Arbitrum: Scalable, Private Smart Contracts
Overview
We present Arbitrum, a cryptocurrency system that supports smart contracts without the limitations of scalability and privacy of systems previous systems such as Ethereum. Arbitrum, like Ethereum, allows parties to create smart contracts by using code to specify the behavior of a virtual machine (VM) that implements the contract's functionality. Arbitrum uses mechanism design to incentivize parties to agree off-chain on what a VM would do, so that the Arbitrum miners need only verify digital signatures to confirm that parties have agreed on a VM's behavior. In the event that the parties cannot reach unanimous agreement off-chain, Arbitrum still allows honest parties to advance the VM state on-chain. If a party tries to lie about a VM's behavior, the verifier (or miners) will identify and penalize the dishonest party by using a highly-efficient challenge-based protocol that exploits features of the Arbitrum virtual machine architecture. Moving the verification of VMs' behavior off-chain in this way provides dramatic improvements in scalability and privacy. We describe Arbitrum's protocol and virtual machine architecture, and we present a working prototype implementation.
Published at the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, 2018.
Protocol Design
Arbitrum's protocol is built on the concept of a virtual machine (VM) that runs off-chain. Parties involved in a contract create and manage VMs that execute the contract's logic. The protocol ensures correct execution through a combination of unanimous agreement and on-chain dispute resolution.
The key insight is that if all parties agree on the VM's behavior, only a hash of the agreed state needs to be posted on-chain. This dramatically reduces the on-chain footprint compared to systems like Ethereum, where every computation must be verified by all miners.
When parties disagree, Arbitrum uses a bisection protocol that efficiently identifies the exact point of disagreement, requiring only logarithmic on-chain work relative to the computation size.
Consensus and Security
Arbitrum's security model relies on the assumption that at least one honest party is participating in each VM. An honest party can always force correct execution of the VM, even if all other parties are dishonest. This is achieved through the challenge-based verification protocol.
The challenge protocol works by having a disputing party identify a single step in the VM's execution where they disagree. The verifier (on-chain contract) then executes only that single step to determine which party is correct. The dishonest party's deposit is forfeited as a penalty.
This approach provides the same security guarantees as on-chain execution while requiring dramatically less on-chain computation.
Network Operation
Arbitrum VMs operate with designated managers who are responsible for advancing the VM's state. Managers post assertions about the VM's behavior, and other managers can challenge incorrect assertions.
The system uses a time-based challenge window during which assertions can be disputed. After the challenge window closes without a successful challenge, the assertion is considered final.
Arbitrum supports multiple concurrent VMs, each operating independently. This allows the system to scale horizontally, with each VM processing its own transactions without affecting the performance of other VMs.
Economics and Governance
Arbitrum uses economic incentives to ensure honest behavior. Parties who wish to participate in a VM must post a stake (deposit). If a party makes a dishonest assertion and is caught through the challenge protocol, their stake is forfeited.
The cost of challenging is designed to be much less than the cost of making a dishonest assertion, ensuring that honest parties are always willing to challenge dishonest behavior. This economic design means that rational actors will always behave honestly, as the expected cost of dishonesty exceeds any potential gain.
Implementation Notes
The Arbitrum team developed a working prototype implementation demonstrating the feasibility of the system. The prototype includes a compiler that takes Solidity smart contracts and compiles them to run on the Arbitrum VM.
The Arbitrum virtual machine architecture is designed to support efficient bisection during challenges. Instructions are structured so that the state of the VM can be fully captured in a hash at each step, enabling the challenge protocol to identify disagreements with minimal on-chain work.
The full paper is available at: https://www.usenix.org/conference/usenixsecurity18/presentation/kalodner
Related Stories
Layer 2 Scaling: Rollups, Sidechains, and State Channels Demystified
Understanding how Arbitrum, Optimism, and other L2s process transactions off-chain while inheriting Ethereum's security…
Impact & LegacyThe Layer 2 Revolution: How Rollups Made Ethereum Affordable Again
From $50 gas fees to sub-cent transactions: how Arbitrum, Optimism, and the rollup-centric roadmap transformed Ethereum…
ComparisonArbitrum vs Optimism: Comparing Ethereum's Leading Layer 2 Rollups
Both use optimistic rollups, but their fraud proof systems, governance models, and ecosystem strategies differ signific…
Frequently Asked Questions
- What is the Arbitrum whitepaper?
- The Arbitrum whitepaper, titled 'Arbitrum: Scalable, Private Smart Contracts,' describes an optimistic rollup protocol for Ethereum scaling. Published as a USENIX Security paper in 2018, it introduces interactive fraud proofs for off-chain computation verification.
- Who wrote the Arbitrum whitepaper and when?
- The Arbitrum whitepaper was authored by Harry Kalodner, Steven Goldfeder, and others at Princeton University. Published in 2018, the technology was commercialized by Offchain Labs, co-founded by Ed Felten (former White House Deputy CTO).
- What is Arbitrum's core technical innovation?
- Arbitrum's core innovation is its interactive fraud proof system — disputes are resolved through a multi-round bisection protocol that narrows down to a single instruction, making it extremely gas-efficient to verify on Ethereum L1.
- How does Arbitrum's rollup mechanism work?
- Arbitrum batches transactions off-chain and posts compressed data to Ethereum L1. A sequencer orders transactions and publishes state commitments. Anyone can challenge incorrect state roots by initiating a fraud proof during a ~7-day challenge period.
- How does Arbitrum differ from Optimism?
- Arbitrum uses interactive fraud proofs (multi-round bisection), while Optimism uses non-interactive fraud proofs (single-step re-execution). Arbitrum has its own AVM/WASM execution environment, while Optimism uses a modified EVM (the OP Stack).
- What is ARB's supply model?
- ARB has a total supply of 10 billion tokens, with 2% annual inflation cap for DAO governance. Distribution includes 42.78% to the DAO treasury, 26.94% to investors, 17.53% to the team, and 12.75% via the initial airdrop.
- What are Arbitrum's primary use cases?
- Arbitrum is the largest Ethereum L2 by TVL, hosting major DeFi protocols (GMX, Camelot, Radiant), NFT projects, and gaming. Arbitrum Orbit enables projects to launch L3 chains using Arbitrum's technology stack.
- What problem does Arbitrum solve?
- Arbitrum solves Ethereum's high gas costs and limited throughput by executing transactions off-chain while inheriting Ethereum's security. Users get 10-100x lower fees with the same smart contract compatibility.
- How does Arbitrum's security model work?
- Arbitrum's security inherits from Ethereum L1 — transaction data is posted to Ethereum, and any single honest validator can challenge incorrect state roots. The 7-day challenge period ensures sufficient time for fraud detection.
- What is the current state of the Arbitrum ecosystem?
- Arbitrum is the leading Ethereum L2 by total value locked. Arbitrum One (rollup), Arbitrum Nova (AnyTrust for gaming/social), Stylus (WASM smart contracts), and Orbit (L3 framework) form a comprehensive scaling stack. The ArbitrumDAO governs protocol development.