[Disclaimer: This is a dual proposal to "Perun". "Perun" and "Erdstall" are two different scaling solutions developed by the PolyCrypt team. As we have limited resources, we would prioritize one project over the other depending on the interest from the community.]

Erdstall is the implementation of CommiTEE, the novel light-weight, efficient and secure commit-chain protocol invented at TU Darmstadt’s Chair of Applied Cryptography. It is an improvement over conventional Plasma and ZK roll-up schemes in terms of on-chain interactions needed and communication complexity. Leveraging the security and performance of TEEs such as Intel SGX and ARM TrustZone, we can achieve instant transactions and the security guarantees and trustworthiness of a ZK roll-up without the need for any of the costly on-chain checkpoints or computationally expensive ZK proof generation. Its design is extremely streamlined and allows us to scale well into the thousands of transactions per second and maybe even beyond. Because we need no on-chain checkpoints to be secure, we could run as many Erdstall instances as we want without congesting the blockchain whatsoever.

CommiTEE relies on remotely attestable execution, a feature of TEE CPUs, where the CPU’s trusted platform module (TPM) can generate an unforgeable proof that it is currently running an unmodified version of a specified executable in a secure, sandboxed environment. With this proof, the execution is trustworthy even in the event that an attacker could gain full access to the machine. This attestable execution is more efficient and powerful than ordinary zero knowledge proofs, as it has additional guarantees about secrecy. TEEs behave like a smart contract in the way that they can be trusted to correctly execute their program code.

Erdstall has been in development since late 2020, and started out as a project in the ETHOnline 2020 hackathon, where it was a winning entry. Since then, we have come a long way, refining it and figuring out where to go with it. We are already deployed on Ethereum’s Goerli test network, where we have built a sample off-chain NFT marketplace using Erdstall. Currently, Erdstall is not yet mainnet-ready, as some important milestones are still missing, for example, we are still working on integrating an Ethereum light client into a TEE for remote-attestable block verification.

From a technical perspective, Erdstall offers the following properties:

• Regular off-chain checkpoints: in periodic intervals, the Erdstall TEE publishes checkpoints containing balance vouchers that can be redeemed on-chain to exit the system. As an advantage of the TEE technology, the checkpoints don’t need to be posted on-chain and still stay just as reliable. This reduces the costs of operations as well as lessens the burden on the main chain. Even if the Erdstall platform were to be destroyed completely, the last issued checkpoint will still be redeemable for everyone.
• Instant transaction visibility and confirmation: transactions are processed as soon as they are received by the operator, and a public receipt is issued, proving its execution and the new balances of all affected accounts to everyone who cares to listen for it. The whole process from issuing a transaction to receiving a receipt takes only a few milliseconds. After the receipt is issued, the transaction cannot be reverted by Erdstall any more. Unless a permanent Erdstall outage occurs, when receiving a receipt, for all intents and purposes, the transaction can already be considered final even before the next checkpoint. If the user does not trust that the next checkpoint will ever be reached, he can only consider transactions final once the next checkpoint is actually reached.
• High throughput: even our current implementation already achieves a workload of over 1500 transactions per second. In the future, we will still be able to improve on this quite a bit with various techniques.
• Low transaction fees: since Erdstall is energy-efficient, and does not require a compute cluster and does not involve mining, we can offer very low transaction fees. The fee system is still being planned out, and currently, we are still fee-less. However, this is subject to change.
• Non-custodial funds, trustworthy, hack-proof: the users’ funds are never in our hands, they are directly kept in a smart contract and controlled by our TEE. A TEE computer is forced to run an unmodified version of a specific program, and even if we wanted, we would be unable to make the TEE deviate from the protocol. This way, users don’t have to trust our integrity at all. Everyone can verify that we are running the correct software and that we are unable to interfere with it. Even if all our systems were hacked, funds could not possibly be stolen.
• Agile and extendable: Erdstall is not set in stone. We have written it in a way that allows us to make changes or bring new features into it frequently. We can adapt Erdstall to better fulfill the community’s needs at any time. In the future, Erdstall will target multiple blockchains, creating a high-performance multi-chain token bridge.

We currently offer a simple set of powerful features:

• Off-chain NFT minting: NFTs minted on Erdstall only have to be minted on-chain if they are ever withdrawn into L1. Artists can mint and sell their NFTs on Erdstall without any upfront cost, the L1 minting cost is deferred to the person withdrawing it.
• Multi-asset transfers: transactions can contain multiple currencies at once, allowing for bulk asset transfers within a single transaction.
• Atomic multi-asset trades: we built a trading transaction right into the core of Erdstall. It allows users to atomically exchange two baskets, each possibly containing multiple currencies at once, and the transaction can also contain an optional matchmaker fee. This way, we have created a simple, yet powerful mechanism that allows markets to directly execute their trades securely on Erdstall.
• Token burning: We natively support the burning of tokens.
• (In progress) NFT Proof of Ownership (PO): we are working on integrating a proof of ownership oracle for NFTs into Erdstall, which allows users to prove to services that they currently own a specific token. POs can be verified offline, without a need for a blockchain or Erdstall connection. They can be used to implement access control to physical and virtual resources and services associated with an NFT.

We can easily introduce new transaction types if demand for specific use cases pops up. We know that our current transaction throughput might not suffice in the future, so we are already keeping possible L3 architectures in mind when building Erdstall, resulting in an extendable architecture.

Erdstall’s purpose: Erdstall is still evolving, but it is heading towards a clear vision. We do not want to merely be another generic L2 side-chain. Similar to Cardano, we have learned from the short-comings of generic computation L1s. This is why we offer only the financial primitives needed to execute transactions safely and securely, and all additional logic has to happen “off-Erdstall” on L3. By offloading all user logic, we can achieve maximum performance, as only the actual asset transfers are processed in Erdstall. We want to be an easy-to-develop-on financial platform that satisfies real-world requirements, such as ease of use and integration, performance, security, and robustness. We want to make cryptocurrencies accessible and viable for the traditional economy sectors, and for that, we want to provide a great platform for cryptocurrency service providers, such as exchanges, crowdfunding platforms, and more, to build their products on. Hence, we focus on developer and user experience and offering primitives that allow building the most important kinds of services. We use state-of-the-art technology to provide a performant, secure, and trust-less asset backend that marketplaces can build their business logic on, and guarantee trust even to users who might not trust the marketplace operators. Erdstall brings back the focus on transacting with currencies and assets, away from generic computation on the blockchain, because a narrower mission statement allows us to achieve more excellence by focusing our efforts. Future financial services should not have to be bound to a single blockchain or cryptocurrency, so we will make Erdstall into a great base layer for future projects to build on, and hope to integrate many L1 chains into Erdstall. In the future, we’re also thinking of building an L3 framework for generic off-Erdstall smart contracts, but much of the research on this still has to be done. As a lean and explicitly L3-oriented L2 platform, we will be future-proof and will not get bogged down by any bloated features that would come back to haunt us years later, at which point we won't be able to change them easily any more.

Besides its raw performance, low fees and instant transactions, and the ability to securely scale every-day asset transfers, we specifically offer the features that non-custodial DeFi marketplaces, NFT platforms and blockchain games need most: general NFT and fungible asset management (native support for off-chain NFT minting), atomic multi-asset transfers, and atomic multi-asset swaps with optional matchmaker fees going to the marketplace operators.

With Erdstall, we want to transform the DeFi ecosystem: we want to offer the throughput and latency of centralized marketplaces, but with the security of decentralized (non-custodial) marketplaces. By providing the primitives marketplaces need to perform trades directly and securely on Erdstall, we eliminate the need for marketplace deposits, keeping our users’ funds safe at every moment. Once funds are deposited in Erdstall, they can instantly be used on any marketplace or other service running on Erdstall. Competing marketplaces lead to low trading fees, encouraging high trading volumes and arbitrage, keeping prices accurate.

Moreover, Erdstall is also perfect for managing game FTs and NFTs: the instant, cheap minting, transferring, and burning of NFTs allows games to manage all their items and currencies on Erdstall. Decentralized game developers can even integrate third-party Erdstall exchanges directly into their games. Players can directly trade their in-game items on their favorite third-party marketplace, so game developers don’t have to reinvent the wheel.

We have not worked with Cardano yet, and we have not completely grasped the developer framework, and especially never built smart contracts under the eUTXO paradigm, so we do not know how complex the changes we need to make to our protocols and contract designs need to be. This is why we want to invest enough time in upfront research and planning development steps before starting to build Erdstall. That way, we avoid a lot of potential confusion and wasted work. We also seek to get in contact with experienced Cardano developers for guidance.

Please note that we will be unable to do a mainnet release as part of this grant, as it requires a lot of hardening, such as redundancy, fail-over operators, and a custom remotely attestable block verification component, which would require a lot of additional time and effort. Thus, the scope of this grant is only to create a working prototype on testnet, a client SDK, and a simple demonstrator so the community can start building off-chain Cardano applications and services using Erdstall already. However, we hope to do a follow-up grant that allows us to work on a mainnet release.

1. Preparation, protocol adaptation, and planning (2.5 months)
2. Familiarize ourselves with Cardano tooling and development environment, learn Plutus
3. Adapt Erdstall protocol to eUTXO
4. Plan out Erdstall smart contract development
5. Plan out Cardano adaptation for TS client SDK and our operator
6. Write Cardano backend for Erdstall operator (2.5 months)
7. Generalize asset management to also fit Cardano FTs/NFTs.
8. Generalize away Ethereum dependencies.
9. Listening for Cardano blocks in the operator, verifying them in the enclave.
10. Extracting and handling deposit and challenge/response events from blocks in the enclave.
11. Responding to challenge events in the operator.
12. Write and extensively test smart contracts (2 months): depending on our findings in the preparation stage, everything might be put into one contract or not.
13. Main contract that handles challenges/responses, withdrawals
14. Asset pool contract for different assets (L2-mintable vs. L1-native)
15. Extend client SDK to cardano, integrate with the smart contracts (2 months)
16. Deposits and withdrawals
17. Listening for challenges and responses, sending challenges
18. Integrate with some kind of Cardano browser wallet
19. Deploy and test integration on testnet (2 months): Here, we do a lot of testing to work out the final problems of the implementation and make sure we deliver a functioning prototype. During this phase, interested developers in the community can already start playing around with Erdstall and the client SDK, and will do our best to be of assistance to them.
20. Develop a minimal demonstrator (1 month): Depending on how much time is left by this point, we will make a more or less elaborate demonstrator. Ideally, this would be an Erdstall wallet as a browser plugin, but it might possibly only cover some of Erdstall’s features, or it might end up being something less complex than a wallet instead.

We estimate we will need 12 months when allocating 3-4 developers, 1 researcher, and 1 project manager. We expect to require $37,500 USD/month in salaries, resulting in overall costs of $450k USD.

The team includes the following members, which will potentially be assigned to the project.

Prof. Dr. Sebastian Faust (Head of research): Co-founder of PolyCrypt and co-inventor of the Perun Protocols. Head of research group for applied cryptography at TU Darmstadt, Germany. Numerous publications at renowned cryptography and computer security conferences such as CRYPTO, EUROCRYPT, S&P, CCS.

Hendrik Amler (Head of business and project management): Co-founder and CEO of PolyCrypt. Leads the business development. Will support the project management.

Dr. Matthias Geihs (Head of development): PhD in computer science with a focus on cryptography and computer security. Leads the development of the Perun Framework since the beginning of 2021. Proven track record of successfully leading projects for integrating Perun with Cosmos and Polkadot. Skilled in a variety of programming languages, research and project management.

Steffen Rattay (Core developer): Core developer of Erdstall and of the Perun Framework since its beginning in 2019. Skilled in a variety of programming languages including Go and Rust. Main developer of the upcoming Perun integration with the Dfinity Internet Computer network.

Norbert Dzikowski (Core developer): Core developer of Erdstall and of the Perun Framework since mid 2020. Experienced in a variety of programming languages including Go and Haskell.

Philipp-Florens Lehwalder (Core developer): Core developer of the Perun Framework since 2021. Experienced full stack developer and familiar with blockchain development.

Ruben Krüpper (Core developer): Core developer of Erdstall since 2021. Our most capable front-end developer, also capable in backend development. Has previous experience in the financial industry.

We will provide regular public updates on our progress, possibly on Twitter and/or a discord server, or a blog, and the progress can also be inspected in our SDK and Cardano operator repositories via issues and merge requests. We will also announce whenever we fulfill a milestone.

The project is complete when we have a functioning and tested prototype deployed on testnet, a published client SDK that can be used to build applications and services using Erdstall, and some sort of simple demonstrator that the community can try out.

This is a new project.