Very nice! The general approach & revision of the IBC dataflow model all makes sense to me. A few questions on your investigations & alternatives:
- Would switching Tendermint’s signature scheme (secp256k1 or eventually BLS) cut the proving time a lot, or not so much?
- Is the cost of verifying Merkle proofs (required for packets, should be possible to use Ethereum’s sha2 precompile) significant? Do you have any benchmarks of gas required per packet (which would add to the amortised header cost)?
- What about verifying the Ethereum consensus on the other side? Does ETH2 have a cheap light client which you can just use out of the box or would additional work be required (to retain the IBC security model)?