- The paper establishes that non-custodial enforced encumbrance is structurally impossible in standard account-based ledgers due to inherent key sovereignty limitations.
- It formalizes the necessity of asset-authorization coupling and introduces an envelope primitive that enforces protocol-level restrictions using cryptographic proofs.
- The study presents detailed ledger analyses and benchmarks, demonstrating the envelope construction’s practical feasibility for L1 and L2 implementations in DeFi.
Structural Impossibility and Commitment-Based Enforcement in Account-Based Ledgers
The paper rigorously addresses the question of whether it is feasible to enforce future asset disposition in account-based ledger systems without resorting to custodial solutions or requiring the asset holder’s cooperation at enforcement time. The main model-level contribution is the identification and formalization of a structural barrier to non-custodial enforced encumbrance (NCEE).
NCEE is defined by four properties: self-custody (no required co-signer), transition restriction (assets move only via protocol-defined paths during encumbrance), irrevocability (owners cannot unilaterally remove encumbrance), and permissionless enforcement (any third party can trigger enforcement on condition satisfaction). The work distinguishes two critical abstractions:
- Key Sovereignty (KS): The holder of the controlling key can always authorize a transition that weakens any active protocol-imposed restriction. KS is ubiquitous in standard EOAs, ERC-4337 smart accounts (single-key configuration), and EIP-7702 delegated EOAs.
- Asset-Authorization Coupling (AAC): Valid asset transitions are cryptographically coupled to the mechanism’s restraining state, disabling unilateral owner escape without consulting mechanism state.
The central theorems demonstrate that any ledger satisfying KS cannot realize NCEE; conversely, AAC is necessary (in transfer-dichotomous asset classes) for achieving NCEE.
Concrete Ledger Analysis
The paper substantiates KS-impossibility across major Ethereum account abstractions:
- Standard EOAs: The owner’s key can always bypass protocol-level restrictions by transferring assets to a fresh address.
- ERC-4337 Smart Accounts: Owner re-instantiation or rule modification by the controlling key preserves unilateral escape.
- EIP-7702 Delegated EOAs: Protocol-level reauthorization is uninterceptable at the delegate code layer; the controlling key can always overwrite restrictions.
These analyses are realized with detailed, code-level proofs, providing categorical exclusion of NCEE for these asset paths.
Commitment-Based Construction in Extended Private-State Ledgers
On the positive side, the work introduces an envelope primitive in an extended private-state ledger model (PSLM), where asset spendability is cryptographically bound to protocol-maintained marker sets—namely, the active and consumed encumbrance markers. This construction achieves domain separation between ordinary spends (nullifiers tied to owner key) and encumbrance nullifiers (derived from note randomness), facilitating permissionless enforcement without owner key material exposure.
The envelope binds the asset note, condition tree (public trigger predicate), and redistribution intent (destination/action at enforcement). Transitions within the envelope model require zero-knowledge proofs, on-chain marker-set membership, and enforceable restriction checks; all NCEE properties are rigorously shown to hold, subject to cryptographic and deployment assumptions (notably registry immutability).
Security Analysis and Proof-of-Enforcement Guarantees
Security is analyzed via explicit game definitions, covering encumbrance integrity, settlement security, key-compromise resilience, and indistinguishability. The envelope construction’s security reductions rely on knowledge soundness (SNARK), Poseidon2 collision resistance and indifferentiability (heuristic), and discrete log hardness (for signature-based settlement). All implementation-dependent and heuristic claims are separated from theorem-level results.
Key security claims include:
- Encumbrance integrity: Spend is blocked for actively encumbered notes except under collision or soundness failure.
- Double-encumbrance prevention: Active envelope uniqueness per note is enforced.
- Enforcement is both permissionless and safe: Any party may trigger enforcement, and protocol-level condition evaluation is deterministic.
- Privacy: Nullifier separation and blinded position commitments provide operational privacy, subject to residual linkability.
The paper also discusses deployment recipes (strict immutability, timelock-parameter governance, quorum-frozen exits) required to satisfy registry immutability assumptions.
Practical Economics and Implementation
The reference implementation (Noir/UltraHonk) demonstrates practical feasibility, reporting gas and aggregation benchmarks for envelope operations. On L1, the construction is economical for mid-to-large asset positions ($\$10k - \$1M+$), and on L2s, it is cost-effective even for consumer-scale positions. Recursive proof aggregation further reduces amortized costs, broadening applicability.
The envelope paradigm is directly suitable for non-custodial collateralized lending, providing DeFi protocols with enforceable, non-custodial liquidation guarantees under public (oracle-fed) conditions. This design fundamentally changes the asset custody risk profile, exchanging it for cryptographic and operational reliability assumptions.
Comparative Analysis and Limitations
The paper differentiates its contributions from prior work (Hawk, Zcash/Penumbra/Veri-Zexe, ERC-4337/7710/7715, Bitcoin covenants, intent frameworks, keeper networks), demonstrating that none jointly achieves both impossibility and commitment-based NCEE realization in the account-based asset setting. Privacy is partial and residual linkability remains; post-quantum security is not provided; cross-transaction oracle manipulation and hybrid asset class analysis are delegated to future work.
Conclusion
This work solidly establishes that in standard account-based ledgers, non-custodial enforced encumbrance is structurally impossible so long as asset movement remains under unilateral owner control (KS), irrespective of policy-language or wallet-level refinements. Commitment-based ledger models with cryptographically coupled authorization can realize NCEE, and the envelope primitive provides a concrete, security-analyzed construction. The separation between KS and AAC is sharp, formal, and ledger-independent for transfer-dichotomous asset classes, providing a rigorous foundation for future protocol and asset-control designs.
Future directions include richer hybrid asset analysis, stronger implementation verification, removal of heuristic cryptographic dependencies, improved keeper-incentive mechanisms, and post-quantum variants. The structural separation and formal framework here will guide such development.
Reference: "Write-Domain Separation and Non-Custodial Enforcement: A Structural Impossibility in Account-Based Ledgers, with a Commitment-Based Construction" (2605.01210).