Samuel Laferriere

Bowen Xue, Samuel Laferriere, Soubhik Deb et al.

Leader-based Byzantine-fault-tolerant (BFT) protocols provide low latency and simple communication structure, but they give the leader short-term control over transaction inclusion. A malicious leader can keep the protocol live while delaying or excluding time-sensitive transactions such as auction bids, oracle updates, liquidations, and bridge messages. Existing responses often build a fixed censorship-resistance, hiding, or ordering mechanism into the protocol path, forcing all transactions to pay for the same protection level. name follows the end-to-end principle: the consensus layer exposes inclusion primitives rather than hardcoding stronger policies. Higher-layer protocols can then choose their own submission strategies and resources, whether through replication, erasure coding, or other mechanisms, to obtain the censorship-resistance, hiding, ordering, or execution guarantees they need. At the core of BigDipper is censorship-resistant data availability, or DA-CR, which certifies available replica-contributed mini-blocks for use by leader-based consensus. A central design goal is that data remains sharded on the consensus critical path: validators do not reconstruct or execute the full payload before voting, but instead check commitments, availability evidence, and the DA-CR inclusion rule. We define DA-CR guarantees for data-tampering resistance, honest mini-block inclusion, and residual leader influence. We then give concrete constructions based on erasure coding and linear commitments, analyze client-tunable transaction submission, and instantiate BigDipper inside HotStuff-2.

Bowen Xue, Samuel Laferriere

Alternative data availability (AltDA) systems provide Ethereum L2s with an external data publication layer for high throughput rollup designs. By moving bulk data publication outside of Ethereum, AltDA allows L2s to process more data than native DA. However, this replacement introduces a new consensus critical integration layer. Existing ecosystem frameworks identify high level risks, such as external DA trust assumptions and the presence or absence of a DA verifier, but do not provide a complete specification for how an L2 should integrate with AltDA. This gap can lead to L2 halts, inconsistent derivation across honest L2 nodes, invalid state assertions, or bridge attacks. This paper presents a canonical validation framework for secure AltDA integration. We model the boundary as a typed, deterministic, and total translation from L1 inbox bytes to an AltDA commitment, then to externally available data, and finally to the rollup payload consumed by the rest of core L2s logic. The central principle is that every adversarial input must lead to a defined unique outcome. We show how missing obligations lead to concrete failure modes, including underconstrained settlement, derivation halts, inconsistent honest node behavior, invalid state assertions, and bridge safety failures. We then apply the framework to representative AltDA integration architectures, including Celestia-Blobstream, EigenDA based designs, and Avail-ZKsync. Our evaluation shows that secure AltDA integration is not determined solely by the DA provider or bridge. The surrounding L2 integration must also enforce the full validation relation connecting L1 inbox inputs to accepted L2 state.