[DISCUSSION] State Committee Light Client for Mantle Network

Overview

The Lagrange State Committee (LSC) network is a light client protocol for optimistic rollups. Within a state committee, nodes stake $MNT (or an LSD such as $mETH) and attest to the state resulting from transaction batches executed by the Mantle sequencer.

These attestations and the associated economic stake act as a hub of economic security for any cross-chain messaging protocol that wishes to use Mantle Network state, enabling secure cross-chain messaging from Mantle Network with latency on the order of minutes instead of the usual seven day finality window.

Integrating Lagrange State Committee with Mantle will also provide increased flexibility with developing new secure cross-chain pathways. For instance, accessing primary market rates of mETH:ETH between Ethereum L1 and Mantle L2 can be directly secured by rehypothecated $MNT or $mETH. Additionally, new cross-chain pathways such as a trustless The Open Network (TON) and Mantle Network connection can be opened and secured directly by Mantle Network’s LSC light client. By leveraging $MNT to secure new cross-chain pathways, Mantle gains increased control over how its state is being used cross-chain and can further minimize third-party risk.

In the following post, we propose for Mantle to provide the initial staked $MNT required to bootstrap economic security for a state committee deployment.

State committees provide a variety of key benefits to Mantle Ecosystem:

1. A permissionless hub for messaging protocol security
2. A mechanism for opening new cross-chain pathways secured directly by Mantle
3. A new native yield bearing opportunity for $MNT holders
4. An easy integration point for any interoperability protocol wishing to support Mantle
5. Increased security for any cross-chain applications interacting with Mantle Network dApps
6. Early adoption of a novel economic primitive that functions as a public good and incorporates ZK state/storage proofs and Eigenlayer AVS

Beyond the immediate benefits for Mantle Ecosystem, integrating the state committees will position Mantle as a proving ground for more secure cross-chain interoperability and new compute and DeFi primitives. Lagrange is committed to leveraging MapReduce coprocessor and Recproofs proving system to support Mantle with future initiatives, including building ZK-based Mantle Journey rewards and trader incentive programs on Mantle Network.

Background

Current approaches to messaging and bridging between EVM chains rely on partitioned economic security. The security model is typically of the form “k of n” validator honesty assumptions, where proving that a state exists or a transaction occurred on a different chain requires a plurality (k), of a set of total (n) nodes to agree. Examples of these approaches include multi-signature wallets, threshold signatures schemes across attestation sets, Tendermint proof-of-stake consensus and proofs of Ethereum’s light client sync committee. While each of these approaches have distinct advantages, they all share a central design limitation: the vulnerability of small validator quorums. Specifically, each cross-chain protocol has a capped sized set of validators that can be targeted in isolation by compromising a plurality of its nodes, which has occurred in catastrophic fashion in the wild for many bridges. The key insight is that the security across any isolated k of n protocols is either constant or sublinear with respect to staked collateral.

Hence, as the amount of available collateral increases, the added security increases at a diminishing rate as the validator set begins to cap out in size, resulting in both poor capital efficiency and security. In concrete terms, the current state of cross-chain architecture forces every bridge to fragment liquidity into its own isolated liquidity pool, and forces every messaging protocol to independently run nodes for every optimistic rollup that they support. Bridging and messaging protocols that have operated in these conditions have historically been vulnerable to isolated attacks on their validator sets or liquidity pools.

Hence, we propose an architecture that (1) enables cheap and superlinearly secure access to cross-chain state, and (2) increases the expressivity of the aforementioned secured computation environment.

As such, here we propose the deployment of Lagrange’s provable compute stack that will position Mantle Network as a proving ground for more secure cross-chain interoperability and new compute and DeFi primitives, including capital-efficient and programmable staking, contract-secured revenue, and general purpose data querying and automated task execution.

Why State Committees Are the Best Approach

State Committees create a shared economic security hub for interoperability protocols without increasing communication overhead and without introducing risk stacking or adding intermediary risk. These features follow immediately from the use of the Lagrange proving stack, as proofs of unbounded sized sets of attestations to Mantle Network blocks can be easily verified on-chain by any contract.

Superlinear Security

In the case of state committees, the economic security is not limited by the amount of validators, leading to superlinear security, whereby an economic attack on the protocol requires subversion or collusion of the entirety of the economic bandwidth securing state committees, as opposed to a strictly smaller subset. Naturally, this then increases the yield opportunity for Mantle Network validators, as their collateral is used to secure a strictly higher leverage.

Easy Cross-Chain Mantle Integrations

This approach further enables any cross-chain protocol to easily support any optimistic rollup chains without having to independently run watchers for that chain. In the current paradigm, every interoperability protocol validator has to synchronize and communicate with every supported source chain, which results in the addition of new chains having to be a permissioned process and increases communication overhead. Instead, using state committees for optimistic rollups, the interoperability protocol validator set would no longer need to attest to every optimistic rollup independently. Instead, each gateway can still verify that the relayers pass the correct messages between chains by simply verifying the state proof.

Additive Security

Since the state committees are transport layer agnostic, they can be combined additively with the security of existing interoperability protocols. Each proof is lightweight enough that it can be verified anywhere without a complex technical overhead. For example, a well-known cross-chain messaging protocol like Axelar can easily verify a state proof from the state committee in addition to their existing consensus, before deciding to relay a cross-chain message. As such, state committees can be thought of as a way to holistically increase the security of Mantle Ecosystem as a public good, and are non-competitive with all existing interoperability partners.

Proposal

We propose a staged launch of the Lagrange provable compute stack on Mantle Network, starting with the Lagrange State Committees, to be secured with staked assets (likely $MNT) from the Mantle Treasury. For the initial phase the targeted staked amount will be ~$10mm, with a gradual ramp-up process in cooperation with the Mantle core research and engineering teams, the Mantle Economics Committee (under the MIP-28 program), and other community participants. As more Mantle Network native protocols begin to leverage cross-chain state for their purposes, the security pool will be expanded to include any participant from Mantle Ecosystem. With the bootstrapping phase complete, Lagrange will work closely with the Mantle research team to implement other custom deployments of its MapReduce coprocessor and Recproofs provings systems (details below).

Objectives

The primary objective is to deploy the Lagrange State Committee (LSC) network on Mantle Network, with Mantle Ecosystem securing $10mm worth of economic bandwidth to achieve the following:

1. Enable trustless cross-chain state access and applications on Mantle Network
2. Increase capital efficiency of staked capital on Mantle Network

The secondary objective is to deploy new security and financial primitives underneath the LSC umbrella including:

1. A secure messaging hub that can provide highly secure and low-cost state proofs for all cross-chain applications built on Mantle Network
2. Structured verifiable data streaming (trustless oracles, private data streaming, and provable data storage)
3. Integrate the first application built on Lagrange’s ZKMapReduce stack into Mantle Network. Future integrations built on Lagrange’s proving system may include, contract secured revenue, DEX VIP programs, and sequencer transaction ordering commitments

Timelines & Next Steps

The Lagrange State Committee infrastructure is currently on a private testnet and has undergone significant internal scale testing. Lagrange is part of EigenLayer’s launch partner program, and will be aligning the state committee launch timelines with EigenLayer’s launch. With support for economic bootstrapping from Mantle, we’ll be able to deploy a state committee testnet and public state committee mainnet on Mantle Network in early 2024.

Deliverable: Testnet Mantle State Committee Deployment
Date: February 2024
Scope: The state committee infrastructure will be deployed as a public testnet to support Mantle Network. The deployment will be done in conjunction with EigenLayer’s public testnet launch. Lagrange’s MapReduce coprocessor will be used to generate state proofs based on the state committee’s attestations.

Deliverable: Mainnet Mantle State Committee Deployment: Phase 1
Date: April 2024
Scope: The state committee infrastructure will be deployed on mainnet, as a partially permissioned network to guarantee the safety of the assets staked by Mantle Treasury. In alignment with EigenLayer’s initial release, there will be no slashing enabled at this phase. This is to ensure that Mantle Treasury faces no risk during the initial rollout and ramping process. The staking and rewards flows will be fully audited and on mainnet at this point.

Deliverable: Mainnet Mantle State Committee Deployment: Phase 2
Date: June 2024
Scope: The state committee infrastructure will be deployed as a fully permissionless network on mainnet. There will be fully permissionless staking, slashing and reward flows. The staking, slashing and rewards flows will be fully audited and on mainnet at this point. Generating state proofs based on the state committee’s attestations will be fully permissionless, though Lagrange will still use its MapReduce coprocessor as one of the provers. The holders of the staked $MNT will actively collect yield based on the fees paid by cross-chain protocols that consume the security offered by the state committee.

Rationale and Benefits to Mantle Ecosystem

Mantle has already embraced the ethos of combining novel and performant primitives, such as liquid staking, cheap and modular data availability schemes, and shared / multi-sequencing. Mantle Network can serve as the premier proving ground for provable compute applications both at the protocol level (sequencer, data availability) and at the application level (risk parameter computation, contract-secured revenue, KPI-based airdrops and retroactive rewards).

State committees provide a new primitive that simplifies the developer experience of integrating Mantle contracts with cross-chain applications. In practice, this provides a number key benefits for Mantle Ecosystem:

1. State committees provide an easy to integrate interoperability hub based on transparent cryptoeconomic guarantees. This improves the developer experience of building DeFi apps on Mantle Network and sending messages / assets to and from Mantle Network.
2. State committees increase the security of all interoperability focused protocols building on Mantle Network. This makes Mantle a holistically more secure ecosystem.
3. Participation in the state committee protocol will also generate yield back to $MNT token holders from the fees paid by cross-chain protocols that consume the security the committees provide.

The state committee is a transparent permissionless light client protocol of security that any developer can leverage, and holistically benefit Mantle Ecosystem. Lagrange works with many top security focused protocols, including EigenLayer, Axelar, Polymer, Omni and Optimism.

Technical details

The Lagrange State Committee is designed to be extensible to generate state proofs for any chain, irrespective of consensus mechanisms, sequencer or validator set specifications. Nodes wishing to join the cross-chain state committee must restake via EigenLayer into Lagrange’s Ethereum contracts and signal the state (main network or rollup) that they intend to attest to. Every node in the network must run a containerized validator or watcher of a relevant chain or roll-up. Once in the network, a node must execute a BLS12-381 signature on every new block that reaches finality on the chain that they are attesting to.

The set of attestors for each chain are active for a duration of n blocks, otherwise called an attestation period. The length of the attestation period is variable for each chain based on the fraud proof time required to slash colluding nodes. As opposed to the Ethereum light client sync committee which has a cap of 512 nodes, the attestation mechanism that underpins the cross-chain state committee supports an unbounded set of nodes. As such, the collateral behind each attestation can scale dynamically as more cross-chain protocols decide to pool security into the state committees. This enables the LSC network to exhibit super-linear security, as large pools of capital become exponentially harder to attack at scale than a fragmented sum of their parts.

Whenever a rollup block is finalized, each restaked node is required to attest to the block using its Ethereum BLS12-381 key. Finality is defined by the safe L2 head for OP stack rollups and Ethereum equivalent finality for Arbitrum.

Broadly, each signature is executed on a tuple containing 3 essential elements:

struct block {
     var block_header,
     var current_committee,
     var next_committee,
}

The current_committee is the group of nodes permitted to sign for a given block b and the next_committee is the group of nodes permitted to sign for the next block (b+1). Each of these committees is defined permissionlessly on-chain based on which nodes have nominated themselves to join the state committee.

Using these 3 fields, it is possible to succinctly prove the validity of an arbitrary block b if the following recursive properties hold:

1. At least 2/3 of the n attestors restaked for a given block b have signed the block header. The public keys of these nodes must be stored in the current_committee Merkle tree.
2. The current_committee of block b equals the next_committee tree of block b-1.
3. Block b-1 is either the genesis block or is valid with respect to these three conditions.

Once a proof is created based on the above inductive relationship, any cross-chain protocol wishing to leverage the security of the state committee can do so by verifying a single proof. This design enables existing cross-chain protocols to maximize security for optimistic chains, without having to change their own protocol design.

Summary & Future Developments

By adopting Lagrange’s State Committees, Mantle can immediately start both generating additional yield for Mantle watchers and increasing the security and improving the developer experience of using Mantle Network state cross chain. Beyond the immediate benefits for Mantle Ecosystem, integrating the state committees will position Mantle Network as a proving ground for more secure cross-chain interoperability and new compute and DeFi primitives.

Examples of future initiatives that Lagrange is committed to supporting on Mantle using its Recproofs and ZKMapReduce proving system include the following:

New Cross-Chain Pathways

By leveraging state proofs generated by the state committee, cross-chain protocols can more easily consume Mantle Network state without any additional overhead or relying on the security of intermediary protocols. This opens opportunities for developing new cross-chain pathways with Mantle Ecosystem that are secured by the strength of Mantle’s native assets. For instance, a smart contract on TON can easily message or bridge with a contract on Mantle Network by relying on security directly provided by rehypothecated $MNT or $mETH. As the security is derived from Mantle Ecosystem, other ecosystems like TON can directly integrate without having to depend on economic security provided by intermediary protocols.

DEX Rebates and Liquidity Provision

Volume based discounts for exchanges are a common way to incentivize trading. In order to provide this feature to a decentralized exchange, a proof must be used to show the total swap volume of a user between two block windows. Once this proof is verified on-chain, a user will be entitled to a discounted fee on all future swaps. The use of a provable framework for computation guarantees the accuracy of a user’s trading history, and removes the dependency on an off-chain actor to execute the computation. Without cryptographic guarantees, the process of identifying suitable candidates for a volume rebate will remain arduous. By implementing this system on Mantle Network, on-chain DeFi activity can be uniquely and sustainably incentivized.

Verifiable Incentives Programs

Lagrange Labs’ ZKMR stack enables the creation of verifiable and permissionless incentives programs that drive on-chain activity, while removing the dependencies on an off-chain actor to correctly issue rewards.

One of these rewards programs is contract-secured revenue (CSR). CSR is a mechanism for smart contract developers to claim a fraction of fees when users interact with their contracts on EVM-based L2s. The architecture is designed to have identical security to a consensus layer implementation.

As a refresher, the Lagrange ZKMapReduce (ZKMR) proving system is designed for concurrently proving both batched transaction inclusion and dynamic MapReduce style computations. A single ZKMR proof can assert the inclusion of a subset of transactions across a range of blocks and the sum of the gas fees paid within the subset. In the context of CSR, a single proof asserts the following statement: “Between block b and block b - k, a sum of $x in gas fees was paid for usage of a contract with address C.”

In the context of Mantle, Lagrange’s approach to verifiable reward issuance would enable permissionless and secure Mantle Journey rewards to be issued on-chain without a dependency on an off-chain oracle. Rather than relying on centralized off-chain monitoring to determine reward eligibility, Lagrange’s ZKMR stack would enable users to directly submit proofs of their on-chain activities and automatically claim the associated rewards. For example, a user could submit a proof on-chain asserting that they’ve participated in governance, deposited or bridged tokens to Mantle Network, or have executed transactions on Mantle Metwork and then claim their Mantle Journey Miles associated with the activity. Adding verifiability to an already popular rewards program will further improve the security of Mantle Ecosystem, and improve both the user trust and experience of participating in Mantle Journey.

Authors

Lagrange Labs builds infrastructure that increases the security and expressivity of how contract states can be used on-chain and between chains. One of Lagrange’s core products is State Committees, a superlinearly secure light client protocol for optimistic rollups that is built through combining restaking with Lagrange’s novel Recproofs proving system. State committees provide a mechanism for generating state proofs for optimistic rollups by combining attestations from restaked EigenLayer validators with Lagrange’s Recproofs. In this design, committees composed of EigenLayer restaked operators attest to the finality of rollup blocks by independently executing the rollup’s transactions as they are finalized on Ethereum. These attested blocks are then used to generate succinct state proofs using Lagrange’s proving system. Messaging or bridging protocols can integrate these state proofs to enhance their underlying security without increasing their overhead.

Lagrange Labs collaborates with leading companies including EigenLayer, Celestia, Optimism and Axelar. Lagrange Labs’ technical team is composed of researchers with PhDs in applied cryptography with technical backgrounds, including building production-grade zero-knowledge proving systems at Protocol Labs, Consensys, Algorand and Heliax (Anoma).

Supporting information

See Lagrange Labs’ website for more information on the Lagrange product suite, research, and technical architecture.

Really interesting, thanks for sharing.

Sreeram mentioned one of the applications of the state committee on twitter a few days ago - fast bridging with a “circuit breaker” - but did mention that the attributable security had to be less than the total economic stake for the mechanism to be sound.

This leads me to two questions:

1. Is there a certain level of economic stake where you no longer believe this to be necessary due to the superlinear effect. For example, it’s certainly true that the total TVL on Ethereum can exceed 2/3 of the total amount of ETH staked without people believing its “insecure”.

At some point the cost of an attack or the sheer amount of effort required to add/compromise 2/3 of the state committee nodes would be enough to alert the network to pause/take action at the social level

2. Given that the possible use cases of the state committee are much more general than fast bridging, and some such use cases would have economic impacts which are hard to quantify, is there a way to estimate generally the total value secured by the state committee in any seven day window and pause operation if it exceeds a certain threshold relative to the economic stake?

Perhaps this calculation can even be done trustlessly using the ZKMR framework.

@Ismael_H-R, welcome to the forum and thanks for posting your proposal for discussion.

If you have any questions about the process, please check the forum rules, or tag @Je and/or @Lbrian for support.

Thank you for sharing this proposal. From the beginning, Mantle and its community have been dedicated to the adoption of innovative technologies to provide the best security, performance, and user experience. This proposal including the described use cases and benefits paints an intriguing picture of of where the LSC might take us next. I’m wading into the deep end here, but I’d like to better understand a few things.

What kind of return can we expect from staking MNT?

From my understanding, either MNT or mETH can be staked. Are there any additional tradeoffs or benefits for staking MNT rather than mETH?

Side note: there is a typo across all of the deliverable dates. I believe it should read 2024 not 2023.

thank you

Thank you Feynyman. These are great questions.

Attributable security models, like Lagrange State Committees, create insurance for bridges that payout in the event that the state being used was incorrect or compromised. Of course, for the payout to fully insure cross-chain transfers the amount of insurance has to be greater than the bridged volume.

Where the full-payout approach becomes untenable is if either the amount of assets transferred is too large to insure or if cross-chain state is used for things like message passing where the value of a cross-chain action is hard to quantify.

In other words, if a cross-chain message is used to trigger an update to a governance parameter, it’s hard to quantify the impact of malicious state being used. In this situation, the attributable security would only be a partial payout with respect to the slashable amount.

In regards to your first questions, this is where models that can scale security superlinearly become an imperative. To your point, Ethereum and the Ethereum light client are examples of superlinear security, as they both secure a substantially larger amount of assets than is slashable by the consensus rules.

For the state committee, we think a $10mm stake is an excellent first step to trailblaze productionizing this type of light client. From there, we aim to push for at least an equivalent in stake security to the Ethereum light client, which is currently approximately $40mm.

Quantifying the value secured by the state committee will require cross-chain protocols to declare the value associated with individual messages or assets transfers. In the event of a malicious state being used, protocols would receive payouts commensurate with what was declared.

By giving protocols the agency to make these declarations, we can quantify the value each downstream protocol claims to secure with the state committee and how leveraged the system is compared on the staked amount. This allows protocols to only need to only pay for the amount of security that they believe they need and to secure cross-chain activities whose value may not be immediately quantifiable by an outsider.

To your point, proving the large computations required to sum the declared value into an aggregate is an excellent use case for our MapReduce coprocessor.

Thanks for the great questions Lbrian and we appreciate the kind words about our discussion post.

Returns for state committee operators will be derived from fees paid by cross-chain protocols that purchase security from Mantle’s state committee. As such, the real yield will be dynamic and set by the market. We expect a very low operational cost of running a state committee node. From our benchmarks, ten state committee nodes can be run on a single AWS t3.micro instance!

Currently, we anticipate the yield being ~2% annually which can be stacked with the yield from running other AVSs. For example, an operator who stakes $mETH and validates for 3 AVSs can receive yields upwards of 11% annually (5% from ETH staking + 3 * 2% = 11%).

We expect staking of $mETH to have a lower cost of capital, as compared to $MNT, as $mETH already provides yield to users from Ethereum staking. As such, the fees that cross-chain protocols will have to pay for security will be lower.

In contrast, one of the benefits of staking $MNT is that it provides a new source of yield for Mantle Network’s native token and assigns cash flows back to the Mantle Ecosystem. This approach also gives Mantle additional sovereignty over the cross-chain states being used, as there will be a quorum within the light client entirely secured by a Mantle’s native asset.

We believe that both of these approaches provide a compelling new source of returns to the Mantle Ecosystem and de-risk the state being used by cross-chain applications on Mantle.

Also we appreciate you pointing out the typo in deliverable dates. These should be fixed now

Thank you for sharing this proposal

thanks for sharing lots of good info