Scaling Beyond Rollups with Validiums and Off-Chain Data

Public blockchains require every full node to download and verify all transaction data to ensure the network remains permissionless and secure. This design creates a massive scaling bottleneck because the throughput of the entire network is capped by the processing power and bandwidth of a single standard machine. As a result, developers and users often face a trade-off between decentralized security and manageable transaction costs.

Layer 2 scaling solutions initially focused on moving execution off-chain while still posting all transaction data back to the base layer as calldata. While this approach inherits the full security of the underlying blockchain, the cost of storing this data on-chain remains the single largest expense for rollups. In high-traffic environments, these data costs can account for over 90 percent of the total fees paid by end users.

To break this cost floor, architects have developed alternative strategies that decouple the execution of transactions from the availability of the underlying data. This shift introduces a spectrum of security models ranging from fully on-chain rollups to purely off-chain systems. Understanding where your application sits on this spectrum is critical for balancing user experience with asset security.

• On-chain data offers the highest security by allowing any user to reconstruct the state from scratch.
• Off-chain data significantly reduces gas costs by avoiding the expensive storage fees of the base layer.
• Hybrid models allow users to choose their preferred data residency based on the value of their transactions.

The fundamental question for any scaling solution is how to ensure that the data required to reconstruct the current state is actually available to the public. If a sequencer or operator produces a valid proof of a state change but withholds the underlying transactions, users may find their funds frozen in a state they cannot prove they own. This scenario is known as the Data Withholding Attack.

A Validium is an off-chain scaling solution that uses zero-knowledge proofs to verify the validity of transactions but stores the transaction data off-chain. Unlike a ZK-Rollup, which posts data to the base layer, a Validium only submits a validity proof and a state commitment. This architectural choice enables almost infinite scalability and extremely low fees for high-frequency use cases.

Because the base layer does not need to see the transaction data to confirm the state transition is valid, the bandwidth constraints of the main chain are bypassed. This makes Validiums ideal for applications like high-frequency trading, gaming, and social media platforms where the sheer volume of micro-transactions would be economically unfeasible on-chain. However, this efficiency comes with a unique trust assumption regarding the off-chain data providers.

1// SPDX-License-Identifier: MIT
2pragma solidity ^0.8.20;
3
4interface IVerifier {
5    function verifyProof(bytes calldata proof, uint256[] calldata inputs) external view returns (bool);
6}
7
8contract ValidiumBridge {
9    IVerifier public immutable verifier;
10    bytes32 public stateRoot;
11
12    constructor(address _verifier) {
13        verifier = IVerifier(_verifier);
14    }
15
16    // Updates state without requiring transaction data calldata
17    function updateState(bytes32 newRoot, bytes calldata zkProof) external {
18        uint256[] memory publicInputs = new uint256[](1);
19        publicInputs[0] = uint256(newRoot);
20        
21        // The proof guarantees the state change is valid according to logic
22        // but does not guarantee the data is accessible to the public
23        require(verifier.verifyProof(zkProof, publicInputs), "Invalid ZK Proof");
24        
25        stateRoot = newRoot;
26    }
27}

In the code example above, the contract only checks if the state transition followed the rules defined in the circuit. It has no way of knowing if the operator has shared the actual transaction details with anyone else. If the operator disappears, the users cannot generate the merkle proofs needed to withdraw their funds through the bridge contract.

Validiums offer the highest possible throughput among L2 architectures because they remove the data bottleneck entirely, but they require a robust strategy for data availability to prevent user funds from being locked.

To mitigate the risks of centralized data storage, developers are increasingly turning to dedicated Data Availability (DA) layers. These layers are purpose-built blockchains designed specifically to store transaction data and provide proofs that the data is indeed reachable by anyone. By separating the DA layer from the settlement layer, we can create a more resilient and scalable infrastructure.

Modular DA layers use a technique called Data Availability Sampling to allow nodes to verify that data exists without downloading the entire dataset. This is achieved through erasure coding, which expands a piece of data such that only a small portion is needed to reconstruct the whole. This allows the network to scale its data capacity as more nodes join the system.

1async function verifyDataAvailability(blockHeader, sampleCount = 16) {
2    // Instead of downloading the 100MB block, we request random chunks
3    const samples = generateRandomIndices(blockHeader.dataLength, sampleCount);
4    
5    for (const index of samples) {
6        const chunk = await p2pNetwork.requestChunk(blockHeader.dataHash, index);
7        const isValid = crypto.verifyMerkleProof(blockHeader.root, chunk, index);
8        
9        if (!isValid) {
10            throw new Error("Data sampling failed: Potential data withholding detected");
11        }
12    }
13    
14    console.log("High statistical confidence that data is available.");
15    return true;
16}

Integrating a DA layer involves modifying the rollup's batch submission process to point to the external provider instead of the base layer's calldata. The settlement contract on the base layer then requires a proof from the DA layer before accepting a state update. This ensures that the state cannot move forward unless the data has been committed to the decentralized storage network.

This approach significantly lowers costs because DA layers do not need to execute smart contracts or maintain a complex state machine. They only care about the ordering and availability of blobs of data. This simplicity allows them to offer much lower pricing for data storage compared to general-purpose execution environments like Ethereum.

When designing a system, architects must evaluate the value of the assets being secured against the cost of the security itself. A gaming platform with low-value items can easily justify the risks of a Validium with a small Data Availability Committee. In contrast, a decentralized exchange handling millions of dollars in liquid assets might prefer the higher costs of a full ZK-Rollup.

A middle-ground solution known as Volition allows users to choose on a per-transaction basis where their data is stored. This flexibility enables a single application to serve different tiers of users within the same state tree. High-value accounts can pay for on-chain security, while casual users can opt for the lower-cost off-chain storage provided by the Validium side.

The evolution from monolithic chains to modular stacks is not just a technical upgrade but an economic one. It allows us to price security as a commodity that can be scaled according to the specific needs of each application.

The migration from a traditional L2 to a Validium or a modular rollup is often a matter of changing the data submission target. Most modern rollup frameworks are building modular adapters that allow developers to switch their DA provider with minimal configuration changes. This future-proofs the application as new, more efficient DA layers emerge in the market.