice rule and recovery mechanism in the event of catastrophic bugs or attacks. While not algorithmic, it is considered the final enshrined backstop for many blockchains. This involves node operators, developers, and users agreeing to follow a specific chain version, often after a governance vote.

The mechanisms that secure the transfer of assets and messages between independent blockchains. Bridges typically do not benefit from the enshrined security of either chain and instead rely on their own external validator sets, multi-signature schemes, or light client proofs. This creates distinct security assumptions and is a major source of ecosystem risk, highlighting the value of native, cross-chain enshrined designs.

The specific group of nodes responsible for producing blocks and reaching consensus in a blockchain network. In an enshrined security model, the rules for selecting, incentivizing, and slashing this set are defined at the protocol level. Key properties include decentralization (number of independent operators), liveness (ability to progress), and censorship resistance.

The foundation of enshrined security. These are the protocol-level rules that define how network participants agree on the state of the ledger.

• Proof of Work (PoW): Uses computational puzzles to secure the network (e.g., Bitcoin).
• Proof of Stake (PoS): Uses staked cryptocurrency to validate and secure the network (e.g., Ethereum).
• Delegated Proof of Stake (DPoS): Stakeholders elect a set of validators to produce blocks.

A key architectural debate impacting security.

• Monolithic Blockchains (e.g., Bitcoin, Solana) bundle execution, consensus, and data availability into a single layer, maximizing enshrined security but limiting flexibility.
• Modular Blockchains (e.g., Celestia, Ethereum with rollups) separate these functions. This introduces sovereignty and scalability but relies on the security of the underlying data availability and settlement layer.

The argument for building application-specific blockchains. Instead of a shared smart contract platform, an app deploys its own chain (e.g., using Cosmos SDK or Polygon CDK). This allows for:

• Customized security parameters (block time, validator set).
• Sovereign control over upgrades and governance.
• Maximized performance for a specific use case, but requires bootstrapping its own validator network and security.

The cryptoeconomic component of enshrined security, primarily in PoS systems. Validators must stake a significant amount of the native token.

• Slashing is the protocol-enforced penalty for malicious or negligent behavior (e.g., double-signing, downtime), where a portion of the stake is burned.
• This creates a cost-of-attack that is economically prohibitive, directly tying the chain's security to the value and distribution of its staked assets.

Hybrid approaches that blend enshrined and borrowed security.

• Ethereum Rollups: Inherit security from Ethereum's consensus and data availability while executing transactions off-chain.
• Cosmos Interchain Security: Allows a parent chain (e.g., Cosmos Hub) to provide its validator set to secure a consumer chain, for a fee.
• Polygon Avail: Provides a robust data availability layer that other chains can use as a security primitive.

The canonical example of maximal enshrined security. Every rule is defined by the protocol:

• Fixed supply of 21 million BTC is hard-coded.
• Consensus changes require overwhelming miner/node adoption (hard forks).
• No governance tokens or councils – security is purely from PoW and decentralized node operation. This creates extreme credible neutrality and predictability but limits programmability and upgrade speed.