Traditional financial institutions require both interacting clients to put trust into a third party and its accounting capabilities. The outsourcing of building a compliant asset exchange system simplified security management and integration efforts, while in exchange, a centralized entity keeps a private ledger holding records about each transaction ever processed within the institution and holds responsibility for its consistency and validity.

Unfortunately, there were plenty of historical occasions when such a trusted entity became a reason for financial data leakage or fraudulent activities either because of a coordinated attack against the institution or unintentional changes made by employees. Centralized solutions highly depend on political and social landscape which could endanger trusted assets in critical situations. Hence, the demand for decentralized solutions has been steadily rising for the past few decades.

The most widely adopted technology for decentralized asset exchange is a blockchain network. Comprised of thousands of participating peers, each responsible for validation and verification of data consistency, blockchain technology lays foundation for trustless and secure accounting of occurring transactions [ 1-2 ].

Nonetheless, the basic Consistency, Availability, and Partition Tolerance (CAP) theorem has its implication for building such networks [ 3 ]. It is of paramount importance for a finance system to provide consistency guarantees as a top priority. Hence, the decision comes down to a balance between availability and partition tolerance. Since the nature of a decentralized solution implies distribution, the tradeoffs were mainly centered around the availability, namely the throughput, transaction finality, and latencies associated with the addition of new records to the ledger.

Most modern consensus protocols in blockchain networks require an agreement by a majority of participants to either accept or deny a new block [ 1-2 ]. The majority could be represented by the held assets of validating nodes, customized trust rules, or a simple popular count. That creates a significant bottleneck in the throughput of transactions and their respective latencies.

Significant efforts have been put into research to improve the finalization speed and throughput, which are mostly centered around the second layer of blockchain systems [ 1-2 ]. This layer is built on top of the basic consensus protocol and usually provides an off-chain computational power for executing smart contracts and providing proof of their validity [ 4 ].

A prominent example of such an approach used in Ethereum is called rollups and helps to significantly reduce latencies and increase the throughput of the system [ 5 ]. In its essence, the side network provides the computation, while the main is responsible solely for keeping the records. While improving latencies and throughput, it only optimizes the network but does not solve the horizontal scaling problem.

The previously discussed extensions improve these conditions, but to allow horizontal scaling while keeping strong consistency guarantees, another approach is required using sharding as a core principle. Such a system is comprised of multiple subnetworks or autonomous networks interacting with each other through custom consensus or communication protocols [ 6-8 ].

As of now, Ethereum is one of the most popular networks utilizing such a principle. By leveraging a Beacon chain and a Proof of Validity mechanism, it allows the distribution of processing of transactions between multiple subnetworks [ 9-11 ]. shared security mechanism with validators pooling and rotation, where each validator is assigned to a particular subnetwork for a limited timeframe through a consensus process established on the Beacon chain.

Cosmos Network is another example of an attempt to build a large-scale multichain system and serves as a communication layer between external networks. In contrast to the Ethereum 2.0 solution, its main goal is to conjoin multiple independent networks rather than build an isolated multichain system [ 12 ], [ 13 ].

Lastly, Avalanche leverages subnetworking and multiple ledgers for division of responsibilities. C-Chain executes smart contracts, P-Chain manages the lifecycle of subnets, while X-Chain manages the native assets available on Avalanche. [ 14 ].

Sharding the state of a blockchain in a tree-like structure is an attempt to combine the scalability properties of the Cosmos network while locally improving security on par with the Ethereum network. The main purpose of such architecture is to divide traffic both by cohesion and responsibility zones. The rationale and comparison between existing solutions are provided in their own dedicated article [ 15 ].

The network is comprised of three main structures: the chain trunk, bough chains, and spring chains. Here, the chain trunk serves as a root of the network and is a gene-sis point of a multichain system, its governance, and its coordination. The trunk connects distant leaves and might become the primary bottleneck in distant communication [ 15 ].

Bough chains are the managing chains responsible for implementing the communication protocol among its subjected spring chains. A bough chain could potentially manage and validate another bough chain, enabling growth of the structure. Spring chains are the main computational units to be used by clients. While it is possible to execute a transaction on a bough chain, it would cost more and is incentivized against due to scalability considerations [ 15 ].

Figure 1 shows a diagram of the tree-based multichain system architecture:

Here we can clearly see a combination of properties from previously discussed multichain solutions. The tree-based invariant incorporates Proof of Validity similar to one used in Ethereum 2.0 for the bough chain and its child networks. It also promotes distant communication through parents or custom channels similar to Cosmos. The division between governance ledger and clientoriented load is separated akin to the Avalanche approach, resulting in an efficient sharding method.

The tree-based architecture also describes three primary communication modes between its subnetworks. The primary and most efficient is through the parent bough chain and a Proof of Validity mechanism. Secondary is a multi-hop transaction passing to non-distant relatives. Lastly, the architecture allows establishing custom communication bridges between distant chains to avoid congestions [ 15 ].

The purpose of the article is to improve the limitation tied to the trunk chain in the tree-based architecture. The overall goal is to develop an architecture based on Directed Acyclic Graphs (DAG) that aims to improve the scalability and security properties of the proposed model [ 16-17 ].

When constructing a multichain system model, evaluating its efficiency against existing solutions is crucial. Therefore, this paper discusses the comparison model as one of its key points. The model A directed graph is acyclic iff it admits a topological ranking [ 16-17 ].

A level function (topological ranking):

ℓ: → ℕ = {0,1,2, … }.

This function assigns an integer level to each node such that ( , ) ∈ ⇒ ℓ( ) < ℓ( ). Then, for each ∈ ℕ, define : = { ∈ : ℓ( ) = } as a set of assigned levels for each node. ℓ can be chosen to be strict (no equal levels along any edge) since we topologically require ℓ( ) < ℓ( ). • • • • • • = ( , ℎ) is a forest of arborescences (disjoint union of rooted out-trees), with (possibly multiple) roots .

No node has two different backbone parents. includes parameters representing security and scalability properties and evaluates them based on the previous iteration, a recently suggested enhancement, and a collection of pre-existing networks.

The architecture is a finite, simple, directed graph = ( , ) [ 16-17 ], where: is a finite set of nodes (chains). The cardinality | | is the number of nodes. ⊆ × is a set of directed edges (ordered pairs), ( , ) ∈ .

Simplicity: no self-loops ( , ) ∉ and no multi-edges (because edges are elements of a set of ordered pairs).

Acyclicity: there is no directed cycle (no sequence 0 → 1 → ⋯ → = 0 with ≥ 1). ℓ (tie(1) (2) (3) (4) (5) breaking) without changing reachability.

We partition edges into backbone vs cross edges.

A Governance Structure is a shared security mechanism initially introduced for the tree-based architecture. Within DAG-based architecture it could be represented as a subgraph of the multichain backbone [ 15 ]: where:

= ( , ), By default, consists of all immediate parent child pairs: ( ) = parent function, defined as ( ) ∈ ∪ ∅. ( ) = ∅ iff is a root.

= {( , ( )) ∣ ∈ , ( ) ≠ ∅},

A Governance Structure is essentially the restriction of the backbone forest to a consecutive chain (or small hierarchy) of boughs. It captures their hierarchical organization. There could be many Governance Structures within a multichain system.

A United Governance Structure is a higher-order governance subgraph [ 15 ]:

= ( , ), ⊆ is a subset of participating bough chains that agreed to extend governance through the consensus process. shared security. ⊆ × is the set of agreed governance relations among them with an established • • • • • • where: where: Formally: ⊆ is the subset of bough nodes (blockchain networks) participating in this governance structure. default direct control. ⊆ ℎ is the set of parent-child edges between consecutive boughs inside representing (8) (9) (10) (11)

If ( , ) ∈ and ( , ) ∈ , then ( , ) ∈ . Unlike , which is local and hierarchical, allows extended coordination: validator rotation, policy alignment, and inter-chain communication. For simplicity we did not index in the definition, but it should be clear that there could be multiple as well as in a multichain system.

The purpose of a United Governance Structure is to expand shared security principle farther than a direct parent to child relation. Withing such a structure there is a pool of shared and rotated validators to reduce the likelihood of 51% attacks. Such a structure does not scale horizontally since the assignment of validators requires general consensus, hence there could be many disjoined structures throughout the multichain system.

A large-scale multichain system could have numerous blockchain networks interconnected within a global network. Addressing a single chain in such a scenario could pose a problem when relying on unstructured unique names. A directory service would be required either on-chain or off-chain to manage requests routing.

Maintaining such a directory could have its limitations due to update propagation and bottlenecks. Hence, within a discussed architecture, we propose to utilize a structured and routable naming system for individual chains, similar to DNS.

Figure 3 shows a diagram of the DNS-like routing system within the multichain architecture:

In a classical DNS system, there are multiple levels of servers, including root domain servers, toplevel servers, and authoritative servers [ 18 ], [ 19 ]. Within the proposed DAG-based multichain architecture, the root chains mirror responsibilities of top-level domains, while their direct children would function akin to authoritative nodes.

An advantage in contrast to some centralized directory service is apparent from the perspective of distant networks. When a client from spring chain A tries to create a transaction involving assets on spring chain B, all that chain A has to know is the root chain address, which then points to its authoritative record, allowing for recursive traversal of the graph.

Now a similar problem happening with unstructured names could happen if there are many root chains dynamically created or updated. In such cases the role of a root DNS server could be allocated to a single off-chain directory service or a separate blockchain network. Since the cardinality of the root-level chain should not be significant, the capabilities of a single blockchain network would be enough for such a purpose. Message Verification (MV), NIST SP 800-30 [ 21 ].

Shared Security (SS), every domain fully secluded (1); shared security in specific clusters (2); shared security for most, not all, cross-chain traffic (3); shared security covers >90% of inter-chain transactions (4); all interchain operations are validated through a shared pool (5).

Pooled validators set raise economic security and reduce the probability of 51% attacks since it would require an infeasible amount of computational and voting power for an attacker to influence the consensus process. Validators rotation is essential to ensure that there could not be organized pooling of consensus votes.

Coordinator Centralization (CC), network (1); major coordination network with multiple subordinate chains (3); multiple dominant chains with a balanced workload (3); the multichain is distributed with local coordinators but without global (4); distributed architecture without reliance on coordination hubs (5).

Security assessment includes multiple categories discretely scored following ISO/IEC 27005 riskassessment practice [ 20 ]. Each dimension will be scored using a discrete 0-5 ordinal (Likert-style) scale to transform qualitative security properties into quantitative judgments. Such an approach infeasible due to complexities related to assessed systems and has grounds as a common practice in = ( 1 ⋅ 2 ⋅ 3 ⋅ 4 ⋅ 5) 1+ 2+ 3+ 4+ 5, where we will use the following weights during final calculations: 1 = 3 (SS), 2 = 3 (CC), external actors for correctness (1); relays required, with partial on-chain checks (2); external agents required for liveness with on-chain verification (3); on-chain proofs exist with partial reliance on coordinator (4); self-sufficient cryptographic proofs for all inter-chain transactions (5).

Trust introduces potential attack vectors, the less trust is put into cross-ledger transaction the better (e.g. verifiable proof are preferred). External actors could get compromised which diminishes decentralized security principles. Global coordination chains are potential single points of failure.

Data Retention & Redundancy (DR), could be pruned (1); periodic roots for short history (2); moderate historical checkpoints (3); strong redundancy and proofs (4); explicit retention with configurable depth (5).

Blast Radius / Containment (BR) compromise propagates globally (1); spillover limited to hub cluster (2); spillover limited to a governance group (3); spillover limited to parent-child only (4); compromise fully contained (5).

To combine the previously discussed scores, we use a weighted geometric mean [ 22 ]. Such a method allows us to expose weaknesses within individual metrics by penalizing disproportionately low scores. We calculate Composite Security Score (CSS) as follows: : no shared security, : single coordination : requires trusted : state : full (12) (13)

So the final formula looks as follows:

= ( 3 ⋅ 3 ⋅ 2 ⋅ 1 ⋅ 2)111.

Within this scoring model, higher means more secure. Poor dimensions drag down the score (no averaging-away weaknesses). To normalize the score and use it later for cumulative assessment model, we use: ∗ =

/5.

assessment of the architecture. The performance metrics are calculative in relative perspective to compared networks.

Latency utility ∗ shows relative performance of an architecture. It compares latencies with respect to the fastest available ∗ = / , where is the lowest latency observed within assessed multichain systems. ̅ is an average latency associated with an inter-chain transaction within target architecture. Latencies here include routing, consensus/finality delay, periodic proof interval, and queueing.

Throughput utility ∗ measures relative ability of cross-chain message processing per second and defined as ∗ = μ/μ , where μ is the cross-chain throughput capacity of the architecture and μ is the highest capacity among the compared set. If the throughput is unlimited within a multichain system, its total score is ∗ = 1.5.

Const utility ∗ shows the cost associated with an inter-chain transaction. The following formula is used: ∗ = / ̅, where is the lowest cost observed within assessed multichain system and ̅is the average cost of a target architecture. Since cost could fluctuate due to economic reasons, we assume the cost as an amount of records required on multiple ledgers to perform an asset transfer. If there is no additional cost, then ∗ = 1.5.

Each cross-chain operation requires proof so that participants from different ledgers could verify the validity of the state. Data availability ∗ shows extra bytes related to the construction of such proofs ∗ = / , where is the overhead within a target system and is the minimal overhead among tested systems. If there is no overhead, then ∗ = 1.5.

Within a cumulative assessment model, we include 5 dimensions discussed previously: = ∗ + ∗ + ∗ + ∗ + ∗ , where, the weights are summing to 1 with = 0.2, = 0.3, = 0.1, Therefore, the formula is as follows:

= 0.2 ⋅ ∗ + 0.3 ⋅ ∗ + 0.1 ⋅ ∗ + 0.1 ⋅ Here, the higher the value the better.

It is possible to get score larger than 1 due to metrics such as ∗ = 1.5. 3.2. Ethereum 2.0 Latency in Ethereum 2.0 could be represented ̅ ℎ 2.0 ≈ 984 seconds, which describes a finalized assets transfer between shards [ 23 ], [ 24 ].

Moving on to the throughput μ, each shard should post a commitment to a beacon chain per epoch, where an epoch is roughly 384 seconds [ 23 ], [ 24 ]. One commitment can contain up to 40000 transactions (~105 transactions per second). Since the architecture limits shards to 64, we can assume a throughput of μ ℎ 2.0 ≈ 105 ⋅ 64 = 6720 cross-chain transactions per second [ 9 ].

Cost ̅as a count of records per cross-chain transaction could be expressed as follows: a record on chain A for the transaction, a record on chain A for the proof object, a record for commitment on the beacon chain shared in a batch, a record on chain B for the transaction and one for proof verification [ 9 ]. Meaning, ̅ ℎ 2.0 ≈ 4.

Data overhead ℎ 2.0 ≈ 544 bytes for a Merkle proof with a depth of 16 [ 9 ], [ 23 ], [ 24 ]. The beacon chain is also responsible for storing commitments ~256 bytes per shard for an epoch but this is for all transactions inside an epoch. • • • • • Composite Security Score:

Normalized Security Score:

= (53 ⋅ 13 ⋅ 42 ⋅ 31 ⋅ 32)111 ≈ 2.69. ∗ = Latency ̅ ≈ 12 second to finalize a transaction which includes sending it for validation to the relay chain and inclusion into the destination ledger [ 10 ], [ 11 ], [ 25 ].

Throughput μ ≈ 2000 ability to validate transactions depending on allocated cores and including limitations on messages to parachains [ 10 ], [ 11 ], [ 25 ].

Cost ̅ ≈ 5 includes the original transaction and XCMP message on chain A, entry on the relay chain, and respective transaction and XCMP receipt on chain B [ 10 ], [ 11 ], [ 25 ].

Data overhead ≈ 1536 bytes for three XCMP entries on chain A, relay, and B respectively [ 10 ], [ 11 ], [ 25 ]. Each XCMP message on both chain A and B contain header information and payload, while relay chain record hold Merkel proof.

Security Score:

Shared Security (SS = 5) shared validation pool coordinated through a relay chain [ 10 ], [ 11 ]. Coordinator Centralization (CC = 1) relay chain involved in all inter-chain operations [ 10 ], [ 11 ].

Message Verification (MV=4) XCMP/XCM with verification of proof from the relay chain [ 10 ], [ 11 ].

Data Retention & Redundancy (DR = 3) relay finality and checkpoints for data verification [ 10 ], [ 11 ].

Blast Radius / Containment (BR = 3) parachain faults are isolated but relay faults could propagate [ 10 ], [ 11 ].

Shared Security (SS = 5) shared validation pool coordinated through a beacon chain [ 9 ]. Coordinator Centralization (CC = 1) centralized beacon chain is responsible for security management and coordination [ 9 ].

Message Verification (MV=4) on-chain verification of roots received from the beacon chain [ 9 ].

Data Retention & Redundancy (DR = 2) the beacon stores periodic roots for data verification but does not support data restoration [ 9 ].

Blast Radius / Containment (BR = 4) security breaches are isolated to a child chain but potential major issues could happen if the beacon itself gets compromised [ 9 ].

Composite Security Score:

ℎ Normalized Security Score: (16) (17) (18) (19)

Latency ̅ ≈ 30 seconds to finalize a transaction which includes request commitment on chain A, its transfer to the hub, and later to the chain B [ 12 ], [ 13 ], [ 25 ].

Since Cosmos is a distributed system without an apparent limitation in scale, its throughput final estimation ∗ = 1.5 [ 12 ], [ 13 ].

Cost ̅ ≈ 8 in case if we consider a single hub hop. Each hop would include commitment and deletion records on the source and receipt and acknowledgement records on the destination [ 12 ], [ 13 ].

Data overhead ≈ 192 bytes the commitment and acknowledgement records [ 12 ], [ 13 ]. Each additional hop would increase the value but for estimation purposes we will consider only the most frequent case.

Security Score: • • • • •

Shared Security (SS = 1) connects uncoordinated ledgers, does not ensure shared security [ 12 ], [ 13 ].

Coordinator Centralization (CC = 4) does not enforce centralized topology, multiple hubs could be used for connecting ledgers [ 12 ], [ 13 ].

Message Verification (MV=4) on-chain light clients verify headers and proofs with minimized trust [ 12 ], [ 13 ].

Data Retention & Redundancy (DR = 2) light clients windowing and pruning are typical, proof is isolated to a short context [ 12 ], [ 13 ].

Blast Radius / Containment (BR = 5) security breach on one chain does not propagate to another since Cosmos serves as a communication media rather than a shared security coordinator [ 12 ], [ 13 ]. (20) (21) Composite Security Score:

Normalized Security Score: = (13 ⋅ 43 ⋅ 42 ⋅ 21 ⋅ 52)111 ≈ 2.68. ∗ =

Latency ̅ ℎ ≈ 4 seconds to finalize a transaction which includes commitment to chain A, its transfer through the teleporter, and later to the chain B [ 14 ], [ 25 ].

Avalanche is a highly distributed system without an apparent limitation in scale of transaction processing. Though it could have unlimited number of subnetworks, the primary chain is responsible for recording the assignments of validators which could become a bottleneck. Its throughput final estimation ∗ ℎ = 1 [ 14 ].

Cost ̅ ℎ ≈ 2 in case if we consider AWM/Teleporter. One record for the request is written on chain A and another for the import on the chain B [ 14 ]. There are no intermediary writes to internal chains.

Data overhead ℎ ≈ 512 bytes where each side writes a normal transaction that carries an AWM proof including the message, BLS aggregate signature, and the metadata [ 14 ].

The apparent performance of the Avalanche network stems from its internal organization and reliance on a few coordinating networks. In contrast to completely disjointed systems such as Cosmos, Avalanche requires each subnetwork to register and manage its validators through the main chain. This cohesion allows boosting performance but at the cost of a potential blast in case of the main chain compromise. Composite Security Score:

Normalized Security Score: •

Shared Security (SS = 4) centralized pooling in place with subnets including validators from the primary chain [ 14 ].

Coordinator Centralization (CC = 2) shared security coordination network [ 14 ]. Message Verification (MV=4) cryptographic proof through the warp mechanism [ 14 ]. Data Retention & Redundancy (DR = 2) history is local to the subchain [ 14 ].

Blast Radius / Containment (BR = 4) faults are typically isolated to a subnetwork [ 14 ].

Latency could vary greatly depending on the communication path. It could be either with the siblings or to the distant nodes. Since the design of architecture assumes high cohesion, the most frequent method of communication should be done through the bough chain where latency should be similar to Ethereum 2.0. ̅ − ≈ 984 seconds to finalize a transaction which includes sending it for validation to the relay chain and inclusion into the destination ledger [ 15 ], [ 23 ], [ 24 ].

The tree-based architecture in its essence as a data structure does not strictly impose the communication mode between siblings, but the original article assumed coordination like Ethereum 2.0 between siblings. Since the Trunk chain underpins the entire system μ − ≈ 6720 transactions per second [ 15 ].

Cost ̅ − = 4 similar to estimation for Ethereum 2.0 but could grow significantly larger for distant-node communication [ 15 ].

Data overhead − = 544 bytes for coordination through the bough chain between siblings [ 15 ]. Again, this could grow with N factor depending on the number of hops needed for communication with distant nodes.

Security Score:

Shared Security (SS = 2) shared security within boughs and its direct child network. Coordinator Centralization (CC = 2) has a major coordination network (The Tree Trunk). Message Verification (MV=4) trust minimized cryptographic proofs for most operations. Data Retention & Redundancy (DR = 5) explicit and configurable N-ancestor data retention. Blast Radius / Containment (BR = 3) faults are typically isolated to a subnetwork but could propagate if happen on local coordination networks.

Composite Security Score:

− Normalized Security Score: = (23 ⋅ 23 ⋅ 42 ⋅ 51 ⋅ 32)111 ≈ 2.65.

(24) 2.65 (25) ∗ − = 5 ≈ 0.53.

The purpose of the Tree-based architecture was to improve the horizontal scalability capabilities of multichain systems.

In contrast to the tree-based, the newly proposed DAG-based architecture assumes communication expected to be the dominant way due to cohesion principles, the estimated latency ̅ − = 12 second to finalize a transaction which includes sending it for validation to the relay chain and inclusion into the destination.

Throughput in such an architecture is not limited to the trunk chain or any other general coordination network, making its final estimation ∗ − = 1.5. There could be many root chains connecting different branches. Moreover, cross-connection facilitates efficient transactions.

Cost ̅ − = 5 similar to Polkadot and includes the original transaction and XCMP message on chain A, entry on the relay chain, and respective transaction and XCMP receipt on chain B [ 10 ], [ 11 ].

Data overhead between sibling chains is similar to the Polkadot, − = 1536 bytes for three XCMP entries on chain A, relay, and B respectively [ 10 ], [ 11 ]. Each XCMP message on both chain A and B contain header information and payload, while relay chain record hold Merkel proof. The estimation would differ for a multi-hop transfer but due to cohesion principles, such transactions should be rare.

Security Score: •

Shared Security (SS = 3) shared security within boughs and its direct child network with additional governance structures that could be shared.

Coordinator Centralization (CC = 4) no global coordination network.

Message Verification (MV=4) trust minimized cryptographic proofs for most operations. Data Retention & Redundancy (DR = 5) explicit and configurable N-ancestor data retention. Blast Radius / Containment (BR = 3) faults are typically isolated to a subnetwork but could propagate if happen on local coordination networks. (26) (27) Composite Security Score:

− Normalized Security Score:

= (33 ⋅ 43 ⋅ 42 ⋅ 51 ⋅ 32)111 ≈ 3.58. ∗ − =

The results obtained in the previous subsections could be organized in a table for a more convenient comparison.

From the results we can see the improvement within DAG-based architecture over the tree-based.