A shared confirmation layer that orders roll-up transactions in seconds, proves it on Ethereum, and can even store the data for cheap.
Roll-ups rely on a single sequencer today; if that server mis-orders or double-publishes blocks, bridges and dApps can lose funds. Espresso swaps that single point of failure for a staked, decentralised network that locks the order in seconds.
With a central sequencer you trust one machine. With Espresso you trust a super-majority of 100+ validators - all staked and slashable - so censorship and equivocation are far harder.
A sequencer’s promise isn’t final; it can still reorder before posting to L1. Espresso replaces that “soft” promise with a HotShot quorum certificate that’s checkpointed on Ethereum, making reversals economically crazy.
HotShot needs only a couple of network round-trips to finalise a block, so confirmations land in roughly 2-3 seconds under good network conditions.
A shared confirmation layer that orders roll-up transactions in seconds, proves it on Ethereum, and can even store the data for cheap.
Bitcoin/Ethereum PoW give probabilistic finality after many blocks; HotShot gives deterministic finality once ≥ ⅔ stake sign, no extra waiting.
HotShot borrows HotStuff’s safety but reduces message spam: validators send votes to one leader, leader aggregates, broadcasts once-so it scales linearly with node count.
Every HotShot block hash + signatures is stored in a light-client contract on Ethereum, so anyone can verify ordering without trusting Espresso nodes.
Finality is worthless if the raw tx data disappears. Espresso only finalises a block after proving its data is retrievable (see EspressoDA).
(a) confirmations-only, (b) + EspressoDA, (c) full shared sequencer. Chains can start light and “upgrade” later.
User → roll-up → Espresso mempool → HotShot finalises → block hash to Ethereum → roll-up executes with reference → done.
A QC is HotShot’s receipt: a block hash signed by ≥ ⅔ of stake. Show this to any contract or bridge and it can trust the block.
HotShot relays each QC to the contract; the contract checks sigs, stores the hash, and emits an event other chains can read.
Without: wait 15 min for Ethereum inclusion. With: wait ~3 s for HotShot QC; bridges can act immediately.
It plugs between HotShot and full nodes: guarantees data is available before HotShot signs.
A single HotShot block can hold txs from many roll-ups, so cross-chain ops can confirm atomically.
With Espresso, liquidity providers no longer park capital for 15 min; they release once a QC appears, cutting risk and wait.
Each round one validator proposes; if it’s offline, next in line takes over, so the chain keeps moving.
When the network is healthy, HotShot finalises as fast as messages travel-no fixed block time needed.
If more than one-third of stake cheats, HotShot stalls or forks-but those validators are slashable on Ethereum.
Signing two conflicting QCs can be proven on-chain and burns the offender’s stake-deterring attacks.
Voters talk to leader (n messages), leader to everyone (n messages) = 2n total, instead of n² in old BFTs.
Like HotStuff, HotShot is pipelined and quorum-cert based; unlike Tendermint it has no gossip flood, so scales to hundreds of validators.
Blocks are split into erasure-coded chunks; if enough chunks exist, anyone can reconstruct the block-so data can’t be secretly withheld.
A handful of nodes store full blocks for instant retrieval; if they fail, the network still reconstructs from VID chunks.
Extra servers just speed up delivery; they aren’t trusted for correctness-drop them and safety’s unchanged, only slower.
Collect a threshold of pieces, run erasure-code math, full block pops out-no single node needed.
EspressoDA lets roll-ups avoid expensive calldata; only a compact commitment hits L1, slashing fees.
Espresso’s confirmation layer can still point to external DA if a roll-up prefers-modular by design.
Keep your sequencer; just pipe batches to Espresso for a QC, then bridges can trust that QC.
Swap the solo sequencer for HotShot leaders; now no single operator can censor.
ZK proofs check execution; Espresso QCs lock ordering, so you get both verifiability and speed.
Store data off-chain in EspressoDA, keep validity proofs on L1-cheap yet secure.
Since HotShot finalises multiple chains together, a swap on Roll-up A and Roll-up B can be confirmed in the same block-no race risk.
100 validators pushed ≈ 5 MB/s with CDN assist-thousands of simple tx per second.
First production network runs ~100 validators + light-client contracts on Ethereum & Arbitrum.
Espresso intends to let Ethereum validators restake their ETH to secure HotShot, merging security pools.
To roll back a QC you must control > ⅓ stake and accept a slash-economically irrational for large stake.
HotShot halts (no new blocks) but safety holds; chains fall back to posting directly to L1 until quorum returns.
HotShot’s ⅔ threshold mirrors Ethereum’s-so a HotShot QC is almost as hard to reverse as Ethereum finality, but arrives ~10× faster.
No single party can withhold or front-run; builders can compete under clear rules, improving fairness.
Espresso + Arbitrum are testing time-based commit-reveal to cut MEV further-stay tuned.
Minimum spec ≈ 4 vCPU, 16 GB RAM; run docker image, point to stake table & fee token contract, you’re in Mainnet 0.
Node exposes Prometheus metrics; Grafana dashboards ship with the repo for latency, QC rate, DA bandwidth.
Your L1 contract imports the light-client ABI; verifySignature(QC) then ensure tx batch root is in that block’s Merkle tree.
Use the Sequencer API /submit endpoint; poll /availability/block/<height> until finalized=true.
Read block headers from the availability API, cross-link to roll-up IDs, show QC sig set for each block.
Watch chunk-serve latency; if committee nodes lag > threshold, fall back to peer retrieval and page ops.
Next releases will open stake deposits so anyone can join-goal is thousands of validators.
HotShot’s linear messaging + CDN layer aim to keep latency < 5 s even at 1k validators.
Future work explores encrypt-then-order (threshold encryption) so mempool contents stay private until QCd.
Shared ordering lets contracts on two roll-ups act on the same QC without a bridge-early research stage.
Upgrade keys can rotate HotShot parameters; fork-recovery instructions live in the docs appendix.
Light-client contract is generic-other base layers can verify QCs the same way Ethereum does.
Restaked ETH could secure Espresso; EigenLayer delegates handle both duties, unifying economic security across layers.
For more detailed technical information and implementation guides, see the official Espresso documentation.