[{"doi":"10.1109/ICDCS60910.2024.00129","month":"07","main_file_link":[{"url":"https://arxiv.org/abs/2309.12713","open_access":"1"}],"arxiv":1,"publication_identifier":{"eissn":["2575-8411"],"isbn":["9798350386059"],"issn":["1063-6927"]},"day":"26","status":"public","publisher":"IEEE","publication_status":"published","publication":"Proceedings - International Conference on Distributed Computing Systems","external_id":{"isi":["001304430200120"],"arxiv":["2309.12713"]},"acknowledgement":"This work is supported by Mysten Labs. We thank the Mysten Labs Engineering teams for valuable feedback broadly, and specifically to Laura Makdah for helping implementing the early reputation score system for validators and Dmitry Perelman for managing the overall implementation effort.","quality_controlled":"1","language":[{"iso":"eng"}],"department":[{"_id":"ElKo"}],"page":"1377-1387","citation":{"ista":"Tsimos G, Kichidis A, Sonnino A, Kokoris Kogias E. 2024. HammerHead: Leader reputation for dynamic scheduling. Proceedings - International Conference on Distributed Computing Systems. ICDCS: International Conference on Distributed Computing Systems, 1377–1387.","chicago":"Tsimos, Giorgos, Anastasios Kichidis, Alberto Sonnino, and Eleftherios Kokoris Kogias. “HammerHead: Leader Reputation for Dynamic Scheduling.” In Proceedings - International Conference on Distributed Computing Systems, 1377–87. IEEE, 2024. https://doi.org/10.1109/ICDCS60910.2024.00129.","ieee":"G. Tsimos, A. Kichidis, A. Sonnino, and E. Kokoris Kogias, “HammerHead: Leader reputation for dynamic scheduling,” in Proceedings - International Conference on Distributed Computing Systems, Jersey City, NJ, United States, 2024, pp. 1377–1387.","ama":"Tsimos G, Kichidis A, Sonnino A, Kokoris Kogias E. HammerHead: Leader reputation for dynamic scheduling. In: Proceedings - International Conference on Distributed Computing Systems. IEEE; 2024:1377-1387. doi:10.1109/ICDCS60910.2024.00129","short":"G. Tsimos, A. Kichidis, A. Sonnino, E. Kokoris Kogias, in:, Proceedings - International Conference on Distributed Computing Systems, IEEE, 2024, pp. 1377–1387.","mla":"Tsimos, Giorgos, et al. “HammerHead: Leader Reputation for Dynamic Scheduling.” Proceedings - International Conference on Distributed Computing Systems, IEEE, 2024, pp. 1377–87, doi:10.1109/ICDCS60910.2024.00129.","apa":"Tsimos, G., Kichidis, A., Sonnino, A., & Kokoris Kogias, E. (2024). HammerHead: Leader reputation for dynamic scheduling. In Proceedings - International Conference on Distributed Computing Systems (pp. 1377–1387). Jersey City, NJ, United States: IEEE. https://doi.org/10.1109/ICDCS60910.2024.00129"},"date_published":"2024-07-26T00:00:00Z","abstract":[{"lang":"eng","text":"Recent advancements on DAG-based consensus protocols allow for blockchains with improved metrics and properties, such as throughput and censorship-resistance. Variants of the Bullshark [18] consensus protocol are adopted for practical use by the Sui blockchain, for improved latency. However, the protocol is leader-based, and is strongly affected by crashed leaders that can lead to various performance issues, for example, decreased transaction throughput. In this paper, we propose HammerHead, a DAG-based consensus protocol, that is inspired by Carousel [8] and provides Leader-Utilization. Our proposal differs from Carousel, which is built for a chained consensus protocol; in HammerHead chain quality is inherited by the DAG. HammerHead needs to preserve safety and liveness, despite validators committing leader vertices asynchronously. The key idea is to update leader schedules dynamically, based on the validators' scores during the previous schedule. We implement HammerHead and show a minor improvement in performance for cases without faults. The major improvements in comparison to Bullshark appear in faulty settings. Specifically, we show a drastic, 2x-latency improvement and up to 40% increased throughput when crash faults occur (100 validators, 33 faults)."}],"_id":"18071","date_updated":"2025-09-08T09:42:36Z","oa":1,"isi":1,"type":"conference","oa_version":"Preprint","date_created":"2024-09-15T22:01:41Z","scopus_import":"1","conference":{"location":"Jersey City, NJ, United States","start_date":"2024-07-23","name":"ICDCS: International Conference on Distributed Computing Systems","end_date":"2024-07-26"},"title":"HammerHead: Leader reputation for dynamic scheduling","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","author":[{"first_name":"Giorgos","last_name":"Tsimos","full_name":"Tsimos, Giorgos"},{"last_name":"Kichidis","first_name":"Anastasios","full_name":"Kichidis, Anastasios"},{"first_name":"Alberto","last_name":"Sonnino","full_name":"Sonnino, Alberto"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"}],"year":"2024","article_processing_charge":"No"},{"author":[{"first_name":"Giacomo","last_name":"Giuliari","full_name":"Giuliari, Giacomo"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"last_name":"Frei","first_name":"Marc","full_name":"Frei, Marc"},{"last_name":"Streun","first_name":"Fabio","full_name":"Streun, Fabio"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"last_name":"Perrig","first_name":"Adrian","full_name":"Perrig, Adrian"}],"year":"2024","article_processing_charge":"Yes (in subscription journal)","scopus_import":"1","conference":{"end_date":"2024-07-05","name":"ASIACCS: Asia Conference on Computer and Communications Security","location":"Singapore, Singapore","start_date":"2024-07-01"},"user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","title":"An empirical study of consensus protocols’ DoS resilience","isi":1,"oa":1,"type":"conference","oa_version":"Published Version","date_created":"2025-01-27T13:57:00Z","has_accepted_license":"1","language":[{"iso":"eng"}],"department":[{"_id":"ElKo"}],"citation":{"mla":"Giuliari, Giacomo, et al. “An Empirical Study of Consensus Protocols’ DoS Resilience.” Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ACM, 2024, pp. 1345–60, doi:10.1145/3634737.3656997.","short":"G. Giuliari, A. Sonnino, M. Frei, F. Streun, E. Kokoris Kogias, A. Perrig, in:, Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ACM, 2024, pp. 1345–1360.","apa":"Giuliari, G., Sonnino, A., Frei, M., Streun, F., Kokoris Kogias, E., & Perrig, A. (2024). An empirical study of consensus protocols’ DoS resilience. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 1345–1360). Singapore, Singapore: ACM. https://doi.org/10.1145/3634737.3656997","ista":"Giuliari G, Sonnino A, Frei M, Streun F, Kokoris Kogias E, Perrig A. 2024. An empirical study of consensus protocols’ DoS resilience. Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. ASIACCS: Asia Conference on Computer and Communications Security, 1345–1360.","chicago":"Giuliari, Giacomo, Alberto Sonnino, Marc Frei, Fabio Streun, Eleftherios Kokoris Kogias, and Adrian Perrig. “An Empirical Study of Consensus Protocols’ DoS Resilience.” In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 1345–60. ACM, 2024. https://doi.org/10.1145/3634737.3656997.","ieee":"G. Giuliari, A. Sonnino, M. Frei, F. Streun, E. Kokoris Kogias, and A. Perrig, “An empirical study of consensus protocols’ DoS resilience,” in Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Singapore, Singapore, 2024, pp. 1345–1360.","ama":"Giuliari G, Sonnino A, Frei M, Streun F, Kokoris Kogias E, Perrig A. An empirical study of consensus protocols’ DoS resilience. In: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. ACM; 2024:1345-1360. doi:10.1145/3634737.3656997"},"page":"1345-1360","date_published":"2024-07-01T00:00:00Z","date_updated":"2025-09-09T12:07:28Z","_id":"18913","abstract":[{"text":"With the proliferation of blockchain technology in high-value sectors, consensus protocols are becoming critical infrastructures. The rapid innovation cycle in Byzantine fault tolerant (BFT) consensus protocols has culminated in HotStuff, which provides linear message complexity in the partially synchronous setting. To achieve this, HotStuff leverages a leader that collects, aggregates, and broadcasts the messages of other validators. This paper analyzes the security implications of such approaches in practice, from the perspective of liveness and availability.\r\nBy implementing attacks in a globally-distributed testbed, we show that state-of-the-art leader-based protocols are vulnerable to denial-of-service (DoS) attacks on the leader. Our attacks, demonstrated on committees of up to 64 validators, manage to disrupt liveness within seconds, using only a few tens of Mbps of attack bandwidth per validator. Crucially, the cost and effectiveness of the attacks are independent of the committee size. Based on the outcome of these experiments, we then propose and test effective mitigations. Our findings show that advancements in both protocol design and network-layer defenses can greatly improve the practical resilience of BFT consensus protocols.","lang":"eng"}],"external_id":{"isi":["001283918100095"]},"ddc":["000"],"acknowledgement":"This work was mostly realized while Alberto Sonnino and Lefteris Kokoris-Kogias were employed at Meta. We gratefully acknowledge support for this project from ETH Zurich and Mysten Labs.","quality_controlled":"1","file":[{"relation":"main_file","date_created":"2025-01-27T14:04:12Z","file_id":"18914","content_type":"application/pdf","checksum":"1e743ddf49d35390eb56e11eb0759150","date_updated":"2025-01-27T14:04:12Z","creator":"dernst","access_level":"open_access","file_name":"2024_ACMAsiaCCS_Giuliari.pdf","success":1,"file_size":951940}],"publication_identifier":{"isbn":["9798400704826"]},"day":"01","status":"public","publisher":"ACM","publication_status":"published","publication":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)"},"OA_place":"publisher","OA_type":"hybrid","doi":"10.1145/3634737.3656997","file_date_updated":"2025-01-27T14:04:12Z","month":"07","license":"https://creativecommons.org/licenses/by/4.0/"},{"publication_identifier":{"isbn":["9798400706363"]},"arxiv":1,"status":"public","day":"09","publication_status":"published","publisher":"ACM","publication":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","acknowledgement":"This work is funded by MystenLabs. We thank the Mysten Labs Engineering teams for valuable feedback broadly, and specifically Dmitry Perelman and Todd Fiala for managing the implementation effort. A number of folks contributed to specific aspects of the implementation of Sui Lutris (amongst many other contributions to the overall blockchain): Francois Garillot, Laura Makdah, Mingwei Tian, Andrew Schran, Sadhan Sood and William Smith implemented and optimized aspects of both Sui Lutris and Narwhal / Bullshark consensus; Alonso de Gortari oversaw the cryptoeconomics of the blockchain, and Emma Zhong, Ade Adepoju, Tim Zakia and Dario Russi designed and implemented staking and gas mechanisms. Adam Welc designed several Move tools and provided great feedback on the manuscript. We also extend our thanks to Patrick Kuo, Ge Gao, Chris Li, and Arun Koshy for their work on the Sui Lutris SDK, clients, and RPC layer; Kostas Chalkias, Jonas Lindstrøm, and Joy Wang built cryptographic components.","external_id":{"isi":["001436367300178"],"arxiv":["2310.18042"]},"quality_controlled":"1","OA_type":"hybrid","doi":"10.1145/3658644.3670286","month":"12","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2310.18042"}],"OA_place":"repository","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","title":"Sui Lutris: A blockchain combining broadcast and consensus","conference":{"start_date":"2024-10-14","location":"Salt Lake City, UT, United States","name":"CCS: Conference on Computer and Communications Security","end_date":"2024-10-18"},"author":[{"full_name":"Blackshear, Sam","first_name":"Sam","last_name":"Blackshear"},{"last_name":"Chursin","first_name":"Andrey","full_name":"Chursin, Andrey"},{"full_name":"Danezis, George","first_name":"George","last_name":"Danezis"},{"last_name":"Kichidis","first_name":"Anastasios","full_name":"Kichidis, Anastasios"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"full_name":"Li, Xun","last_name":"Li","first_name":"Xun"},{"last_name":"Logan","first_name":"Mark","full_name":"Logan, Mark"},{"last_name":"Menon","first_name":"Ashok","full_name":"Menon, Ashok"},{"first_name":"Todd","last_name":"Nowacki","full_name":"Nowacki, Todd"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"last_name":"Williams","first_name":"Brandon","full_name":"Williams, Brandon"},{"first_name":"Lu","last_name":"Zhang","full_name":"Zhang, Lu"}],"article_processing_charge":"No","year":"2024","language":[{"iso":"eng"}],"date_updated":"2025-09-09T12:13:55Z","_id":"18957","abstract":[{"text":"Sui Lutris is the first smart-contract platform to sustainably achieve sub-second finality. It achieves this significant decrease by employing consensusless agreement not only for simple payments but for a large variety of transactions. Unlike prior work, Sui Lutris neither compromises expressiveness nor throughput and can run perpetually without restarts. Sui Lutris achieves this by safely integrating consensuless agreement with a high-throughput consensus protocol that is invoked out of the critical finality path but ensures that when a transaction is at risk of inconsistent concurrent accesses, its settlement is delayed until the total ordering is resolved. Building such a hybrid architecture is especially delicate during reconfiguration events, where the system needs to preserve the safety of the consensusless path without compromising the long-term liveness of potentially misconfigured clients. We thus develop a novel reconfiguration protocol, the first to provably show the safe and efficient reconfiguration of a consensusless blockchain. Sui Lutris is currently running in production and underpins the Sui smart-contract platform. Combined with the use of Objects instead of accounts it enables the safe execution of smart contracts that expose objects as a first-class resource. In our experiments Sui Lutris achieves latency lower than 0.5 seconds for throughput up to 5,000 certificates per second (150k ops/s with transaction blocks), compared to the state-of-the-art real-world consensus latencies of 3 seconds. Furthermore, it gracefully handles validators crash-recovery and does not suffer visible performance degradation during reconfiguration.","lang":"eng"}],"department":[{"_id":"ElKo"}],"citation":{"ista":"Blackshear S, Chursin A, Danezis G, Kichidis A, Kokoris Kogias E, Li X, Logan M, Menon A, Nowacki T, Sonnino A, Williams B, Zhang L. 2024. Sui Lutris: A blockchain combining broadcast and consensus. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. CCS: Conference on Computer and Communications Security, 2606–2620.","chicago":"Blackshear, Sam, Andrey Chursin, George Danezis, Anastasios Kichidis, Eleftherios Kokoris Kogias, Xun Li, Mark Logan, et al. “Sui Lutris: A Blockchain Combining Broadcast and Consensus.” In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2606–20. ACM, 2024. https://doi.org/10.1145/3658644.3670286.","ieee":"S. Blackshear et al., “Sui Lutris: A blockchain combining broadcast and consensus,” in Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, United States, 2024, pp. 2606–2620.","ama":"Blackshear S, Chursin A, Danezis G, et al. Sui Lutris: A blockchain combining broadcast and consensus. In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. ACM; 2024:2606-2620. doi:10.1145/3658644.3670286","short":"S. Blackshear, A. Chursin, G. Danezis, A. Kichidis, E. Kokoris Kogias, X. Li, M. Logan, A. Menon, T. Nowacki, A. Sonnino, B. Williams, L. Zhang, in:, Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, ACM, 2024, pp. 2606–2620.","mla":"Blackshear, Sam, et al. “Sui Lutris: A Blockchain Combining Broadcast and Consensus.” Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, ACM, 2024, pp. 2606–20, doi:10.1145/3658644.3670286.","apa":"Blackshear, S., Chursin, A., Danezis, G., Kichidis, A., Kokoris Kogias, E., Li, X., … Zhang, L. (2024). Sui Lutris: A blockchain combining broadcast and consensus. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 2606–2620). Salt Lake City, UT, United States: ACM. https://doi.org/10.1145/3658644.3670286"},"date_published":"2024-12-09T00:00:00Z","page":"2606-2620","oa":1,"isi":1,"type":"conference","oa_version":"Preprint","date_created":"2025-01-29T12:42:21Z"},{"keyword":["General Engineering","General Materials Science","General Computer Science","Electrical and Electronic Engineering"],"year":"2023","article_processing_charge":"Yes","article_type":"original","intvolume":" 11","author":[{"full_name":"Neiheiser, Ray","id":"f09651b9-fec0-11ec-b5d8-934aff0e52a4","orcid":"0000-0001-7227-8309","last_name":"Neiheiser","first_name":"Ray"},{"last_name":"Inacio","first_name":"Gustavo","full_name":"Inacio, Gustavo"},{"full_name":"Rech, Luciana","first_name":"Luciana","last_name":"Rech"},{"full_name":"Montez, Carlos","first_name":"Carlos","last_name":"Montez"},{"last_name":"Matos","first_name":"Miguel","full_name":"Matos, Miguel"},{"last_name":"Rodrigues","first_name":"Luis","full_name":"Rodrigues, Luis"}],"scopus_import":"1","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Practical limitations of Ethereum’s layer-2","type":"journal_article","date_created":"2023-08-09T12:09:57Z","oa_version":"Published Version","isi":1,"oa":1,"has_accepted_license":"1","language":[{"iso":"eng"}],"date_published":"2023-08-01T00:00:00Z","page":"8651-8662","citation":{"ieee":"R. Neiheiser, G. Inacio, L. Rech, C. Montez, M. Matos, and L. Rodrigues, “Practical limitations of Ethereum’s layer-2,” IEEE Access, vol. 11. Institute of Electrical and Electronics Engineers, pp. 8651–8662, 2023.","ama":"Neiheiser R, Inacio G, Rech L, Montez C, Matos M, Rodrigues L. Practical limitations of Ethereum’s layer-2. IEEE Access. 2023;11:8651-8662. doi:10.1109/access.2023.3237897","ista":"Neiheiser R, Inacio G, Rech L, Montez C, Matos M, Rodrigues L. 2023. Practical limitations of Ethereum’s layer-2. IEEE Access. 11, 8651–8662.","chicago":"Neiheiser, Ray, Gustavo Inacio, Luciana Rech, Carlos Montez, Miguel Matos, and Luis Rodrigues. “Practical Limitations of Ethereum’s Layer-2.” IEEE Access. Institute of Electrical and Electronics Engineers, 2023. https://doi.org/10.1109/access.2023.3237897.","short":"R. Neiheiser, G. Inacio, L. Rech, C. Montez, M. Matos, L. Rodrigues, IEEE Access 11 (2023) 8651–8662.","mla":"Neiheiser, Ray, et al. “Practical Limitations of Ethereum’s Layer-2.” IEEE Access, vol. 11, Institute of Electrical and Electronics Engineers, 2023, pp. 8651–62, doi:10.1109/access.2023.3237897.","apa":"Neiheiser, R., Inacio, G., Rech, L., Montez, C., Matos, M., & Rodrigues, L. (2023). Practical limitations of Ethereum’s layer-2. IEEE Access. Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/access.2023.3237897"},"department":[{"_id":"ElKo"}],"abstract":[{"lang":"eng","text":"Most permissionless blockchains inherently suffer from throughput limitations. Layer-2 systems, such as side-chains or Rollups, have been proposed as a possible strategy to overcome this limitation. Layer-2 systems interact with the main-chain in two ways. First, users can move funds from/to the main-chain to/from the layer-2. Second, layer-2 systems periodically synchronize with the main-chain to keep some form of log of their activity on the main-chain - this log is key for security. Due to this interaction with the main-chain, which is necessary and recurrent, layer-2 systems impose some load on the main-chain. The impact of such load on the main-chain has been, so far, poorly understood. In addition to that, layer-2 approaches typically sacrifice decentralization and security in favor of higher throughput. This paper presents an experimental study that analyzes the current state of Ethereum layer-2 projects. Our goal is to assess the load they impose on Ethereum and to understand their scalability potential in the long-run. Our analysis shows that the impact of any given layer-2 on the main-chain is the result of both technical aspects (how state is logged on the main-chain) and user behavior (how often users decide to transfer funds between the layer-2 and the main-chain). Based on our observations, we infer that without efficient mechanisms that allow users to transfer funds in a secure and fast manner directly from one layer-2 project to another, current layer-2 systems will not be able to scale Ethereum effectively, regardless of their technical solutions. Furthermore, from our results, we conclude that the layer-2 systems that offer similar security guarantees as Ethereum have limited scalability potential, while approaches that offer better performance, sacrifice security and lead to an increase in centralization which runs against the end-goals of permissionless blockchains."}],"_id":"13988","date_updated":"2024-10-09T21:06:38Z","ddc":["000"],"external_id":{"isi":["000927831000001"]},"acknowledgement":"This work was supported in part by the Coordenação de Aperfeiçoamento de Pessoal de Nivel Superior (CAPES)—Brazil (CAPES), in part by the Fundação para a Ciência e Tecnologia (FCT) under Project UIDB/50021/2020 and Grant 2020.05270.BD, in part by the Project COSMOS (via the Orçamento de Estado (OE) with ref. PTDC/EEI-COM/29271/2017 and via the ‘‘Programa Operacional Regional de Lisboa na sua componente Fundo Europeu de Desenvolvimento Regional (FEDER)’’ with ref. Lisboa-01-0145-FEDER-029271), and in part by the project Angainor with reference LISBOA-01-0145-FEDER-031456 as well as supported by Meta Platforms for the project key Transparency at Scale.","quality_controlled":"1","publisher":"Institute of Electrical and Electronics Engineers","publication_status":"published","publication":"IEEE Access","tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)"},"volume":11,"file":[{"file_id":"14166","relation":"main_file","date_created":"2023-08-22T06:37:48Z","access_level":"open_access","file_name":"2023_IEEEAccess_Neiheiser.pdf","success":1,"file_size":1289285,"content_type":"application/pdf","checksum":"4b80b0ff212edf7e5842fbdd53784432","date_updated":"2023-08-22T06:37:48Z","creator":"dernst"}],"publication_identifier":{"issn":["2169-3536"]},"day":"01","status":"public","corr_author":"1","month":"08","doi":"10.1109/access.2023.3237897","file_date_updated":"2023-08-22T06:37:48Z"},{"date_published":"2023-10-01T00:00:00Z","citation":{"ieee":"D. Beaver et al., “STROBE: Streaming Threshold Random Beacons,” in 5th Conference on Advances in Financial Technologies, Princeton, NJ, United States, 2023, vol. 282.","ama":"Beaver D, Kelkar M, Lewi K, et al. STROBE: Streaming Threshold Random Beacons. In: 5th Conference on Advances in Financial Technologies. Vol 282. Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2023. doi:10.4230/LIPIcs.AFT.2023.7","chicago":"Beaver, Donald, Mahimna Kelkar, Kevin Lewi, Valeria Nikolaenko, Alberto Sonnino, Konstantinos Chalkias, Eleftherios Kokoris Kogias, Ladi De Naurois, and Arnab Roy. “STROBE: Streaming Threshold Random Beacons.” In 5th Conference on Advances in Financial Technologies, Vol. 282. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023. https://doi.org/10.4230/LIPIcs.AFT.2023.7.","ista":"Beaver D, Kelkar M, Lewi K, Nikolaenko V, Sonnino A, Chalkias K, Kokoris Kogias E, Naurois LD, Roy A. 2023. STROBE: Streaming Threshold Random Beacons. 5th Conference on Advances in Financial Technologies. AFT: Conference on Advances in Financial Technologies, LIPIcs, vol. 282, 7.","apa":"Beaver, D., Kelkar, M., Lewi, K., Nikolaenko, V., Sonnino, A., Chalkias, K., … Roy, A. (2023). STROBE: Streaming Threshold Random Beacons. In 5th Conference on Advances in Financial Technologies (Vol. 282). Princeton, NJ, United States: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.4230/LIPIcs.AFT.2023.7","mla":"Beaver, Donald, et al. “STROBE: Streaming Threshold Random Beacons.” 5th Conference on Advances in Financial Technologies, vol. 282, 7, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023, doi:10.4230/LIPIcs.AFT.2023.7.","short":"D. Beaver, M. Kelkar, K. Lewi, V. Nikolaenko, A. Sonnino, K. Chalkias, E. Kokoris Kogias, L.D. Naurois, A. Roy, in:, 5th Conference on Advances in Financial Technologies, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023."},"department":[{"_id":"ElKo"}],"_id":"14516","date_updated":"2024-10-09T21:07:17Z","abstract":[{"text":"We revisit decentralized random beacons with a focus on practical distributed applications. Decentralized random beacons (Beaver and So, Eurocrypt'93) provide the functionality for n parties to generate an unpredictable sequence of bits in a way that cannot be biased, which is useful for any decentralized protocol requiring trusted randomness. Existing beacon constructions are highly inefficient in practical settings where protocol parties need to rejoin after crashes or disconnections, and more significantly where smart contracts may rely on arbitrary index points in high-volume streams. For this, we introduce a new notion of history-generating decentralized random beacons (HGDRBs). Roughly, the history-generation property of HGDRBs allows for previous beacon outputs to be efficiently generated knowing only the current value and the public key. At application layers, history-generation supports registering a sparser set of on-chain values if desired, so that apps like lotteries can utilize on-chain values without incurring high-frequency costs, enjoying all the benefits of DRBs implemented off-chain or with decoupled, special-purpose chains. Unlike rollups, HG is tailored specifically to recovering and verifying pseudorandom bit sequences and thus enjoys unique optimizations investigated in this work. We introduce STROBE: an efficient HGDRB construction which generalizes the original squaring-based RSA approach of Beaver and So. STROBE enjoys several useful properties that make it suited for practical applications that use beacons: 1) history-generating: it can regenerate and verify high-throughput beacon streams, supporting sparse (thus cost-effective) ledger entries; 2) concisely self-verifying: NIZK-free, with state and validation employing a single ring element; 3) eco-friendly: stake-based rather than work based; 4) unbounded: refresh-free, addressing limitations of Beaver and So; 5) delay-free: results are immediately available. 6) storage-efficient: the last beacon suffices to derive all past outputs, thus O(1) storage requirements for nodes serving the whole history.","lang":"eng"}],"has_accepted_license":"1","language":[{"iso":"eng"}],"oa":1,"oa_version":"Published Version","date_created":"2023-11-12T23:00:55Z","type":"conference","article_number":"7","conference":{"end_date":"2023-10-25","name":"AFT: Conference on Advances in Financial Technologies","start_date":"2023-10-23","location":"Princeton, NJ, United States"},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"STROBE: Streaming Threshold Random Beacons","scopus_import":"1","alternative_title":["LIPIcs"],"author":[{"full_name":"Beaver, Donald","last_name":"Beaver","first_name":"Donald"},{"last_name":"Kelkar","first_name":"Mahimna","full_name":"Kelkar, Mahimna"},{"full_name":"Lewi, Kevin","first_name":"Kevin","last_name":"Lewi"},{"full_name":"Nikolaenko, Valeria","first_name":"Valeria","last_name":"Nikolaenko"},{"last_name":"Sonnino","first_name":"Alberto","full_name":"Sonnino, Alberto"},{"first_name":"Konstantinos","last_name":"Chalkias","full_name":"Chalkias, Konstantinos"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Naurois, Ladi De","first_name":"Ladi De","last_name":"Naurois"},{"last_name":"Roy","first_name":"Arnab","full_name":"Roy, Arnab"}],"intvolume":" 282","year":"2023","article_processing_charge":"Yes","doi":"10.4230/LIPIcs.AFT.2023.7","file_date_updated":"2023-11-13T08:44:34Z","month":"10","main_file_link":[{"url":"https://eprint.iacr.org/2021/1643","open_access":"1"}],"corr_author":"1","day":"01","status":"public","file":[{"relation":"main_file","date_created":"2023-11-13T08:44:34Z","file_id":"14521","creator":"dernst","date_updated":"2023-11-13T08:44:34Z","content_type":"application/pdf","checksum":"c1f98831cb5149d6c030c41999e6e960","file_size":793495,"access_level":"open_access","file_name":"2023_LIPIcs_Beaver.pdf","success":1}],"publication_identifier":{"issn":["1868-8969"],"isbn":["9783959773034"]},"publication":"5th Conference on Advances in Financial Technologies","tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)"},"volume":282,"publisher":"Schloss Dagstuhl - Leibniz-Zentrum für Informatik","publication_status":"published","quality_controlled":"1","ddc":["000"],"acknowledgement":"Work done when all the authors were at Novi Research, Meta."},{"ddc":["000"],"acknowledgement":"The authors would like to thank Amit Agarwal, Andrew Miller, and Tom Yurek for the helpful discussions related to the paper. This work is funded in part by a VMware early career faculty grant, a Chainlink Labs Ph.D. fellowship, the National Science Foundation, and the Austrian Science Fund (FWF) F8512-N.","quality_controlled":"1","publisher":"Usenix","publication_status":"published","publication":"32nd USENIX Security Symposium","volume":8,"file":[{"checksum":"1a730765930138e23c6efd2575872641","content_type":"application/pdf","creator":"dernst","date_updated":"2023-11-28T09:14:34Z","success":1,"file_name":"2023_USENIX_Das.pdf","access_level":"open_access","file_size":704331,"relation":"main_file","date_created":"2023-11-28T09:14:34Z","file_id":"14621"}],"publication_identifier":{"isbn":["9781713879497"]},"day":"15","status":"public","corr_author":"1","main_file_link":[{"url":"https://eprint.iacr.org/2022/1389","open_access":"1"}],"month":"08","project":[{"grant_number":"F8512","name":"Security and Privacy by Design for Complex Systems","_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f"}],"file_date_updated":"2023-11-28T09:14:34Z","year":"2023","article_processing_charge":"No","author":[{"first_name":"Sourav","last_name":"Das","full_name":"Das, Sourav"},{"full_name":"Xiang, Zhuolun","first_name":"Zhuolun","last_name":"Xiang"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","last_name":"Kokoris Kogias","first_name":"Eleftherios"},{"last_name":"Ren","first_name":"Ling","full_name":"Ren, Ling"}],"intvolume":" 8","scopus_import":"1","conference":{"name":"USENIX Security Symposium","end_date":"2023-08-11","location":"Anaheim, CA, United States","start_date":"2023-08-09"},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling","type":"conference","date_created":"2023-11-26T23:00:55Z","oa_version":"Published Version","oa":1,"has_accepted_license":"1","language":[{"iso":"eng"}],"citation":{"short":"S. Das, Z. Xiang, E. Kokoris Kogias, L. Ren, in:, 32nd USENIX Security Symposium, Usenix, 2023, pp. 5359–5376.","mla":"Das, Sourav, et al. “Practical Asynchronous High-Threshold Distributed Key Generation and Distributed Polynomial Sampling.” 32nd USENIX Security Symposium, vol. 8, Usenix, 2023, pp. 5359–76.","apa":"Das, S., Xiang, Z., Kokoris Kogias, E., & Ren, L. (2023). Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. In 32nd USENIX Security Symposium (Vol. 8, pp. 5359–5376). Anaheim, CA, United States: Usenix.","ista":"Das S, Xiang Z, Kokoris Kogias E, Ren L. 2023. Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. 32nd USENIX Security Symposium. USENIX Security Symposium vol. 8, 5359–5376.","chicago":"Das, Sourav, Zhuolun Xiang, Eleftherios Kokoris Kogias, and Ling Ren. “Practical Asynchronous High-Threshold Distributed Key Generation and Distributed Polynomial Sampling.” In 32nd USENIX Security Symposium, 8:5359–76. Usenix, 2023.","ama":"Das S, Xiang Z, Kokoris Kogias E, Ren L. Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. In: 32nd USENIX Security Symposium. Vol 8. Usenix; 2023:5359-5376.","ieee":"S. Das, Z. Xiang, E. Kokoris Kogias, and L. Ren, “Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling,” in 32nd USENIX Security Symposium, Anaheim, CA, United States, 2023, vol. 8, pp. 5359–5376."},"date_published":"2023-08-15T00:00:00Z","department":[{"_id":"ElKo"}],"page":"5359-5376","date_updated":"2025-04-15T08:16:55Z","_id":"14609","abstract":[{"text":"Distributed Key Generation (DKG) is a technique to bootstrap threshold cryptosystems without a trusted party. DKG is an essential building block to many decentralized protocols such as randomness beacons, threshold signatures, Byzantine consensus, and multiparty computation. While significant progress has been made recently, existing asynchronous DKG constructions are inefficient when the reconstruction threshold is larger than one-third of the total nodes. In this paper, we present a simple and concretely efficient asynchronous DKG (ADKG) protocol among n = 3t + 1 nodes that can tolerate up to t malicious nodes and support any reconstruction threshold ℓ ≥ t. Our protocol has an expected O(κn3) communication cost, where κ is the security parameter, and only assumes the hardness of the Discrete Logarithm. The\r\ncore ingredient of our ADKG protocol is an asynchronous protocol to secret share a random polynomial of degree ℓ ≥ t, which has other applications, such as asynchronous proactive secret sharing and asynchronous multiparty computation. We implement our high-threshold ADKG protocol and evaluate it using a network of up to 128 geographically distributed nodes. Our evaluation shows that our high-threshold ADKG protocol reduces the running time by 90% and bandwidth usage by 80% over the state-of-the-art.","lang":"eng"}]},{"publication_identifier":{"issn":["1611-3349"],"isbn":["9783031477539"],"eissn":["0302-9743"],"eisbn":["9783031477546"]},"day":"01","status":"public","publisher":"Springer Nature","publication_status":"published","publication":"27th International Conference on Financial Cryptography and Data Security","volume":13950,"external_id":{"isi":["001150222600001"]},"acknowledgement":"Eleftherios Kokoris-Kogias is partially supported by Austrian Science Fund (FWF) grant No: F8512-N.","quality_controlled":"1","project":[{"name":"Security and Privacy by Design for Complex Systems","grant_number":"F8512","_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f"}],"doi":"10.1007/978-3-031-47754-6_1","month":"12","main_file_link":[{"url":"https://eprint.iacr.org/2022/1554","open_access":"1"}],"corr_author":"1","scopus_import":"1","conference":{"end_date":"2023-05-05","name":"FC: Financial Cryptography and Data Security","start_date":"2023-05-01","location":"Bol, Brac, Croatia"},"title":"Executing and proving over dirty ledgers","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","alternative_title":["LNCS"],"author":[{"first_name":"Christos","last_name":"Stefo","id":"a20e8902-32b0-11ee-9fa8-b23fa638b793","full_name":"Stefo, Christos"},{"last_name":"Xiang","first_name":"Zhuolun","full_name":"Xiang, Zhuolun"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"}],"intvolume":" 13950","year":"2023","article_processing_charge":"No","language":[{"iso":"eng"}],"date_published":"2023-12-01T00:00:00Z","page":"3-20","citation":{"mla":"Stefo, Christos, et al. “Executing and Proving over Dirty Ledgers.” 27th International Conference on Financial Cryptography and Data Security, vol. 13950, Springer Nature, 2023, pp. 3–20, doi:10.1007/978-3-031-47754-6_1.","short":"C. Stefo, Z. Xiang, E. Kokoris Kogias, in:, 27th International Conference on Financial Cryptography and Data Security, Springer Nature, 2023, pp. 3–20.","apa":"Stefo, C., Xiang, Z., & Kokoris Kogias, E. (2023). Executing and proving over dirty ledgers. In 27th International Conference on Financial Cryptography and Data Security (Vol. 13950, pp. 3–20). Bol, Brac, Croatia: Springer Nature. https://doi.org/10.1007/978-3-031-47754-6_1","ama":"Stefo C, Xiang Z, Kokoris Kogias E. Executing and proving over dirty ledgers. In: 27th International Conference on Financial Cryptography and Data Security. Vol 13950. Springer Nature; 2023:3-20. doi:10.1007/978-3-031-47754-6_1","ieee":"C. Stefo, Z. Xiang, and E. Kokoris Kogias, “Executing and proving over dirty ledgers,” in 27th International Conference on Financial Cryptography and Data Security, Bol, Brac, Croatia, 2023, vol. 13950, pp. 3–20.","ista":"Stefo C, Xiang Z, Kokoris Kogias E. 2023. Executing and proving over dirty ledgers. 27th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13950, 3–20.","chicago":"Stefo, Christos, Zhuolun Xiang, and Eleftherios Kokoris Kogias. “Executing and Proving over Dirty Ledgers.” In 27th International Conference on Financial Cryptography and Data Security, 13950:3–20. Springer Nature, 2023. https://doi.org/10.1007/978-3-031-47754-6_1."},"department":[{"_id":"ElKo"},{"_id":"GradSch"}],"_id":"14735","abstract":[{"text":"Scaling blockchain protocols to perform on par with the expected needs of Web3.0 has been proven to be a challenging task with almost a decade of research. In the forefront of the current solution is the idea of separating the execution of the updates encoded in a block from the ordering of blocks. In order to achieve this, a new class of protocols called rollups has emerged. Rollups have as input a total ordering of valid and invalid transactions and as output a new valid state-transition.\r\nIf we study rollups from a distributed computing perspective, we uncover that rollups take as input the output of a Byzantine Atomic Broadcast (BAB) protocol and convert it to a State Machine Replication (SMR) protocol. BAB and SMR, however, are considered equivalent as far as distributed computing is concerned and a solution to one can easily be retrofitted to solve the other simply by adding/removing an execution step before the validation of the input.\r\nThis “easy” step of retrofitting an atomic broadcast solution to implement an SMR has, however, been overlooked in practice. In this paper, we formalize the problem and show that after BAB is solved, traditional impossibility results for consensus no longer apply towards an SMR. Leveraging this we propose a distributed execution protocol that allows reduced execution and storage cost per executor (O(log2n/n)) without relaxing the network assumptions of the underlying BAB protocol and providing censorship-resistance. Finally, we propose efficient non-interactive light client constructions that leverage our efficient execution protocols and do not require any synchrony assumptions or expensive ZK-proofs.","lang":"eng"}],"date_updated":"2025-09-09T14:07:16Z","isi":1,"oa":1,"type":"conference","oa_version":"Preprint","date_created":"2024-01-08T09:17:38Z"},{"page":"281-297","citation":{"apa":"Tennage, P., Basescu, C., Kokoris Kogias, E., Syta, E., Jovanovic, P., Estrada-Galinanes, V., & Ford, B. (2023). QuePaxa: Escaping the tyranny of timeouts in consensus. In Proceedings of the 29th Symposium on Operating Systems Principles (pp. 281–297). Koblenz, Germany: Association for Computing Machinery. https://doi.org/10.1145/3600006.3613150","mla":"Tennage, Pasindu, et al. “QuePaxa: Escaping the Tyranny of Timeouts in Consensus.” Proceedings of the 29th Symposium on Operating Systems Principles, Association for Computing Machinery, 2023, pp. 281–97, doi:10.1145/3600006.3613150.","short":"P. Tennage, C. Basescu, E. Kokoris Kogias, E. Syta, P. Jovanovic, V. Estrada-Galinanes, B. Ford, in:, Proceedings of the 29th Symposium on Operating Systems Principles, Association for Computing Machinery, 2023, pp. 281–297.","ieee":"P. Tennage et al., “QuePaxa: Escaping the tyranny of timeouts in consensus,” in Proceedings of the 29th Symposium on Operating Systems Principles, Koblenz, Germany, 2023, pp. 281–297.","ama":"Tennage P, Basescu C, Kokoris Kogias E, et al. QuePaxa: Escaping the tyranny of timeouts in consensus. In: Proceedings of the 29th Symposium on Operating Systems Principles. Association for Computing Machinery; 2023:281-297. doi:10.1145/3600006.3613150","chicago":"Tennage, Pasindu, Cristina Basescu, Eleftherios Kokoris Kogias, Ewa Syta, Philipp Jovanovic, Vero Estrada-Galinanes, and Bryan Ford. “QuePaxa: Escaping the Tyranny of Timeouts in Consensus.” In Proceedings of the 29th Symposium on Operating Systems Principles, 281–97. Association for Computing Machinery, 2023. https://doi.org/10.1145/3600006.3613150.","ista":"Tennage P, Basescu C, Kokoris Kogias E, Syta E, Jovanovic P, Estrada-Galinanes V, Ford B. 2023. QuePaxa: Escaping the tyranny of timeouts in consensus. Proceedings of the 29th Symposium on Operating Systems Principles. SOSP: Symposium on Operating Systems Principles, 281–297."},"date_published":"2023-10-01T00:00:00Z","department":[{"_id":"ElKo"}],"_id":"14743","abstract":[{"lang":"eng","text":"Leader-based consensus algorithms are fast and efficient under normal conditions, but lack robustness to adverse conditions due to their reliance on timeouts for liveness. We present QuePaxa, the first protocol offering state-of-the-art normal-case efficiency without depending on timeouts. QuePaxa uses a novel randomized asynchronous consensus core to tolerate adverse conditions such as denial-of-service (DoS) attacks, while a one-round-trip fast path preserves the normal-case efficiency of Multi-Paxos or Raft. By allowing simultaneous proposers without destructive interference, and using short hedging delays instead of conservative timeouts to limit redundant effort, QuePaxa permits rapid recovery after leader failure without risking costly view changes due to false timeouts. By treating leader choice and hedging delay as a multi-armed-bandit optimization, QuePaxa achieves responsiveness to prevalent conditions, and can choose the best leader even if the current one has not failed. Experiments with a prototype confirm that QuePaxa achieves normal-case LAN and WAN performance of 584k and 250k cmd/sec in throughput, respectively, comparable to Multi-Paxos. Under conditions such as DoS attacks, misconfigurations, or slow leaders that severely impact existing protocols, we find that QuePaxa remains live with median latency under 380ms in WAN experiments."}],"date_updated":"2025-09-09T14:10:09Z","language":[{"iso":"eng"}],"isi":1,"oa":1,"date_created":"2024-01-08T12:54:35Z","oa_version":"Published Version","type":"conference","conference":{"start_date":"2023-10-23","location":"Koblenz, Germany","name":"SOSP: Symposium on Operating Systems Principles","end_date":"2023-10-26"},"title":"QuePaxa: Escaping the tyranny of timeouts in consensus","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","scopus_import":"1","author":[{"full_name":"Tennage, Pasindu","last_name":"Tennage","first_name":"Pasindu"},{"last_name":"Basescu","first_name":"Cristina","full_name":"Basescu, Cristina"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"first_name":"Ewa","last_name":"Syta","full_name":"Syta, Ewa"},{"first_name":"Philipp","last_name":"Jovanovic","full_name":"Jovanovic, Philipp"},{"full_name":"Estrada-Galinanes, Vero","first_name":"Vero","last_name":"Estrada-Galinanes"},{"full_name":"Ford, Bryan","first_name":"Bryan","last_name":"Ford"}],"year":"2023","article_processing_charge":"No","doi":"10.1145/3600006.3613150","month":"10","main_file_link":[{"url":"https://doi.org/10.1145/3600006.3613150","open_access":"1"}],"day":"01","status":"public","publication_identifier":{"isbn":["9798400702297"]},"publication":"Proceedings of the 29th Symposium on Operating Systems Principles","publisher":"Association for Computing Machinery","publication_status":"published","quality_controlled":"1","external_id":{"isi":["001135072900018"]},"acknowledgement":"The authors would like to thank Marcos K. Aguilera, Pierluca Borsò, Aleksey Charapko, Rachid Guerraoui, Jovan Komatovic, Derek Leung, Louis-Henri Merino, Shailesh Mishra, Haochen Pan, Rodrigo Rodrigues, Lewis Tseng, and Haoqian Zhang for their helpful feedback on early drafts of this paper."},{"alternative_title":["LNCS"],"title":"Divide & Scale: Formalization and roadmap to robust sharding","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","conference":{"start_date":"2023-06-06","location":"Alcalá de Henares, Spain","name":"SIROCCO: Structural Information and Communication Complexity","end_date":"2023-06-09"},"scopus_import":"1","article_processing_charge":"No","year":"2023","intvolume":" 13892","author":[{"last_name":"Avarikioti","first_name":"Zeta","full_name":"Avarikioti, Zeta"},{"first_name":"Antoine","last_name":"Desjardins","id":"06d0c166-aec1-11ee-a7c0-b96e840a602b","full_name":"Desjardins, Antoine"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"last_name":"Wattenhofer","first_name":"Roger","full_name":"Wattenhofer, Roger"}],"abstract":[{"lang":"eng","text":"Sharding distributed ledgers is a promising on-chain solution for scaling blockchains but lacks formal grounds, nurturing skepticism on whether such complex systems can scale blockchains securely. We fill this gap by introducing the first formal framework as well as a roadmap to robust sharding. In particular, we first define the properties sharded distributed ledgers should fulfill. We build upon and extend the Bitcoin backbone protocol by defining consistency and scalability. Consistency encompasses the need for atomic execution of cross-shard transactions to preserve safety, whereas scalability encapsulates the speedup a sharded system can gain in comparison to a non-sharded system.\r\nUsing our model, we explore the limitations of sharding. We show that a sharded ledger with n participants cannot scale under a fully adaptive adversary, but it can scale up to m shards where n=c'm log m, under an epoch-adaptive adversary; the constant c' encompasses the trade-off between security and scalability. This is possible only if the sharded ledgers create succinct proofs of the valid state updates at every epoch. We leverage our results to identify the sufficient components for robust sharding, which we incorporate in a protocol abstraction termed Divide & Scale. To demonstrate the power of our framework, we analyze the most prominent sharded blockchains (Elastico, Monoxide, OmniLedger, RapidChain) and pinpoint where they fail to meet the desired properties."}],"_id":"14744","date_updated":"2025-09-09T14:10:46Z","date_published":"2023-06-01T00:00:00Z","page":"199-245","citation":{"apa":"Avarikioti, Z., Desjardins, A., Kokoris Kogias, E., & Wattenhofer, R. (2023). Divide & Scale: Formalization and roadmap to robust sharding. In 30th International Colloquium on Structural Information and Communication Complexity (Vol. 13892, pp. 199–245). Alcalá de Henares, Spain: Springer Nature. https://doi.org/10.1007/978-3-031-32733-9_10","mla":"Avarikioti, Zeta, et al. “Divide & Scale: Formalization and Roadmap to Robust Sharding.” 30th International Colloquium on Structural Information and Communication Complexity, vol. 13892, Springer Nature, 2023, pp. 199–245, doi:10.1007/978-3-031-32733-9_10.","short":"Z. Avarikioti, A. Desjardins, E. Kokoris Kogias, R. Wattenhofer, in:, 30th International Colloquium on Structural Information and Communication Complexity, Springer Nature, 2023, pp. 199–245.","chicago":"Avarikioti, Zeta, Antoine Desjardins, Eleftherios Kokoris Kogias, and Roger Wattenhofer. “Divide & Scale: Formalization and Roadmap to Robust Sharding.” In 30th International Colloquium on Structural Information and Communication Complexity, 13892:199–245. Springer Nature, 2023. https://doi.org/10.1007/978-3-031-32733-9_10.","ista":"Avarikioti Z, Desjardins A, Kokoris Kogias E, Wattenhofer R. 2023. Divide & Scale: Formalization and roadmap to robust sharding. 30th International Colloquium on Structural Information and Communication Complexity. SIROCCO: Structural Information and Communication Complexity, LNCS, vol. 13892, 199–245.","ama":"Avarikioti Z, Desjardins A, Kokoris Kogias E, Wattenhofer R. Divide & Scale: Formalization and roadmap to robust sharding. In: 30th International Colloquium on Structural Information and Communication Complexity. Vol 13892. Springer Nature; 2023:199-245. doi:10.1007/978-3-031-32733-9_10","ieee":"Z. Avarikioti, A. Desjardins, E. Kokoris Kogias, and R. Wattenhofer, “Divide & Scale: Formalization and roadmap to robust sharding,” in 30th International Colloquium on Structural Information and Communication Complexity, Alcalá de Henares, Spain, 2023, vol. 13892, pp. 199–245."},"department":[{"_id":"ElKo"}],"language":[{"iso":"eng"}],"date_created":"2024-01-08T12:56:46Z","oa_version":"None","type":"conference","isi":1,"volume":13892,"publication":"30th International Colloquium on Structural Information and Communication Complexity","publication_status":"published","publisher":"Springer Nature","status":"public","day":"01","publication_identifier":{"eisbn":["9783031327339"],"isbn":["9783031327322"],"issn":["0302-9743"],"eissn":["1611-3349"]},"quality_controlled":"1","acknowledgement":"The work was partially supported by the Austrian Science Fund (FWF) through the project CoRaF (grant agreement 2020388).","external_id":{"isi":["001292782600010"]},"month":"06","doi":"10.1007/978-3-031-32733-9_10"},{"main_file_link":[{"url":"https://fc23.ifca.ai/preproceedings/150.pdf","open_access":"1"}],"project":[{"_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f","name":"Security and Privacy by Design for Complex Systems","grant_number":"F8512"}],"doi":"10.1007/978-3-031-47751-5_3","month":"12","external_id":{"isi":["001150231600003"]},"acknowledgement":"This work is partially supported by Meta. Eleftherios Kokoris-Kogias is partially supported by Austrian Science Fund (FWF) grant No: F8512-N. Shir Cohen is supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities.","quality_controlled":"1","publication_identifier":{"issn":["0302-9743"],"isbn":["9783031477508"],"eissn":["1611-3349"],"eisbn":["9783031477515"]},"day":"01","status":"public","publisher":"Springer Nature","publication_status":"published","publication":"27th International Conference on Financial Cryptography and Data Security","volume":13951,"isi":1,"oa":1,"type":"conference","oa_version":"Submitted Version","date_created":"2024-01-18T07:41:12Z","language":[{"iso":"eng"}],"department":[{"_id":"ElKo"}],"citation":{"short":"S. Cohen, G. Goren, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, in:, 27th International Conference on Financial Cryptography and Data Security, Springer Nature, 2023, pp. 36–53.","mla":"Cohen, Shir, et al. “Proof of Availability and Retrieval in a Modular Blockchain Architecture.” 27th International Conference on Financial Cryptography and Data Security, vol. 13951, Springer Nature, 2023, pp. 36–53, doi:10.1007/978-3-031-47751-5_3.","apa":"Cohen, S., Goren, G., Kokoris Kogias, E., Sonnino, A., & Spiegelman, A. (2023). Proof of availability and retrieval in a modular blockchain architecture. In 27th International Conference on Financial Cryptography and Data Security (Vol. 13951, pp. 36–53). Bol, Brac, Croatia: Springer Nature. https://doi.org/10.1007/978-3-031-47751-5_3","ama":"Cohen S, Goren G, Kokoris Kogias E, Sonnino A, Spiegelman A. Proof of availability and retrieval in a modular blockchain architecture. In: 27th International Conference on Financial Cryptography and Data Security. Vol 13951. Springer Nature; 2023:36-53. doi:10.1007/978-3-031-47751-5_3","ieee":"S. Cohen, G. Goren, E. Kokoris Kogias, A. Sonnino, and A. Spiegelman, “Proof of availability and retrieval in a modular blockchain architecture,” in 27th International Conference on Financial Cryptography and Data Security, Bol, Brac, Croatia, 2023, vol. 13951, pp. 36–53.","ista":"Cohen S, Goren G, Kokoris Kogias E, Sonnino A, Spiegelman A. 2023. Proof of availability and retrieval in a modular blockchain architecture. 27th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13951, 36–53.","chicago":"Cohen, Shir, Guy Goren, Eleftherios Kokoris Kogias, Alberto Sonnino, and Alexander Spiegelman. “Proof of Availability and Retrieval in a Modular Blockchain Architecture.” In 27th International Conference on Financial Cryptography and Data Security, 13951:36–53. Springer Nature, 2023. https://doi.org/10.1007/978-3-031-47751-5_3."},"date_published":"2023-12-01T00:00:00Z","page":"36-53","_id":"14829","abstract":[{"text":"This paper explores a modular design architecture aimed at helping blockchains (and other SMR implementation) to scale to a very large number of processes. This comes in contrast to existing monolithic architectures that interleave transaction dissemination, ordering, and execution in a single functionality. To achieve this we first split the monolith to multiple layers which can use existing distributed computing primitives. The exact specifications of the data dissemination part are formally defined by the Proof of Availability & Retrieval (PoA &R) abstraction. Solutions to the PoA &R problem contain two related sub-protocols: one that “pushes” information into the network and another that “pulls” this information. Regarding the latter, there is a dearth of research literature which is rectified in this paper. We present a family of pulling sub-protocols and rigorously analyze them. Extensive simulations support the theoretical claims of efficiency and robustness in case of a very large number of players. Finally, actual implementation and deployment on a small number of machines (roughly the size of several industrial systems) demonstrates the viability of the architecture’s paradigm.","lang":"eng"}],"date_updated":"2025-09-09T14:22:38Z","author":[{"first_name":"Shir","last_name":"Cohen","full_name":"Cohen, Shir"},{"last_name":"Goren","first_name":"Guy","full_name":"Goren, Guy"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"full_name":"Spiegelman, Alexander","first_name":"Alexander","last_name":"Spiegelman"}],"intvolume":" 13951","year":"2023","article_processing_charge":"No","scopus_import":"1","conference":{"end_date":"2023-05-05","name":"FC: Financial Cryptography and Data Security","location":"Bol, Brac, Croatia","start_date":"2023-05-01"},"user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","title":"Proof of availability and retrieval in a modular blockchain architecture","alternative_title":["LNCS"]},{"oa":1,"main_file_link":[{"url":"https://eprint.iacr.org/2023/081","open_access":"1"}],"type":"conference","date_created":"2024-02-14T14:20:40Z","oa_version":"Published Version","doi":"10.14722/ndss.2023.24545","month":"03","language":[{"iso":"eng"}],"date_published":"2023-03-01T00:00:00Z","department":[{"_id":"ElKo"}],"citation":{"short":"H. Malvai, E. Kokoris Kogias, A. Sonnino, E. Ghosh, E. Oztürk, K. Lewi, S. Lawlor, in:, Proceedings of the 2023 Network and Distributed System Security Symposium, Internet Society, 2023.","mla":"Malvai, Harjasleen, et al. “Parakeet: Practical Key Transparency for End-to-End EEncrypted Messaging.” Proceedings of the 2023 Network and Distributed System Security Symposium, Internet Society, 2023, doi:10.14722/ndss.2023.24545.","apa":"Malvai, H., Kokoris Kogias, E., Sonnino, A., Ghosh, E., Oztürk, E., Lewi, K., & Lawlor, S. (2023). Parakeet: Practical key transparency for end-to-end eEncrypted messaging. In Proceedings of the 2023 Network and Distributed System Security Symposium. San Diego, CA, United States: Internet Society. https://doi.org/10.14722/ndss.2023.24545","ieee":"H. Malvai et al., “Parakeet: Practical key transparency for end-to-end eEncrypted messaging,” in Proceedings of the 2023 Network and Distributed System Security Symposium, San Diego, CA, United States, 2023.","ama":"Malvai H, Kokoris Kogias E, Sonnino A, et al. Parakeet: Practical key transparency for end-to-end eEncrypted messaging. In: Proceedings of the 2023 Network and Distributed System Security Symposium. Internet Society; 2023. doi:10.14722/ndss.2023.24545","ista":"Malvai H, Kokoris Kogias E, Sonnino A, Ghosh E, Oztürk E, Lewi K, Lawlor S. 2023. Parakeet: Practical key transparency for end-to-end eEncrypted messaging. Proceedings of the 2023 Network and Distributed System Security Symposium. NDSS: Network and Distributed Systems Security.","chicago":"Malvai, Harjasleen, Eleftherios Kokoris Kogias, Alberto Sonnino, Esha Ghosh, Ercan Oztürk, Kevin Lewi, and Sean Lawlor. “Parakeet: Practical Key Transparency for End-to-End EEncrypted Messaging.” In Proceedings of the 2023 Network and Distributed System Security Symposium. Internet Society, 2023. https://doi.org/10.14722/ndss.2023.24545."},"_id":"14989","abstract":[{"lang":"eng","text":"Encryption alone is not enough for secure end-to end encrypted messaging: a server must also honestly serve public keys to users. Key transparency has been presented as an efficient\r\nsolution for detecting (and hence deterring) a server that attempts to dishonestly serve keys. Key transparency involves two major components: (1) a username to public key mapping, stored and cryptographically committed to by the server, and, (2) an outof-band consistency protocol for serving short commitments to users. In the setting of real-world deployments and supporting production scale, new challenges must be considered for both of these components. We enumerate these challenges and provide solutions to address them. In particular, we design and implement a memory-optimized and privacy-preserving verifiable data structure for committing to the username to public key store.\r\nTo make this implementation viable for production, we also integrate support for persistent and distributed storage. We also propose a future-facing solution, termed “compaction”, as\r\na mechanism for mitigating practical issues that arise from dealing with infinitely growing server data structures. Finally, we implement a consensusless solution that achieves the minimum requirements for a service that consistently distributes commitments for a transparency application, providing a much more efficient protocol for distributing small and consistent\r\ncommitments to users. This culminates in our production-grade implementation of a key transparency system (Parakeet) which we have open-sourced, along with a demonstration of feasibility through our benchmarks."}],"date_updated":"2024-10-21T06:01:37Z","acknowledgement":"This work is supported by the Novi team at Meta and funded in part by IC3 industry partners and NSF grant 1943499.","author":[{"first_name":"Harjasleen","last_name":"Malvai","full_name":"Malvai, Harjasleen"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"first_name":"Alberto","last_name":"Sonnino","full_name":"Sonnino, Alberto"},{"last_name":"Ghosh","first_name":"Esha","full_name":"Ghosh, Esha"},{"full_name":"Oztürk, Ercan","first_name":"Ercan","last_name":"Oztürk"},{"full_name":"Lewi, Kevin","first_name":"Kevin","last_name":"Lewi"},{"last_name":"Lawlor","first_name":"Sean","full_name":"Lawlor, Sean"}],"quality_controlled":"1","year":"2023","article_processing_charge":"No","publication_identifier":{"isbn":["1891562835"]},"scopus_import":"1","day":"01","conference":{"location":"San Diego, CA, United States","start_date":"2023-02-27","name":"NDSS: Network and Distributed Systems Security","end_date":"2023-03-03"},"status":"public","title":"Parakeet: Practical key transparency for end-to-end eEncrypted messaging","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publisher":"Internet Society","publication_status":"published","publication":"Proceedings of the 2023 Network and Distributed System Security Symposium"},{"scopus_import":"1","user_id":"4359f0d1-fa6c-11eb-b949-802e58b17ae8","title":"Hierarchical consensus: A horizontal scaling framework for blockchains","conference":{"name":"ICDCSW: International Conference on Distributed Computing Systems Workshop","end_date":"2022-07-10","location":"Bologna, Italy","start_date":"2022-07-10"},"intvolume":" 2022","author":[{"first_name":"Alfonso","last_name":"De la Rocha","full_name":"De la Rocha, Alfonso"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"full_name":"Soares, Jorge M.","last_name":"Soares","first_name":"Jorge M."},{"full_name":"Vukolic, Marko","last_name":"Vukolic","first_name":"Marko"}],"article_processing_charge":"No","year":"2022","language":[{"iso":"eng"}],"_id":"12160","abstract":[{"lang":"eng","text":"We present the Filecoin Hierarchical Consensus framework, which aims to overcome the throughput challenges of blockchain consensus by horizontally scaling the network. Unlike traditional sharding designs, based on partitioning the state of the network, our solution centers on the concept of subnets -which are organized hierarchically- and can be spawned on-demand to manage new state. Child sub nets are firewalled from parent subnets, have their own specific policies, and run a different consensus algorithm, increasing the network capacity and enabling new applications. Moreover, they benefit from the security of parent subnets by periodically checkpointing state. In this paper, we introduce the overall system architecture, our detailed designs for cross-net transaction handling, and the open questions that we are still exploring."}],"date_updated":"2023-08-04T09:06:02Z","citation":{"mla":"De la Rocha, Alfonso, et al. “Hierarchical Consensus: A Horizontal Scaling Framework for Blockchains.” 42nd International Conference on Distributed Computing Systems Workshops, vol. 2022, Institute of Electrical and Electronics Engineers, 2022, pp. 45–52, doi:10.1109/icdcsw56584.2022.00018.","short":"A. De la Rocha, E. Kokoris Kogias, J.M. Soares, M. Vukolic, in:, 42nd International Conference on Distributed Computing Systems Workshops, Institute of Electrical and Electronics Engineers, 2022, pp. 45–52.","apa":"De la Rocha, A., Kokoris Kogias, E., Soares, J. M., & Vukolic, M. (2022). Hierarchical consensus: A horizontal scaling framework for blockchains. In 42nd International Conference on Distributed Computing Systems Workshops (Vol. 2022, pp. 45–52). Bologna, Italy: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/icdcsw56584.2022.00018","ieee":"A. De la Rocha, E. Kokoris Kogias, J. M. Soares, and M. Vukolic, “Hierarchical consensus: A horizontal scaling framework for blockchains,” in 42nd International Conference on Distributed Computing Systems Workshops, Bologna, Italy, 2022, vol. 2022, pp. 45–52.","ama":"De la Rocha A, Kokoris Kogias E, Soares JM, Vukolic M. Hierarchical consensus: A horizontal scaling framework for blockchains. In: 42nd International Conference on Distributed Computing Systems Workshops. Vol 2022. Institute of Electrical and Electronics Engineers; 2022:45-52. doi:10.1109/icdcsw56584.2022.00018","ista":"De la Rocha A, Kokoris Kogias E, Soares JM, Vukolic M. 2022. Hierarchical consensus: A horizontal scaling framework for blockchains. 42nd International Conference on Distributed Computing Systems Workshops. ICDCSW: International Conference on Distributed Computing Systems Workshop vol. 2022, 45–52.","chicago":"De la Rocha, Alfonso, Eleftherios Kokoris Kogias, Jorge M. Soares, and Marko Vukolic. “Hierarchical Consensus: A Horizontal Scaling Framework for Blockchains.” In 42nd International Conference on Distributed Computing Systems Workshops, 2022:45–52. Institute of Electrical and Electronics Engineers, 2022. https://doi.org/10.1109/icdcsw56584.2022.00018."},"department":[{"_id":"ElKo"}],"date_published":"2022-11-29T00:00:00Z","page":"45-52","isi":1,"type":"conference","oa_version":"None","date_created":"2023-01-12T12:09:28Z","publication_identifier":{"eisbn":["9781665488792"],"eissn":["2332-5666"]},"status":"public","day":"29","publication_status":"published","publisher":"Institute of Electrical and Electronics Engineers","volume":2022,"publication":"42nd International Conference on Distributed Computing Systems Workshops","external_id":{"isi":["000895984800009"]},"quality_controlled":"1","doi":"10.1109/icdcsw56584.2022.00018","month":"11"},{"quality_controlled":"1","external_id":{"arxiv":["2110.00960"],"isi":["001423640200013"]},"status":"public","day":"22","publication_identifier":{"eisbn":["9783031182839"],"eissn":["1611-3349"],"isbn":["9783031182822"],"issn":["0302-9743"]},"arxiv":1,"volume":13411,"publication":"International Conference on Financial Cryptography and Data Security","publication_status":"published","publisher":"Springer Nature","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2110.00960"}],"OA_place":"repository","doi":"10.1007/978-3-031-18283-9_13","OA_type":"green","month":"10","intvolume":" 13411","author":[{"full_name":"Cohen, Shir","last_name":"Cohen","first_name":"Shir"},{"full_name":"Gelashvili, Rati","last_name":"Gelashvili","first_name":"Rati"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Li, Zekun","first_name":"Zekun","last_name":"Li"},{"full_name":"Malkhi, Dahlia","last_name":"Malkhi","first_name":"Dahlia"},{"last_name":"Sonnino","first_name":"Alberto","full_name":"Sonnino, Alberto"},{"first_name":"Alexander","last_name":"Spiegelman","full_name":"Spiegelman, Alexander"}],"article_processing_charge":"No","year":"2022","title":"Be aware of your leaders","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","conference":{"end_date":"2022-05-06","name":"FC: Financial Cryptography and Data Security","location":"Grenada","start_date":"2022-05-02"},"scopus_import":"1","alternative_title":["LNCS"],"isi":1,"oa":1,"date_created":"2023-01-12T12:10:49Z","oa_version":"Preprint","type":"conference","abstract":[{"lang":"eng","text":"Advances in blockchains have influenced the State-Machine-Replication (SMR) world and many state-of-the-art blockchain-SMR solutions are based on two pillars: Chaining and Leader-rotation. A predetermined round-robin mechanism used for Leader-rotation, however, has an undesirable behavior: crashed parties become designated leaders infinitely often, slowing down overall system performance. In this paper, we provide a new Leader-Aware SMR framework that, among other desirable properties, formalizes a Leader-utilization requirement that bounds the number of rounds whose leaders are faulty in crash-only executions.\r\nWe introduce Carousel, a novel, reputation-based Leader-rotation solution to achieve Leader-Aware SMR. The challenge in adaptive Leader-rotation is that it cannot rely on consensus to determine a leader, since consensus itself needs a leader. Carousel uses the available on-chain information to determine a leader locally and achieves Liveness despite this difficulty. A HotStuff implementation fitted with Carousel demonstrates drastic performance improvements: it increases throughput over 2x in faultless settings and provided a 20x throughput increase and 5x latency reduction in the presence of faults."}],"_id":"12168","date_updated":"2025-09-10T09:48:54Z","page":"279-295","citation":{"short":"S. Cohen, R. Gelashvili, E. Kokoris Kogias, Z. Li, D. Malkhi, A. Sonnino, A. Spiegelman, in:, International Conference on Financial Cryptography and Data Security, Springer Nature, 2022, pp. 279–295.","mla":"Cohen, Shir, et al. “Be Aware of Your Leaders.” International Conference on Financial Cryptography and Data Security, vol. 13411, Springer Nature, 2022, pp. 279–95, doi:10.1007/978-3-031-18283-9_13.","apa":"Cohen, S., Gelashvili, R., Kokoris Kogias, E., Li, Z., Malkhi, D., Sonnino, A., & Spiegelman, A. (2022). Be aware of your leaders. In International Conference on Financial Cryptography and Data Security (Vol. 13411, pp. 279–295). Grenada: Springer Nature. https://doi.org/10.1007/978-3-031-18283-9_13","ista":"Cohen S, Gelashvili R, Kokoris Kogias E, Li Z, Malkhi D, Sonnino A, Spiegelman A. 2022. Be aware of your leaders. International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13411, 279–295.","chicago":"Cohen, Shir, Rati Gelashvili, Eleftherios Kokoris Kogias, Zekun Li, Dahlia Malkhi, Alberto Sonnino, and Alexander Spiegelman. “Be Aware of Your Leaders.” In International Conference on Financial Cryptography and Data Security, 13411:279–95. Springer Nature, 2022. https://doi.org/10.1007/978-3-031-18283-9_13.","ieee":"S. Cohen et al., “Be aware of your leaders,” in International Conference on Financial Cryptography and Data Security, Grenada, 2022, vol. 13411, pp. 279–295.","ama":"Cohen S, Gelashvili R, Kokoris Kogias E, et al. Be aware of your leaders. In: International Conference on Financial Cryptography and Data Security. Vol 13411. Springer Nature; 2022:279-295. doi:10.1007/978-3-031-18283-9_13"},"date_published":"2022-10-22T00:00:00Z","department":[{"_id":"ElKo"}],"language":[{"iso":"eng"}]},{"quality_controlled":"1","external_id":{"arxiv":["2201.05677"]},"status":"public","day":"01","publication_identifier":{"isbn":["9781450394505"]},"arxiv":1,"publication":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","publication_status":"published","publisher":"Association for Computing Machinery","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2201.05677"}],"doi":"10.1145/3548606.3559361","month":"11","author":[{"last_name":"Spiegelman","first_name":"Alexander","full_name":"Spiegelman, Alexander"},{"full_name":"Giridharan, Neil","last_name":"Giridharan","first_name":"Neil"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"}],"article_processing_charge":"No","year":"2022","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Bullshark: DAG BFT protocols made practical","conference":{"end_date":"2022-11-11","name":"CCS: Conference on Computer and Communications Security","location":"Los Angeles, CA, United States","start_date":"2022-11-07"},"scopus_import":"1","oa":1,"oa_version":"Preprint","date_created":"2023-01-16T09:49:48Z","type":"conference","_id":"12229","date_updated":"2025-07-10T11:50:26Z","abstract":[{"lang":"eng","text":"We present Bullshark, the first directed acyclic graph (DAG) based asynchronous Byzantine Atomic Broadcast protocol that is optimized for the common synchronous case. Like previous DAG-based BFT protocols [19, 25], Bullshark requires no extra communication to achieve consensus on top of building the DAG. That is, parties can totally order the vertices of the DAG by interpreting their local view of the DAG edges. Unlike other asynchronous DAG-based protocols, Bullshark provides a practical low latency fast-path that exploits synchronous periods and deprecates the need for notoriously complex view-change and view-synchronization mechanisms. Bullshark achieves this while maintaining all the desired properties of its predecessor DAG-Rider [25]. Namely, it has optimal amortized communication complexity, it provides fairness and asynchronous liveness, and safety is guaranteed even under a quantum adversary.\r\n\r\nIn order to show the practicality and simplicity of our approach, we also introduce a standalone partially synchronous version of Bullshark, which we evaluate against the state of the art. The implemented protocol is embarrassingly simple (200 LOC on top of an existing DAG-based mempool implementation). It is highly efficient, achieving for example, 125,000 transactions per second with a 2 seconds latency for a deployment of 50 parties. In the same setting, the state of the art pays a steep 50% latency increase as it optimizes for asynchrony."}],"citation":{"chicago":"Spiegelman, Alexander, Neil Giridharan, Alberto Sonnino, and Eleftherios Kokoris Kogias. “Bullshark: DAG BFT Protocols Made Practical.” In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2705–2718. Association for Computing Machinery, 2022. https://doi.org/10.1145/3548606.3559361.","ista":"Spiegelman A, Giridharan N, Sonnino A, Kokoris Kogias E. 2022. Bullshark: DAG BFT protocols made practical. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS: Conference on Computer and Communications Security, 2705–2718.","ama":"Spiegelman A, Giridharan N, Sonnino A, Kokoris Kogias E. Bullshark: DAG BFT protocols made practical. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery; 2022:2705–2718. doi:10.1145/3548606.3559361","ieee":"A. Spiegelman, N. Giridharan, A. Sonnino, and E. Kokoris Kogias, “Bullshark: DAG BFT protocols made practical,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, United States, 2022, pp. 2705–2718.","apa":"Spiegelman, A., Giridharan, N., Sonnino, A., & Kokoris Kogias, E. (2022). Bullshark: DAG BFT protocols made practical. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 2705–2718). Los Angeles, CA, United States: Association for Computing Machinery. https://doi.org/10.1145/3548606.3559361","short":"A. Spiegelman, N. Giridharan, A. Sonnino, E. Kokoris Kogias, in:, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, 2022, pp. 2705–2718.","mla":"Spiegelman, Alexander, et al. “Bullshark: DAG BFT Protocols Made Practical.” Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, 2022, pp. 2705–2718, doi:10.1145/3548606.3559361."},"page":"2705–2718","date_published":"2022-11-01T00:00:00Z","department":[{"_id":"ElKo"}],"language":[{"iso":"eng"}]},{"publication_status":"published","publisher":"Springer Nature","volume":13411,"publication":"Financial Cryptography and Data Security","publication_identifier":{"issn":["0302-9743"],"isbn":["9783031182822"],"eissn":["1611-3349"],"eisbn":["9783031182839"]},"arxiv":1,"status":"public","day":"22","acknowledgement":"We thank our shepherd Aniket Kate and the anonymous reviewers at FC 2022 for their helpful feedback. This work is supported by the Novi team at Facebook. We also thank the Novi Research and Engineering teams for valuable feedback, and in particular Mathieu Baudet, Andrey Chursin, George Danezis, Zekun Li, and Dahlia Malkhi for discussions that shaped this work.","external_id":{"isi":["001423640200014"],"arxiv":["2106.10362"]},"quality_controlled":"1","month":"10","doi":"10.1007/978-3-031-18283-9_14","main_file_link":[{"url":" https://doi.org/10.48550/arXiv.2106.10362","open_access":"1"}],"alternative_title":["LNCS"],"scopus_import":"1","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","title":"Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback","conference":{"location":"Radisson Grenada Beach Resort, Grenada","start_date":"2022-05-02","name":"FC: Financial Cryptography","end_date":"2022-05-06"},"article_processing_charge":"No","year":"2022","author":[{"full_name":"Gelashvili, Rati","first_name":"Rati","last_name":"Gelashvili"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"first_name":"Alexander","last_name":"Spiegelman","full_name":"Spiegelman, Alexander"},{"full_name":"Xiang, Zhuolun","last_name":"Xiang","first_name":"Zhuolun"}],"intvolume":" 13411","language":[{"iso":"eng"}],"date_updated":"2025-09-10T09:52:23Z","_id":"12298","abstract":[{"text":"Existing committee-based Byzantine state machine replication (SMR) protocols, typically deployed in production blockchains, face a clear trade-off: (1) they either achieve linear communication cost in the steady state, but sacrifice liveness during periods of asynchrony, or (2) they are robust (progress with probability one) but pay quadratic communication cost. We believe this trade-off is unwarranted since existing linear protocols still have asymptotic quadratic cost in the worst case. We design Ditto, a Byzantine SMR protocol that enjoys the best of both worlds: optimal communication on and off the steady state (linear and quadratic, respectively) and progress guarantee under asynchrony and DDoS attacks. We achieve this by replacing the view-synchronization of partially synchronous protocols with an asynchronous fallback mechanism at no extra asymptotic cost. Specifically, we start from HotStuff, a state-of-the-art linear protocol, and gradually build Ditto. As a separate contribution and an intermediate step, we design a 2-chain version of HotStuff, Jolteon, which leverages a quadratic view-change mechanism to reduce the latency of the standard 3-chain HotStuff. We implement and experimentally evaluate all our systems to prove that breaking the robustness-efficiency trade-off is in the realm of practicality.","lang":"eng"}],"department":[{"_id":"ElKo"}],"citation":{"mla":"Gelashvili, Rati, et al. “Jolteon and Ditto: Network-Adaptive Efficient Consensus with Asynchronous Fallback.” Financial Cryptography and Data Security, vol. 13411, Springer Nature, 2022, pp. 296–315, doi:10.1007/978-3-031-18283-9_14.","short":"R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, Z. Xiang, in:, Financial Cryptography and Data Security, Springer Nature, 2022, pp. 296–315.","apa":"Gelashvili, R., Kokoris Kogias, E., Sonnino, A., Spiegelman, A., & Xiang, Z. (2022). Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. In Financial Cryptography and Data Security (Vol. 13411, pp. 296–315). Radisson Grenada Beach Resort, Grenada: Springer Nature. https://doi.org/10.1007/978-3-031-18283-9_14","ama":"Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. In: Financial Cryptography and Data Security. Vol 13411. Springer Nature; 2022:296-315. doi:10.1007/978-3-031-18283-9_14","ieee":"R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, and Z. Xiang, “Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback,” in Financial Cryptography and Data Security, Radisson Grenada Beach Resort, Grenada, 2022, vol. 13411, pp. 296–315.","ista":"Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. 2022. Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. Financial Cryptography and Data Security. FC: Financial Cryptography, LNCS, vol. 13411, 296–315.","chicago":"Gelashvili, Rati, Eleftherios Kokoris Kogias, Alberto Sonnino, Alexander Spiegelman, and Zhuolun Xiang. “Jolteon and Ditto: Network-Adaptive Efficient Consensus with Asynchronous Fallback.” In Financial Cryptography and Data Security, 13411:296–315. Springer Nature, 2022. https://doi.org/10.1007/978-3-031-18283-9_14."},"page":"296-315","date_published":"2022-10-22T00:00:00Z","type":"conference","oa_version":"Preprint","date_created":"2023-01-16T10:05:51Z","isi":1,"oa":1},{"publication":"2022 IEEE Symposium on Security and Privacy","publisher":"Institute of Electrical and Electronics Engineers","publication_status":"published","conference":{"name":"SP: Symposium on Security and Privacy","end_date":"2022-05-26","start_date":"2022-05-23","location":"San Francisco, CA, United States"},"day":"27","status":"public","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Practical asynchronous distributed key generation","publication_identifier":{"eissn":["2375-1207"],"eisbn":["9781665413169"]},"scopus_import":"1","year":"2022","article_processing_charge":"No","author":[{"full_name":"Das, Sourav","first_name":"Sourav","last_name":"Das"},{"last_name":"Yurek","first_name":"Thomas","full_name":"Yurek, Thomas"},{"last_name":"Xiang","first_name":"Zhuolun","full_name":"Xiang, Zhuolun"},{"last_name":"Miller","first_name":"Andrew","full_name":"Miller, Andrew"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Ren, Ling","first_name":"Ling","last_name":"Ren"}],"quality_controlled":"1","acknowledgement":"The authors would like to thank Amit Agarwal, Adithya Bhat, Kobi Gurkan, Dakshita Khurana, Nibesh Shrestha, and Gilad Stern for the helpful discussions related to the paper.\r\nAlso, the authors would like to thank Sylvain Bellemare for helping with the hbACSS codebase and Nicolas Gailly for helping with running the Drand experiments.","page":"2518-2534","date_published":"2022-07-27T00:00:00Z","citation":{"short":"S. Das, T. Yurek, Z. Xiang, A. Miller, E. Kokoris Kogias, L. Ren, in:, 2022 IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers, 2022, pp. 2518–2534.","mla":"Das, Sourav, et al. “Practical Asynchronous Distributed Key Generation.” 2022 IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers, 2022, pp. 2518–34, doi:10.1109/sp46214.2022.9833584.","apa":"Das, S., Yurek, T., Xiang, Z., Miller, A., Kokoris Kogias, E., & Ren, L. (2022). Practical asynchronous distributed key generation. In 2022 IEEE Symposium on Security and Privacy (pp. 2518–2534). San Francisco, CA, United States: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/sp46214.2022.9833584","ama":"Das S, Yurek T, Xiang Z, Miller A, Kokoris Kogias E, Ren L. Practical asynchronous distributed key generation. In: 2022 IEEE Symposium on Security and Privacy. Institute of Electrical and Electronics Engineers; 2022:2518-2534. doi:10.1109/sp46214.2022.9833584","ieee":"S. Das, T. Yurek, Z. Xiang, A. Miller, E. Kokoris Kogias, and L. Ren, “Practical asynchronous distributed key generation,” in 2022 IEEE Symposium on Security and Privacy, San Francisco, CA, United States, 2022, pp. 2518–2534.","ista":"Das S, Yurek T, Xiang Z, Miller A, Kokoris Kogias E, Ren L. 2022. Practical asynchronous distributed key generation. 2022 IEEE Symposium on Security and Privacy. SP: Symposium on Security and Privacy, 2518–2534.","chicago":"Das, Sourav, Thomas Yurek, Zhuolun Xiang, Andrew Miller, Eleftherios Kokoris Kogias, and Ling Ren. “Practical Asynchronous Distributed Key Generation.” In 2022 IEEE Symposium on Security and Privacy, 2518–34. Institute of Electrical and Electronics Engineers, 2022. https://doi.org/10.1109/sp46214.2022.9833584."},"department":[{"_id":"ElKo"}],"abstract":[{"text":"Distributed Key Generation (DKG) is a technique to bootstrap threshold cryptosystems without a trusted third party and is a building block to decentralized protocols such as randomness beacons, threshold signatures, and general multiparty computation. Until recently, DKG protocols have assumed the synchronous model and thus are vulnerable when their underlying network assumptions do not hold. The recent advancements in asynchronous DKG protocols are insufficient as they either have poor efficiency or limited functionality, resulting in a lack of concrete implementations. In this paper, we present a simple and concretely efficient asynchronous DKG (ADKG) protocol. In a network of n nodes, our ADKG protocol can tolerate up to tProceedings of the 17th European Conference on Computer Systems, 34–50. Association for Computing Machinery, 2022. https://doi.org/10.1145/3492321.3519594.","ama":"Danezis G, Kokoris Kogias E, Sonnino A, Spiegelman A. Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus. In: Proceedings of the 17th European Conference on Computer Systems. Association for Computing Machinery; 2022:34-50. doi:10.1145/3492321.3519594","ieee":"G. Danezis, E. Kokoris Kogias, A. Sonnino, and A. Spiegelman, “Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus,” in Proceedings of the 17th European Conference on Computer Systems, Rennes, France, 2022, pp. 34–50.","short":"G. Danezis, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, in:, Proceedings of the 17th European Conference on Computer Systems, Association for Computing Machinery, 2022, pp. 34–50.","mla":"Danezis, George, et al. “Narwhal and Tusk: A DAG-Based Mempool and Efficient BFT Consensus.” Proceedings of the 17th European Conference on Computer Systems, Association for Computing Machinery, 2022, pp. 34–50, doi:10.1145/3492321.3519594.","apa":"Danezis, G., Kokoris Kogias, E., Sonnino, A., & Spiegelman, A. (2022). Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus. In Proceedings of the 17th European Conference on Computer Systems (pp. 34–50). Rennes, France: Association for Computing Machinery. https://doi.org/10.1145/3492321.3519594"},"language":[{"iso":"eng"}],"oa_version":"Preprint","date_created":"2022-04-24T22:01:43Z","type":"conference","isi":1,"oa":1},{"doi":"10.1145/3465084.3467941","month":"07","main_file_link":[{"url":"https://arxiv.org/abs/2103.03181","open_access":"1"}],"publication_identifier":{"isbn":["9-781-4503-8548-0"]},"arxiv":1,"status":"public","day":"21","publication_status":"published","publisher":"Association for Computing Machinery","publication":"Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing","external_id":{"isi":["000744439800018"],"arxiv":["2103.03181"]},"quality_controlled":"1","language":[{"iso":"eng"}],"_id":"10553","abstract":[{"lang":"eng","text":"The popularity of permissioned blockchain systems demands BFT SMR protocols that are efficient under good network conditions (synchrony) and robust under bad network conditions (asynchrony). The state-of-the-art partially synchronous BFT SMR protocols provide optimal linear communication cost per decision under synchrony and good leaders, but lose liveness under asynchrony. On the other hand, the state-of-the-art asynchronous BFT SMR protocols are live even under asynchrony, but always pay quadratic cost even under synchrony. In this paper, we propose a BFT SMR protocol that achieves the best of both worlds -- optimal linear cost per decision under good networks and leaders, optimal quadratic cost per decision under bad networks, and remains always live."}],"date_updated":"2023-09-04T11:42:10Z","date_published":"2021-07-21T00:00:00Z","department":[{"_id":"ElKo"}],"page":"187-190","citation":{"chicago":"Gelashvili, Rati, Eleftherios Kokoris Kogias, Alexander Spiegelman, and Zhuolun Xiang. “Brief Announcement: Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol.” In Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, 187–90. Association for Computing Machinery, 2021. https://doi.org/10.1145/3465084.3467941.","ista":"Gelashvili R, Kokoris Kogias E, Spiegelman A, Xiang Z. 2021. Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. PODC: Principles of Distributed Computing, 187–190.","ama":"Gelashvili R, Kokoris Kogias E, Spiegelman A, Xiang Z. Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. In: Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. Association for Computing Machinery; 2021:187-190. doi:10.1145/3465084.3467941","ieee":"R. Gelashvili, E. Kokoris Kogias, A. Spiegelman, and Z. Xiang, “Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol,” in Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Virtual, Italy, 2021, pp. 187–190.","apa":"Gelashvili, R., Kokoris Kogias, E., Spiegelman, A., & Xiang, Z. (2021). Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. In Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing (pp. 187–190). Virtual, Italy: Association for Computing Machinery. https://doi.org/10.1145/3465084.3467941","mla":"Gelashvili, Rati, et al. “Brief Announcement: Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol.” Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Association for Computing Machinery, 2021, pp. 187–90, doi:10.1145/3465084.3467941.","short":"R. Gelashvili, E. Kokoris Kogias, A. Spiegelman, Z. Xiang, in:, Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Association for Computing Machinery, 2021, pp. 187–190."},"isi":1,"oa":1,"type":"conference","date_created":"2021-12-16T13:20:19Z","oa_version":"Preprint","scopus_import":"1","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol","conference":{"name":"PODC: Principles of Distributed Computing","end_date":"2021-07-30","start_date":"2021-07-26","location":"Virtual, Italy"},"author":[{"last_name":"Gelashvili","first_name":"Rati","full_name":"Gelashvili, Rati"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Spiegelman, Alexander","first_name":"Alexander","last_name":"Spiegelman"},{"last_name":"Xiang","first_name":"Zhuolun","full_name":"Xiang, Zhuolun"}],"article_processing_charge":"No","keyword":["optimal","state machine replication","fallback","asynchrony","byzantine faults"],"year":"2021"},{"quality_controlled":"1","external_id":{"arxiv":["2102.08325"],"isi":["000744439800016"]},"acknowledgement":"Oded Naor is grateful to the Technion Hiroshi Fujiwara Cyber-Security Research Center for providing a research grant. Part of Oded’s work was done while at Novi Research. This work was funded by the Novi team at Facebook. We also wish to thank the Novi Research team for valuable feedback, and in particular George Danezis, Alberto Sonnino, and Dahlia Malkhi.\r\n","publication":"Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing","publisher":"Association for Computing Machinery","publication_status":"published","day":"21","status":"public","arxiv":1,"publication_identifier":{"isbn":["978-1-4503-8548-0"]},"main_file_link":[{"url":"https://arxiv.org/abs/2102.08325","open_access":"1"}],"month":"07","doi":"10.1145/3465084.3467905","year":"2021","article_processing_charge":"No","author":[{"full_name":"Keidar, Idit","first_name":"Idit","last_name":"Keidar"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Naor, Oded","first_name":"Oded","last_name":"Naor"},{"full_name":"Spiegelman, Alexander","last_name":"Spiegelman","first_name":"Alexander"}],"conference":{"end_date":"2021-07-30","name":"PODC: Principles of Distributed Computing","location":"Virtual, Italy","start_date":"2021-07-26"},"title":"All You Need is DAG","user_id":"4359f0d1-fa6c-11eb-b949-802e58b17ae8","scopus_import":"1","oa_version":"Preprint","date_created":"2021-12-16T13:21:13Z","type":"conference","oa":1,"isi":1,"citation":{"ista":"Keidar I, Kokoris Kogias E, Naor O, Spiegelman A. 2021. All You Need is DAG. Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. PODC: Principles of Distributed Computing, 165–175.","chicago":"Keidar, Idit, Eleftherios Kokoris Kogias, Oded Naor, and Alexander Spiegelman. “All You Need Is DAG.” In Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, 165–75. Association for Computing Machinery, 2021. https://doi.org/10.1145/3465084.3467905.","ieee":"I. Keidar, E. Kokoris Kogias, O. Naor, and A. Spiegelman, “All You Need is DAG,” in Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Virtual, Italy, 2021, pp. 165–175.","ama":"Keidar I, Kokoris Kogias E, Naor O, Spiegelman A. All You Need is DAG. In: Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. Association for Computing Machinery; 2021:165-175. doi:10.1145/3465084.3467905","mla":"Keidar, Idit, et al. “All You Need Is DAG.” Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Association for Computing Machinery, 2021, pp. 165–75, doi:10.1145/3465084.3467905.","short":"I. Keidar, E. Kokoris Kogias, O. Naor, A. Spiegelman, in:, Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Association for Computing Machinery, 2021, pp. 165–175.","apa":"Keidar, I., Kokoris Kogias, E., Naor, O., & Spiegelman, A. (2021). All You Need is DAG. In Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing (pp. 165–175). Virtual, Italy: Association for Computing Machinery. https://doi.org/10.1145/3465084.3467905"},"department":[{"_id":"ElKo"}],"date_published":"2021-07-21T00:00:00Z","page":"165-175","abstract":[{"text":"We present DAG-Rider, the first asynchronous Byzantine Atomic Broadcast protocol that achieves optimal resilience, optimal amortized communication complexity, and optimal time complexity. DAG-Rider is post-quantum safe and ensures that all values proposed by correct processes eventually get delivered. We construct DAG-Rider in two layers: In the first layer, processes reliably broadcast their proposals and build a structured Directed Acyclic Graph (DAG) of the communication among them. In the second layer, processes locally observe their DAGs and totally order all proposals with no extra communication.","lang":"eng"}],"_id":"10554","date_updated":"2023-08-17T06:24:44Z","language":[{"iso":"eng"}]},{"article_processing_charge":"No","year":"2021","author":[{"last_name":"Blackshear","first_name":"Sam","full_name":"Blackshear, Sam"},{"first_name":"Konstantinos","last_name":"Chalkias","full_name":"Chalkias, Konstantinos"},{"full_name":"Chatzigiannis, Panagiotis","last_name":"Chatzigiannis","first_name":"Panagiotis"},{"full_name":"Faizullabhoy, Riyaz","first_name":"Riyaz","last_name":"Faizullabhoy"},{"last_name":"Khaburzaniya","first_name":"Irakliy","full_name":"Khaburzaniya, Irakliy"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"last_name":"Lind","first_name":"Joshua","full_name":"Lind, Joshua"},{"last_name":"Wong","first_name":"David","full_name":"Wong, David"},{"full_name":"Zakian, Tim","first_name":"Tim","last_name":"Zakian"}],"alternative_title":["LNCS"],"scopus_import":"1","title":"Reactive key-loss protection in blockchains","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","conference":{"name":"FC: Financial Cryptography and Data Security","end_date":"2021-03-05","location":"Virtual","start_date":"2021-03-01"},"type":"conference","date_created":"2021-10-03T22:01:24Z","oa_version":"Preprint","oa":1,"isi":1,"language":[{"iso":"eng"}],"date_updated":"2025-07-10T11:49:40Z","_id":"10076","abstract":[{"lang":"eng","text":"We present a novel approach for blockchain asset owners to reclaim their funds in case of accidental private-key loss or transfer to a mistyped address. Our solution can be deployed upon failure or absence of proactively implemented backup mechanisms, such as secret sharing and cold storage. The main advantages against previous proposals is it does not require any prior action from users and works with both single-key and multi-sig accounts. We achieve this by a 3-phase Commit()→Reveal()→Claim()−or−Challenge() smart contract that enables accessing funds of addresses for which the spending key is not available. We provide an analysis of the threat and incentive models and formalize the concept of reactive KEy-Loss Protection (KELP)."}],"page":"431-450","citation":{"ieee":"S. Blackshear et al., “Reactive key-loss protection in blockchains,” in FC 2021 Workshops, Virtual, 2021, vol. 12676, pp. 431–450.","ama":"Blackshear S, Chalkias K, Chatzigiannis P, et al. Reactive key-loss protection in blockchains. In: FC 2021 Workshops. Vol 12676. Springer Nature; 2021:431-450. doi:10.1007/978-3-662-63958-0_34","chicago":"Blackshear, Sam, Konstantinos Chalkias, Panagiotis Chatzigiannis, Riyaz Faizullabhoy, Irakliy Khaburzaniya, Eleftherios Kokoris Kogias, Joshua Lind, David Wong, and Tim Zakian. “Reactive Key-Loss Protection in Blockchains.” In FC 2021 Workshops, 12676:431–50. Springer Nature, 2021. https://doi.org/10.1007/978-3-662-63958-0_34.","ista":"Blackshear S, Chalkias K, Chatzigiannis P, Faizullabhoy R, Khaburzaniya I, Kokoris Kogias E, Lind J, Wong D, Zakian T. 2021. Reactive key-loss protection in blockchains. FC 2021 Workshops. FC: Financial Cryptography and Data Security, LNCS, vol. 12676, 431–450.","apa":"Blackshear, S., Chalkias, K., Chatzigiannis, P., Faizullabhoy, R., Khaburzaniya, I., Kokoris Kogias, E., … Zakian, T. (2021). Reactive key-loss protection in blockchains. In FC 2021 Workshops (Vol. 12676, pp. 431–450). Virtual: Springer Nature. https://doi.org/10.1007/978-3-662-63958-0_34","short":"S. Blackshear, K. Chalkias, P. Chatzigiannis, R. Faizullabhoy, I. Khaburzaniya, E. Kokoris Kogias, J. Lind, D. Wong, T. Zakian, in:, FC 2021 Workshops, Springer Nature, 2021, pp. 431–450.","mla":"Blackshear, Sam, et al. “Reactive Key-Loss Protection in Blockchains.” FC 2021 Workshops, vol. 12676, Springer Nature, 2021, pp. 431–50, doi:10.1007/978-3-662-63958-0_34."},"date_published":"2021-09-17T00:00:00Z","department":[{"_id":"ElKo"}],"acknowledgement":"The authors would like to thank all anonymous reviewers of FC21 WTSC workshop for comments and suggestions that greatly improved the quality of this paper.","external_id":{"isi":["000713005000034"]},"quality_controlled":"1","publication_status":"published","publisher":"Springer Nature","volume":"12676 ","publication":"FC 2021 Workshops","publication_identifier":{"isbn":["978-3-6626-3957-3"],"issn":["0302-9743"],"eissn":["1611-3349"],"eisbn":["978-3-662-63958-0"]},"status":"public","day":"17","main_file_link":[{"open_access":"1","url":"https://research.fb.com/publications/reactive-key-loss-protection-in-blockchains/"}],"month":"09","doi":"10.1007/978-3-662-63958-0_34"}]