"Cartesi's Dave Fraud-Proof algorithm further optimizes the fraud proof mechanism, achieving the best balance between security, decentralization, and activity."
Recently, @donnoh_eth, a researcher from the authoritative research organization L2 Beats in the Rollup field, stated in a tweet that Cartesi's Dave is currently the most advanced fraud proof system, surpassing Arbitrum's BoLD and Optimism's OPFP, and expressed hope that the Optimism and Orbit Stack ecosystems could integrate this groundbreaking solution. The recognition from @donnoh_eth indicates that the technical advantages of the Dave scheme in the fraud proof field have gained widespread attention in the industry.
Indeed, in the exploration of scaling blockchain, Optimistic Rollup solutions have become one of the most widely applied technologies in the Layer2 ecosystem due to their efficiency and low cost characteristics. Unlike ZK-Rollup, which relies on complex zero-knowledge proofs, Optimistic Rollup adopts an 'assume honesty' approach: all transactions are presumed valid unless a challenge arises, triggering the fraud proof mechanism for verification. This mechanism significantly reduces on-chain computation costs and enhances the scalability of Rollup, allowing it to support larger transaction throughput.
However, there are many challenges in the design and execution of the fraud proof mechanism itself. We see that to ensure the security of the Rollup system, fraud proofs need to effectively prevent malicious validators from submitting false states while ensuring the safety of ordinary users' funds. However, in actual operation, fraud proof mechanisms often face multiple limitations.
First is the resource exhaustion attack, where malicious attackers can use a large amount of computational resources to create meaningless disputes, forcing honest validators to continuously expend computational capacity and gas fees, ultimately rendering them unable to continue defending their rights. In extreme cases, if honest validators exhaust their computational resources, the system may default to accepting the false states submitted by attackers, resulting in serious security vulnerabilities.
Secondly, there are delay attacks; some fraud proof mechanisms have lengthy challenge processes that attackers can exploit to artificially delay the resolution of disputes. For example, in some systems, the resolution time for disputes can extend to several months, which severely impacts the liquidity of Rollup funds and user experience, even giving attackers opportunities to profit through market manipulation.
Additionally, its degree of decentralization may also be limited, as many existing fraud proof schemes require participants to pay high collateral to ensure they do not submit false information during disputes. However, this design directly raises the barrier for ordinary users to participate in challenges, resulting in a highly centralized group that can truly combat malicious validators. For example, Arbitrum's BoLD scheme requires 3,600 ETH as challenge collateral, which can effectively enhance system security but also deters most retail validators.
Against this backdrop, Cartesi's Dave Fraud-Proof algorithm further optimizes the fraud proof mechanism, achieving the best balance between security, decentralization, and activity. This scheme adopts a tournament-style challenge mechanism that significantly reduces the computational and financial costs for honest validators while efficiently eliminating malicious validators' Sybil attacks, ensuring disputes are resolved in the shortest time possible. The recognition from L2 Beats precisely illustrates the advanced nature and feasibility of this scheme.
Comparative analysis of existing fraud proof mechanisms
In the current Optimistic Rollup ecosystem, the design of the fraud proof mechanism directly determines the system's security, degree of decentralization, and user experience. Different projects have varying optimization directions for fraud proofs, leading to significant differences in existing schemes regarding attack resistance, execution efficiency, and accessibility.
1. Optimism's OPFP (Optimism Fault Proof)
Optimism uses the OPFP mechanism, whose core design is a parallel challenge system built on a Modular Game Tree. Under this mechanism, multiple challengers can simultaneously challenge the same transaction and enter a layered challenge process. Ideally, this mode can maximize verification efficiency, making it difficult for attackers to hide invalid transactions.
However, in practical applications, OPFP still has two main issues. First, due to the lack of strict time constraints in its challenge process, attackers can delay the entire verification process by continuously submitting false disputes, causing funds to be frozen for weeks or even longer. Second, since OPFP allows anyone to initiate challenges, attackers can create large numbers of Sybil accounts in bulk to disrupt the verification process, artificially creating chaos and increasing the computational costs of fraud proofs. Thus, OPFP's defense capability against Sybil attacks is relatively weak and cannot effectively prevent large-scale malicious interference.
2. Arbitrum's BoLD (Bisection Optimistic Layered Dispute)
In contrast, Arbitrum's BoLD mechanism employs a more stringent all-challenger framework aimed at eliminating delay issues present in the Optimism scheme. BoLD enforces a maximum dispute time of 1 week, ensuring that all disputes can be resolved quickly, preventing attackers from undermining the system's normal operation through unlimited delays. Additionally, BoLD introduces Historical Commitments, ensuring that all computational paths submitted during disputes are traceable, thereby reducing the likelihood of data tampering by attackers during the challenge process. While this scheme performs excellently in terms of security, BoLD also faces a serious issue of extremely high capital thresholds.
This scheme requires any challenger wishing to participate in disputes to pay 3,600 ETH as collateral; however, such a high amount far exceeds the affordability of most ordinary users, making the execution of fraud proofs ultimately reliant on a few well-funded participants. Although this design enhances the system's security, it severely undermines decentralization, limiting the practical usability of the BoLD scheme.
3. Cartesi's early PRT (Permissionless Refereed Tournaments) mechanism
Cartesi's early PRT mechanism attempted to address the issue of high capital thresholds. The core innovation of PRT lies in using computational hashing for verification, where validators submit not just the final state of transactions but the hash of the entire computational process, thereby ensuring the transparency of fraud proofs.
Additionally, PRT further adopted a recursive dispute mechanism to reduce computational overhead by gradually narrowing the scope of disputes. While this approach lowered the collateral threshold to 1 ETH for participation in challenges, enhancing decentralization, PRT also faces a challenge of excessively long dispute times.
Due to recursive dispute processes requiring multiple rounds of computation for confirmation, the time for final resolution may extend to 20 weeks or even longer. This extremely long challenge time limits the practical applicability of PRT, making it unable to meet the liquidity and activity demands of the Rollup ecosystem.
4. Kroma ZK Fault Proof
Kroma employs Kroma ZK Fault Proof as its fraud proof mechanism and attempts to improve the efficiency and security of fraud proofs through zero-knowledge proofs. In its scheme, a one-on-one challenge mechanism is adopted, meaning that each time a fraud proof dispute occurs, there will be a direct confrontation between the attacker and the validator, rather than employing parallel challenges or all-challenger approaches. The advantage of this mode lies in its ability to significantly shorten the time required for each round of challenges, as ZK proofs can be efficiently computed off-chain and only require small-scale verification on-chain.
However, this approach is still in its early stages and faces some key challenges. We see that the main issue with the current Kroma ZK Fault Proof is its relatively weak defense against Sybil attacks. Due to the high computational complexity of ZK proofs, attackers can exploit a large number of Sybil accounts to create resource exhaustion attacks, forcing honest validators to bear high computational costs. Additionally, although ZK proofs can improve the credibility of fraud proofs, they still require further optimization to ensure efficient operation in high concurrency challenge environments. More importantly, the generation of ZK proofs depends on specific computational resources, and currently, Kroma has not fully resolved the issue of decentralized verification, thus there remains some uncertainty in operating in a truly permissionless environment.
5. Cartesi's Dave (Decentralized and Verified Execution)
Based on the above schemes, Cartesi launched the Dave fraud proof mechanism in 2024, deeply optimizing for Sybil attacks, resource exhaustion attacks, and delay attacks.
Dave inherits the computational hashing mechanism of PRT while employing a Tournament-based Dispute System, enforcing malicious challengers to compete against each other during disputes instead of directly confronting honest validators. This mechanism significantly reduces the computational burden on honest validators, allowing them to maintain competitiveness with lower resource costs.
Dave also further introduced the Hitpoint (HP) mechanism, where each disputant starts with 21 HP, losing 1 HP for each failed challenge or timeout. When HP reaches zero, the disputant is automatically eliminated, ensuring that even if attackers create a large number of Sybil accounts, they cannot indefinitely delay the dispute process.
Compared to BoLD's high collateral requirement of 3,600 ETH, Dave only requires 3 ETH, significantly lowering the entry barrier and allowing ordinary users to participate in the fraud proof process. Additionally, Dave shortens dispute time to 2-5 weeks through a more optimized matching mechanism, effectively resolving the lengthy dispute times of PRT.
Image source: @GCdePaula shared a new post about Dave's fraud proof algorithm on Ethresearch.
So overall, the current mainstream fraud proof mechanisms each have their advantages and disadvantages.
Optimism's OPFP mechanism, while capable of parallel challenges, is susceptible to delay attacks and Sybil attacks.
Arbitrum's BoLD scheme enhances security through strict time limits and historical commitments, but the high collateral requirements reduce the degree of decentralization.
Cartesi's PRT scheme performs well in reducing collateral thresholds, but the excessively long challenge times result in poor liquidity.
Kroma ZK Fault Proof uses zero-knowledge proofs to improve verification efficiency, but still requires improvements in decentralization and resistance to Sybil attacks.
As the latest optimized fraud proof solution, Dave minimizes the capital threshold and dispute time while ensuring security, enhancing its ability to combat Sybil attacks through tournament-style matching and the Hitpoint mechanism.
Detailed explanation of the core design of Dave's fraud proof algorithm
Focusing on Cartesi's Dave solution, which aims to address three major pain points of existing fraud proof schemes: security, decentralization, and activity, ensuring that the system can still operate stably even when facing malicious attackers or even nation-state adversaries, while allowing anyone to participate in the verification process at a low cost.
Security
Security is the primary goal of Dave's design. In traditional fraud proof systems, if attackers control enough computational resources or funds, they could exploit resource exhaustion attacks to render honest validators powerless, or even manipulate the entire fraud proof process. In the Dave scheme, attackers' Sybil accounts are forced to compete with each other, meaning that even if attackers invest large amounts of capital, they cannot ensure victory. Additionally, the computational hashing mechanism used by Dave ensures that all challenges must be based on complete execution history, preventing attackers from bypassing the verification process with false data. Ultimately, even when facing nation-state attackers, an individual honest validator can still successfully challenge improper transactions, ensuring the security of the system.
Decentralization
Decentralization is a key factor in whether fraud proof mechanisms can be widely adopted. For example, Arbitrum's BoLD requires 3,600 ETH as collateral, making it difficult for ordinary users to become challengers, while Dave lowers the collateral requirement (only 3 ETH), ensuring that anyone can participate in the fraud proof process. Meanwhile, the total cost of the entire dispute process is about 7 ETH, but as all honest validators' fees are compensated at the end of the dispute, their actual costs are nearly zero.
Furthermore, the tournament-style matching mechanism employed by Dave allows multiple challengers to operate independently without relying on centralized organizational coordination, thus maintaining the decentralized nature of the system.
In a new post about Dave's fraud proof algorithm shared by @GCdePaula on Ethresearch, it shows how many honest actors are needed to ensure the proper operation of the system under different architectural designs. In the above graph, from the lower left '1 of 1' (centralized) to the upper right 'N of N' (fully decentralized), the trust requirements of different fraud proof mechanisms vary.
BoLD (Arbitrum) has a low degree of decentralization due to high collateral requirements, allowing only a few validators to participate, situated in the N/2 of N (small-scale N) area.
PRT (Cartesi) allows for more participation, but due to excessively long challenge times, its practical feasibility is limited, placing it in the Middle Zone.
Dave (Cartesi) optimizes through tournament-style matching and the Hitpoint mechanism, ensuring that even with only '1 of N' level honest validators participating, system security can still be guaranteed while significantly reducing the impact of Sybil attacks.
Thus, the graph clearly and intuitively illustrates the advantages of the Dave scheme in the direction of decentralization.
Activity
Finally, activity addresses the issue of excessively long dispute times in fraud proof mechanisms. In some early fraud proof schemes, dispute times could extend up to 20 weeks, severely affecting the liquidity of users' funds. In the Dave scheme, the maximum duration of a single challenge is only 8 hours, and the entire dispute process can typically be completed within 2-5 weeks. This means that even if attackers attempt to disrupt the system through delay strategies, they cannot effectively prevent the smooth progress of fraud proofs.
How to achieve the above advantages?
In fact, the core innovations of Dave mainly lie in the computational hashing mechanism, tournament-style challenge mechanism, and Hitpoint counting mechanism, with each part optimized for the pain points of current fraud proof systems.
Computational hashing
Traditional fraud proof systems typically only verify the final state of transactions without caring about the specific path of execution, which provides attackers with opportunities to manipulate data. Dave, through the computational hashing mechanism, ensures that all challenges must be based on complete execution history, preventing attackers from creating false disputes.
This mechanism primarily ensures that each computational hash stores the entire execution path's Merkle tree and uses historical commitments to ensure that all disputes can be traced back to the original computation results. Therefore, all challengers must submit the complete computational path when initiating a dispute, not just the final state, effectively preventing attackers from fabricating data or tampering with historical states during the challenge process.
Tournament-style challenge mechanism
In most fraud proof systems, honest validators must directly confront all false disputes submitted by attackers, which can quickly deplete their computational resources. In contrast, Dave employs a tournament-style challenge mechanism that forces attackers' Sybil accounts to compete against each other, greatly reducing the computational pressure on honest validators.
This mechanism is similar to a knockout tournament:
When multiple challengers submit different transaction states, Dave will group them for matching and allow each challenger to confront through bisection and computational hashing.
The above illustration effectively shows how Dave's fraud proof mechanism gradually eliminates malicious Sybil accounts over multiple rounds, ultimately leaving only honest validators (Heroes). In each round, Sybil accounts are forced to match and compete with each other, with the losing accounts gradually eliminated.
Round 0-2: Sybil accounts (different colored blocks) begin to compete with each other, and the losers are downgraded.
Round 3-5: As the rounds progress, more and more Sybil accounts are eliminated, ultimately leaving only honest validators as the winners.
Hitpoint mechanism ensures that malicious challengers cannot persist through delay attacks; each challenger’s HP gradually decreases until they are completely removed.
This also requires attackers to expend exponentially increasing resources to maintain Sybil accounts, while the computational consumption and gas fees for honest validators are relatively low, significantly enhancing the security and activity of fraud proofs.
Attackers' Sybil accounts will be gradually eliminated during the challenge process, while honest validators only need to contend with the strongest competitors instead of facing all false challenges simultaneously, reducing computational overhead and allowing the system to identify the final correct transaction state more quickly.
Additionally, it is worth mentioning that Dave optimized the challenge time; compared to the PRT scheme, where each round of challenges could take up to 1 week, Dave set a maximum challenge duration of 8 hours, ensuring that the entire process can proceed more efficiently. The delay strategy optimization means that even if attackers attempt to stall the challenge time, they cannot indefinitely hinder the resolution of disputes.
Hitpoint counting mechanism
Dave introduced the Hitpoint (HP) counting mechanism, which assigns each disputant an initial 21 HP. Each time a challenge fails or times out, they lose 1 HP. When a disputant's HP reaches zero, they are automatically eliminated and can no longer initiate challenges.
Since each challenger can fail a maximum of 21 times, even if attackers create a large number of Sybil accounts, they cannot indefinitely delay the fraud proof process. Additionally, honest validators are unlikely to encounter 21 failures, ensuring they will not be eliminated due to HP reaching zero, allowing them to consistently win in the final challenges.
This mechanism effectively prevents attackers from continually delaying challenge time through Sybil accounts and further enhances the efficiency and attack resistance of fraud proofs.
Computational models and experimental validation: Dave's challenge time grows logarithmically.
To validate the practical performance of Dave's fraud proof algorithm, the research team constructed a rigorous mathematical model and evaluated its performance in terms of challenge time, computational costs, and resistance against Sybil attacks through simulation experiments. Experimental results indicate that Dave outperforms existing fraud proof schemes across several key metrics and maintains efficient dispute resolution capabilities even in the face of large-scale Sybil attacks.
Logarithmic growth of challenge time
In fraud proof mechanisms, challenge time is a key factor affecting user experience and capital liquidity. Dave, based on the tournament-style challenge mechanism and Hitpoint (HP) counting mechanism, ensures disputes can be resolved in the shortest time possible. Studies show that Dave's challenge time grows logarithmically, meaning that as the number of Sybil accounts increases, the growth rate of challenge time is much lower than a linear growth model.
In an experiment simulating different scales of Sybil attack scenarios, the dispute time of Dave was compared with other fraud proof schemes. When facing 10,000 Sybil accounts, Dave only needed 35.25 days to complete the entire challenge process, while other schemes (such as PRT) might take several months to resolve disputes of the same scale. This significant time advantage is primarily due to the tournament matching mechanism employed by Dave, which forces Sybil accounts to compete against each other, thus reducing the computational burden on honest validators.
Additionally, Dave adopted an optimization strategy of G=4 (4 participants matched per round), allowing for a faster elimination of Sybil accounts in each round, further increasing the speed of dispute resolution while ensuring that computational costs remain within reasonable limits. This grouping matching strategy not only effectively accelerates dispute resolution but also reduces the computational burden on each participant, making the fraud proof mechanism more scalable.
Experimental results show that compared to mainstream fraud proof mechanisms, Dave performs excellently across multiple key metrics.
Compared to BoLD, Dave offers similar security with a much lower collateral requirement (only 3 ETH, compared to the 3,600 ETH needed for BoLD), making the fraud proof mechanism more decentralized while maintaining efficient challenge handling capabilities.
Compared to PRT, Dave reduced dispute time by more than 50%, and through tournament matching and HP counting mechanisms, effectively enhanced resistance against Sybil attacks, ensuring that even in the face of large-scale Sybil account attacks, disputes can be resolved quickly.
In summary, Dave's computational model and experimental validation further prove its leading position in the fraud proof field. Compared to traditional fraud proof schemes, Dave ensures security while achieving the best balance between decentralization and activity, making it one of the most competitive fraud proof mechanisms.
Supporting trustworthy AI
Based on advantages in economic efficiency, computational efficiency, and degree of decentralization, Cartesi's Dave fraud proof mechanism not only optimizes the Rollup ecosystem but also opens new possibilities for decentralized AI computing. The core goal of fraud proof is to verify the correctness of computations, a capability that is equally applicable in the field of AI computing, especially in environments that require transparency and verifiability.
Traditional AI computing mainly relies on centralized servers, where users can typically only trust AI outputs without being able to verify the reasoning process's authenticity and reliability. This model leads to transparency issues and confines AI computing to the single point of failure and censorship risks of centralized infrastructures. Cartesi provides a trustless AI computing framework through computational hashing and verifiable computation schemes, allowing AI computation processes to be executed on-chain or in verifiable environments, ensuring transparency and trustworthiness of computational results.
In fact, this mechanism is fundamentally consistent with the principles of fraud proof: if the computation results are questioned, their correctness can be verified through the fraud proof mechanism to prevent AI computation results from being falsified. At the same time, Cartesi allows smart contracts to directly execute AI computations, ensuring complete transparency and verifiability. Cartesi's RISC-V virtual machine further enhances this capability, enabling developers to seamlessly run AI libraries like TensorFlow, PyTorch, and Llama.cpp in decentralized environments, breaking the traditional limitations of blockchain in AI computing.
A typical case is ThinkChain, which utilizes Cartesi's technology to execute LLMs (such as DeepSeek-R1, DeepScaleR, Qwen2.5, and SmolLM2) on-chain, allowing smart contracts to directly construct prompts and parse replies without relying on centralized servers. This means that in the future, fraud proofs can not only be used to verify the correctness of Rollup states but also to verify the credibility of AI inference results, achieving truly decentralized AI computing.
Additionally, it is worth mentioning that during the recent Cartesi x EigenLayer Experimental Week, the core engineering team at Cartesi successfully built a prototype system that allows smart contracts to execute verifiable large language model inference. As a result, Cartesi became the first project in the crypto space to successfully implement DeepSeek fully on-chain. This prototype system also supports the operation of other open-source LLMs such as Qwen and Smol, further demonstrating Cartesi's potential in decentralized AI computing.
Reasoning in Cartesi's verifiable environment eliminates centralized intermediaries, enhancing security while ensuring the integrity of AI outputs and a completely trustless execution method. To date, Cartesi remains the only technology stack supporting fully on-chain, trustless LLM reasoning, with DeepSeek serving as a leading case that further validates the enormous potential of Cartesi's technical solution in decentralized AI computing.
About Cartesi
Cartesi is a powerful modular blockchain protocol that provides developers with a complete Linux environment and high-performance Rollup technology, aimed at supporting the next generation of decentralized applications. By integrating Linux, the Cartesi Virtual Machine enables developers to utilize programming languages, tools, and code libraries that have been tested in real-world scenarios over decades to build dApps. Cartesi provides each dApp with an independent Rollup layer and dedicated computational resources, significantly enhancing computational scalability while ensuring decentralization, security, and resistance to censorship remain unaffected.
