With Dfinity chains there are two optimisations. The first is that full notarisation of a collation implies full notarisation of all previous collations on that shard. The reason is that committees only notarise previously notarised collations. So a notary summoned to notarise a collation at some height h only has to check the signatures for the collations of that shard at height h - 1 (usually a single collation, unless there is equivocation of the top-ranked proposer and multiple notorisations). The second optimisation is that BLS signatures aggregate, so only a single signature has to be checked instead of 212 per collation.
With 10,000 notaries and 1000 shards, a notary will be summoned to notarise 42.3 shards per period, which corresponds to checking 42.3 signatures per 5 seconds, i.e. less than 10 messages per second.
Other signature tricks may be applicable to non-Dfinity designs, such as “diagonal” staggering and “horizontal” bursts or cryptoeconomic signature aggregation.
I’m not. I’m not even assuming any form of Casper in the design. I guess the point is that the time to finality of the shards is independent from the time to finality of the main chain.
What gets explicitly included in the main chain via transactions are the (unique deterministic) beacon checkpoints, at most one per 120 periods. The second-most recent beacon checkpoint is the “global hash” that Casper FFG can finalise over. Beacon checkpoints are separated by 10 minutes which is enough for shard finality, so the second-most recent beacon checkpoint will have corresponding finalised data roots, one for each shard. The data roots are not made explicit with a transaction, instead they come from light-clienting (similar to every shard light-clienting every other shard). A global data root can be computed by Merklelising the individual shard data roots corresponding to beacon checkpoints.
Right, committees are selected in advance, which opens the door for adaptive attacks. It is possible that Dfinity’s 2/3 honesty assumption (which subsumes adaptive attacks) is unrealistic; time will tell. The good news is that the honesty assumption can easily be put to test without tight-coupling the shards to the main chain.