Committee Validation

The Scalability Challenge

When a block containing messages propagates across the network, every validator must verify it. Without optimization, this means:

• 1,000 validators × 10,000 messages = 10 million redundant verification operations per block

Obsidian solves this with per-message committee attestation — each message gets its own unique validator committee.

The Two-Stage Validation Model

Obsidian validates messages at two distinct points:

Stage 1: Edge Node Validation (Per-Message, On Arrival)

When a user submits a message via eth_sendMessageBlob:

User → RPC → Edge Node (Geth)
              ↓
         ┌─────────────────────────────┐
         │ FULL VALIDATION:            │
         │ • Signature verification    │
         │ • VDF proof verification    │
         │ • Size limits               │
         │ • Balance check (for bids)  │
         └─────────────────────────────┘
              ↓
         4-Second Aggregation Window
              ↓
         Message with Embedded Attestation

Every message is fully validated before entering any queue. Invalid messages are rejected immediately at the RPC layer.

Stage 2: Per-Message Committee Attestation

Each message gets a unique random committee of ~10% of validators:

Why Per-Message Committees?

4-Second Aggregation Window

The edge node waits 4 seconds after gossiping a message to collect attestations:

This window balances:

• Latency: 4s is short enough for responsive UX

• Coverage: Long enough for most committee members to respond

• Threshold: Need 67% (2/3) of committee for skip-verification

Committee Selection Algorithm

Each message gets a deterministically selected committee:

Key Properties:

• Different committee for every message (message_hash is unique)

• Unpredictable until message exists

• Same result computed by any node

• Uses current epoch's RANDAO mix

Committee Parameters

What Gets Signed

Committee members sign a simple hash:

This commits to:

• The exact message content (via message_hash)

• The Obsidian protocol (via domain separation)

2/3 Threshold Requirement

For the skip-verification optimization to activate, at least 67% (2/3) of the message's committee must sign:

This threshold ensures Byzantine fault tolerance — even if 1/3 of committee members are malicious, they cannot force acceptance of invalid messages.

Fail-Safe Behavior

The system defaults to full verification when:

No attestation = Verify everything. The optimization only activates when provably safe.

Performance Impact

For a network with 1,000 validators and 10,000 messages per block:

• Without attestation: 1,000 validators × 10,000 messages = 10,000,000 re-verifications

• With attestation: 100 committee × 10,000 messages (at edge) + 1,000 × 10,000 BLS checks ≈ 90% reduction in expensive operations

Security Properties

1. Byzantine Fault Tolerance: 2/3 threshold means 1/3 of committee can be malicious without affecting safety

2. Per-Message Isolation: Compromising one message's committee doesn't affect others

3. Unpredictable Selection: Attackers can't know committee until message exists

4. Cryptographic Binding: Attestations are cryptographically bound to specific message_hash

5. Domain Separation: Committee signatures use OBSIDIAN_MSG_COMMITTEE_ATT_V2 preventing cross-protocol attacks

Validator Duties

If you run a validator, you may be selected for committee duty on any message. When selected:

1. Your validator client subscribes to message gossip

2. For each message, check if you're in its committee (via deterministic selection)

3. If in committee: sign message_hash and publish attestation

4. The originating edge node collects and aggregates attestations

This happens automatically — no manual intervention required.

Per-message committee attestation allows validators to skip expensive sig/VDF re-verification while maintaining Byzantine fault tolerance. Each message is self-contained with its own embedded attestation.