[{"OA_type":"green","date_published":"2026-01-01T00:00:00Z","corr_author":"1","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication_status":"published","publication":"29th International Conference on Financial Cryptography and Data Security","date_updated":"2026-02-12T13:39:07Z","main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2502.10074","open_access":"1"}],"abstract":[{"lang":"eng","text":"Many blockchains such as Ethereum execute all incoming transactions sequentially significantly limiting the potential throughput. A common approach to scale execution is parallel execution engines that fully utilize modern multi-core architectures. Parallel execution is then either done optimistically, by executing transactions in parallel and detecting conflicts on the fly, or guided, by requiring exhaustive client transaction hints and scheduling transactions accordingly.\r\n\r\nHowever, recent studies have shown that the performance of parallel execution engines depends on the nature of the underlying workload. In fact, in some cases, only a 60% speed-up compared to sequential execution could be obtained. This is the case, as transactions that access the same resources must be executed sequentially. For example, if 10% of the transactions in a block access the same resource, the execution cannot meaningfully scale beyond 10 cores. Therefore, a single popular application can bottleneck the execution and limit the potential throughput.\r\n\r\nIn this paper, we introduce Anthemius, a block construction algorithm that optimizes parallel transaction execution throughput. We evaluate Anthemius exhaustively under a range of workloads, and show that Anthemius enables the underlying parallel execution engine to process over twice as many transactions."}],"project":[{"_id":"34a1b658-11ca-11ed-8bc3-c75229f0241e","name":"Interface Theory for Security and Privacy","grant_number":"F8502"},{"_id":"7bdd2f70-9f16-11ee-852c-b7950bc6d277","grant_number":"ICT22-045","name":"SeCure, privAte, and interoperabLe layEr 2"}],"external_id":{"arxiv":["2502.10074"]},"date_created":"2026-01-25T23:01:40Z","author":[{"last_name":"Neiheiser","first_name":"Ray","orcid":"0000-0001-7227-8309","full_name":"Neiheiser, Ray","id":"f09651b9-fec0-11ec-b5d8-934aff0e52a4"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","orcid":"0000-0002-8827-3382","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"}],"title":"Anthemius: Efficient and modular block assembly for concurrent execution","day":"01","_id":"21042","article_processing_charge":"No","oa_version":"Preprint","scopus_import":"1","intvolume":"     15751","department":[{"_id":"KrPi"}],"alternative_title":["LNCS"],"publisher":"Springer Nature","quality_controlled":"1","citation":{"chicago":"Neiheiser, Ray, and Eleftherios Kokoris Kogias. “Anthemius: Efficient and Modular Block Assembly for Concurrent Execution.” In <i>29th International Conference on Financial Cryptography and Data Security</i>, 15751:307–23. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">https://doi.org/10.1007/978-3-032-07024-1_18</a>.","apa":"Neiheiser, R., &#38; Kokoris Kogias, E. (2026). Anthemius: Efficient and modular block assembly for concurrent execution. In <i>29th International Conference on Financial Cryptography and Data Security</i> (Vol. 15751, pp. 307–323). Miyakojima, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">https://doi.org/10.1007/978-3-032-07024-1_18</a>","ama":"Neiheiser R, Kokoris Kogias E. Anthemius: Efficient and modular block assembly for concurrent execution. In: <i>29th International Conference on Financial Cryptography and Data Security</i>. Vol 15751. Springer Nature; 2026:307-323. doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">10.1007/978-3-032-07024-1_18</a>","ieee":"R. Neiheiser and E. Kokoris Kogias, “Anthemius: Efficient and modular block assembly for concurrent execution,” in <i>29th International Conference on Financial Cryptography and Data Security</i>, Miyakojima, Japan, 2026, vol. 15751, pp. 307–323.","short":"R. Neiheiser, E. Kokoris Kogias, in:, 29th International Conference on Financial Cryptography and Data Security, Springer Nature, 2026, pp. 307–323.","mla":"Neiheiser, Ray, and Eleftherios Kokoris Kogias. “Anthemius: Efficient and Modular Block Assembly for Concurrent Execution.” <i>29th International Conference on Financial Cryptography and Data Security</i>, vol. 15751, Springer Nature, 2026, pp. 307–23, doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">10.1007/978-3-032-07024-1_18</a>.","ista":"Neiheiser R, Kokoris Kogias E. 2026. Anthemius: Efficient and modular block assembly for concurrent execution. 29th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 15751, 307–323."},"doi":"10.1007/978-3-032-07024-1_18","page":"307-323","conference":{"name":"FC: Financial Cryptography and Data Security","location":"Miyakojima, Japan","end_date":"2025-04-18","start_date":"2025-04-14"},"year":"2026","oa":1,"language":[{"iso":"eng"}],"arxiv":1,"month":"01","type":"conference","acknowledgement":"This work was supported by the Austrian Science Fund (FWF) SFB project SpyCoDe F8502 and the Vienna Science and Technology Fund (WWTF) project SCALE2 CT22-045.","publication_identifier":{"issn":["0302-9743"],"isbn":["9783032070234"],"eissn":["1611-3349"]},"status":"public","volume":15751,"OA_place":"repository"},{"publisher":"Springer Nature","citation":{"chicago":"Kniep, Quentin, Eleftherios Kokoris Kogias, Alberto Sonnino, Igor Zablotchi, and Nuda Zhang. “Pilotfish: Distributed Execution for Scalable Blockchains.” In <i>29th International Conference on Financial Cryptography and Data Security</i>, 15751:287–306. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">https://doi.org/10.1007/978-3-032-07024-1_17</a>.","ama":"Kniep Q, Kokoris Kogias E, Sonnino A, Zablotchi I, Zhang N. Pilotfish: Distributed execution for scalable blockchains. In: <i>29th International Conference on Financial Cryptography and Data Security</i>. Vol 15751. Springer Nature; 2026:287-306. doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">10.1007/978-3-032-07024-1_17</a>","apa":"Kniep, Q., Kokoris Kogias, E., Sonnino, A., Zablotchi, I., &#38; Zhang, N. (2026). Pilotfish: Distributed execution for scalable blockchains. In <i>29th International Conference on Financial Cryptography and Data Security</i> (Vol. 15751, pp. 287–306). Miyakojima, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">https://doi.org/10.1007/978-3-032-07024-1_17</a>","mla":"Kniep, Quentin, et al. “Pilotfish: Distributed Execution for Scalable Blockchains.” <i>29th International Conference on Financial Cryptography and Data Security</i>, vol. 15751, Springer Nature, 2026, pp. 287–306, doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">10.1007/978-3-032-07024-1_17</a>.","short":"Q. Kniep, E. Kokoris Kogias, A. Sonnino, I. Zablotchi, N. Zhang, in:, 29th International Conference on Financial Cryptography and Data Security, Springer Nature, 2026, pp. 287–306.","ieee":"Q. Kniep, E. Kokoris Kogias, A. Sonnino, I. Zablotchi, and N. Zhang, “Pilotfish: Distributed execution for scalable blockchains,” in <i>29th International Conference on Financial Cryptography and Data Security</i>, Miyakojima, Japan, 2026, vol. 15751, pp. 287–306.","ista":"Kniep Q, Kokoris Kogias E, Sonnino A, Zablotchi I, Zhang N. 2026. Pilotfish: Distributed execution for scalable blockchains. 29th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 15751, 287–306."},"quality_controlled":"1","oa_version":"Preprint","article_processing_charge":"No","_id":"21044","day":"01","alternative_title":["LNCS"],"intvolume":"     15751","scopus_import":"1","abstract":[{"text":"Scalability is a crucial requirement for modern large-scale systems, enabling elasticity and ensuring responsiveness under varying load. While cloud systems have achieved scalable architectures, blockchain systems remain constrained by the need to over-provision validator machines to handle peak load. This leads to resource inefficiency, poor cost scaling, and limits on performance. To address these challenges, we introduce Pilotfish, the first scale-out transaction execution engine for blockchains. Pilotfish enables validators to scale horizontally by distributing transaction execution across multiple worker machines, allowing elasticity without compromising consistency or determinism. It integrates seamlessly with the lazy blockchain architecture, completing the missing piece of execution elasticity. To achieve this, Pilotfish tackles several key challenges: ensuring scalable and strongly consistent distributed transactions, handling partial crash recovery with lightweight replication, and maintaining concurrency with a novel versioned-queue scheduling algorithm. Our evaluation shows that Pilotfish scales linearly up to at least eight workers per validator for compute-bound workloads, while maintaining low latency. By solving scalable execution, Pilotfish brings blockchains closer to achieving end-to-end elasticity, unlocking new possibilities for efficient and adaptable blockchain systems.","lang":"eng"}],"main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2401.16292","open_access":"1"}],"date_updated":"2026-02-16T07:56:09Z","title":"Pilotfish: Distributed execution for scalable blockchains","author":[{"full_name":"Kniep, Quentin","last_name":"Kniep","first_name":"Quentin"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","orcid":"0000-0002-8827-3382","last_name":"Kokoris Kogias","first_name":"Eleftherios"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"first_name":"Igor","last_name":"Zablotchi","full_name":"Zablotchi, Igor"},{"full_name":"Zhang, Nuda","last_name":"Zhang","first_name":"Nuda"}],"date_created":"2026-01-25T23:01:41Z","external_id":{"arxiv":["2401.16292"]},"date_published":"2026-01-01T00:00:00Z","OA_type":"green","publication":"29th International Conference on Financial Cryptography and Data Security","publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","status":"public","publication_identifier":{"isbn":["9783032070234"],"issn":["0302-9743"],"eissn":["1611-3349"]},"OA_place":"repository","volume":15751,"type":"conference","arxiv":1,"month":"01","page":"287-306","conference":{"start_date":"2025-04-14","location":"Miyakojima, Japan","end_date":"2025-04-18","name":"FC: Financial Cryptography and Data Security"},"doi":"10.1007/978-3-032-07024-1_17","language":[{"iso":"eng"}],"oa":1,"year":"2026"},{"date_published":"2025-07-30T00:00:00Z","OA_type":"green","corr_author":"1","publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication":"2025 IEEE 18th International Conference on Cloud Computing","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2404.04183"}],"date_updated":"2026-05-05T11:52:57Z","abstract":[{"lang":"eng","text":"Widely deployed consensus protocols in the cloud are often leader-based and optimized for low latency under synchronous network conditions. However, cloud networks can experience disruptions such as network partitions, high-loss links, and configuration errors. These disruptions interfere with the operation of leader-based protocols, as their view change mechanisms interrupt the normal case replication and cause the system to stall. We propose RACS, a novel randomized consensus protocol that ensures robustness against adversarial network conditions. RACS achieves optimal one-round trip latency under synchronous network conditions while remaining resilient to adversarial network conditions. RACS follows a simple design inspired by Raft, the most widely used consensus protocol in the cloud, and therefore enables seamless integration with the existing cloud software stack. Experiments with a prototype running on Amazon EC2 show that RACS achieves 28k cmd/sec throughput, ninefold higher than Raft under adversarial cloud network conditions. Under synchronous network conditions, RACS matches the performance of Multi-Paxos and Raft, achieving a throughput of 200k cmd/sec with a median latency of 300ms, confirming that RACS introduces no unnecessary overhead. Finally, SADL-RACS, a throughput-optimized version of RACS, achieves a throughput of 500k cmd/sec, delivering 150 percent higher throughput than Raft."}],"author":[{"last_name":"Tennage","first_name":"Pasindu","full_name":"Tennage, Pasindu"},{"id":"06d0c166-aec1-11ee-a7c0-b96e840a602b","full_name":"Desjardins, Antoine","first_name":"Antoine","last_name":"Desjardins"},{"orcid":"0000-0002-8827-3382","first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"}],"title":"RACS-SADL: Robust and understandable randomized consensus in the cloud","external_id":{"arxiv":["2404.04183"]},"date_created":"2026-02-16T15:21:27Z","day":"30","oa_version":"Preprint","article_processing_charge":"No","_id":"21243","scopus_import":"1","department":[{"_id":"ElKo"}],"publisher":"IEEE","citation":{"apa":"Tennage, P., Desjardins, A., &#38; Kokoris Kogias, E. (2025). RACS-SADL: Robust and understandable randomized consensus in the cloud. In <i>2025 IEEE 18th International Conference on Cloud Computing</i>. Helsinki, Finland: IEEE. <a href=\"https://doi.org/10.1109/cloud67622.2025.00044\">https://doi.org/10.1109/cloud67622.2025.00044</a>","ama":"Tennage P, Desjardins A, Kokoris Kogias E. RACS-SADL: Robust and understandable randomized consensus in the cloud. In: <i>2025 IEEE 18th International Conference on Cloud Computing</i>. IEEE; 2025. doi:<a href=\"https://doi.org/10.1109/cloud67622.2025.00044\">10.1109/cloud67622.2025.00044</a>","chicago":"Tennage, Pasindu, Antoine Desjardins, and Eleftherios Kokoris Kogias. “RACS-SADL: Robust and Understandable Randomized Consensus in the Cloud.” In <i>2025 IEEE 18th International Conference on Cloud Computing</i>. IEEE, 2025. <a href=\"https://doi.org/10.1109/cloud67622.2025.00044\">https://doi.org/10.1109/cloud67622.2025.00044</a>.","ista":"Tennage P, Desjardins A, Kokoris Kogias E. 2025. RACS-SADL: Robust and understandable randomized consensus in the cloud. 2025 IEEE 18th International Conference on Cloud Computing. CLOUD: Conference on Cloud Computing.","short":"P. Tennage, A. Desjardins, E. Kokoris Kogias, in:, 2025 IEEE 18th International Conference on Cloud Computing, IEEE, 2025.","mla":"Tennage, Pasindu, et al. “RACS-SADL: Robust and Understandable Randomized Consensus in the Cloud.” <i>2025 IEEE 18th International Conference on Cloud Computing</i>, IEEE, 2025, doi:<a href=\"https://doi.org/10.1109/cloud67622.2025.00044\">10.1109/cloud67622.2025.00044</a>.","ieee":"P. Tennage, A. Desjardins, and E. Kokoris Kogias, “RACS-SADL: Robust and understandable randomized consensus in the cloud,” in <i>2025 IEEE 18th International Conference on Cloud Computing</i>, Helsinki, Finland, 2025."},"quality_controlled":"1","conference":{"start_date":"2025-07-07","location":"Helsinki, Finland","end_date":"2025-07-12","name":"CLOUD: Conference on Cloud Computing"},"doi":"10.1109/cloud67622.2025.00044","oa":1,"year":"2025","language":[{"iso":"eng"}],"arxiv":1,"month":"07","type":"conference","publication_identifier":{"eisbn":["9798331555573"]},"status":"public","OA_place":"repository"},{"doi":"10.1109/ICDCS60910.2024.00129","page":"1377-1387","conference":{"start_date":"2024-07-23","end_date":"2024-07-26","location":"Jersey City, NJ, United States","name":"ICDCS: International Conference on Distributed Computing Systems"},"language":[{"iso":"eng"}],"year":"2024","oa":1,"isi":1,"arxiv":1,"month":"07","type":"conference","acknowledgement":"This work is supported by Mysten Labs. We thank the Mysten Labs Engineering teams for valuable feedback broadly, and specifically to Laura Makdah for helping implementing the early reputation score system for validators and Dmitry Perelman for managing the overall implementation effort.","status":"public","publication_identifier":{"issn":["1063-6927"],"isbn":["9798350386059"],"eissn":["2575-8411"]},"date_published":"2024-07-26T00:00:00Z","publication":"Proceedings - International Conference on Distributed Computing Systems","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication_status":"published","abstract":[{"lang":"eng","text":"Recent advancements on DAG-based consensus protocols allow for blockchains with improved metrics and properties, such as throughput and censorship-resistance. Variants of the Bullshark [18] consensus protocol are adopted for practical use by the Sui blockchain, for improved latency. However, the protocol is leader-based, and is strongly affected by crashed leaders that can lead to various performance issues, for example, decreased transaction throughput. In this paper, we propose HammerHead, a DAG-based consensus protocol, that is inspired by Carousel [8] and provides Leader-Utilization. Our proposal differs from Carousel, which is built for a chained consensus protocol; in HammerHead chain quality is inherited by the DAG. HammerHead needs to preserve safety and liveness, despite validators committing leader vertices asynchronously. The key idea is to update leader schedules dynamically, based on the validators' scores during the previous schedule. We implement HammerHead and show a minor improvement in performance for cases without faults. The major improvements in comparison to Bullshark appear in faulty settings. Specifically, we show a drastic, 2x-latency improvement and up to 40% increased throughput when crash faults occur (100 validators, 33 faults)."}],"date_updated":"2025-09-08T09:42:36Z","main_file_link":[{"open_access":"1","url":"https://arxiv.org/abs/2309.12713"}],"external_id":{"arxiv":["2309.12713"],"isi":["001304430200120"]},"date_created":"2024-09-15T22:01:41Z","title":"HammerHead: Leader reputation for dynamic scheduling","author":[{"last_name":"Tsimos","first_name":"Giorgos","full_name":"Tsimos, Giorgos"},{"full_name":"Kichidis, Anastasios","first_name":"Anastasios","last_name":"Kichidis"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"}],"_id":"18071","oa_version":"Preprint","article_processing_charge":"No","day":"26","department":[{"_id":"ElKo"}],"scopus_import":"1","publisher":"IEEE","citation":{"short":"G. Tsimos, A. Kichidis, A. Sonnino, E. Kokoris Kogias, in:, Proceedings - International Conference on Distributed Computing Systems, IEEE, 2024, pp. 1377–1387.","mla":"Tsimos, Giorgos, et al. “HammerHead: Leader Reputation for Dynamic Scheduling.” <i>Proceedings - International Conference on Distributed Computing Systems</i>, IEEE, 2024, pp. 1377–87, doi:<a href=\"https://doi.org/10.1109/ICDCS60910.2024.00129\">10.1109/ICDCS60910.2024.00129</a>.","ieee":"G. Tsimos, A. Kichidis, A. Sonnino, and E. Kokoris Kogias, “HammerHead: Leader reputation for dynamic scheduling,” in <i>Proceedings - International Conference on Distributed Computing Systems</i>, Jersey City, NJ, United States, 2024, pp. 1377–1387.","ista":"Tsimos G, Kichidis A, Sonnino A, Kokoris Kogias E. 2024. HammerHead: Leader reputation for dynamic scheduling. Proceedings - International Conference on Distributed Computing Systems. ICDCS: International Conference on Distributed Computing Systems, 1377–1387.","chicago":"Tsimos, Giorgos, Anastasios Kichidis, Alberto Sonnino, and Eleftherios Kokoris Kogias. “HammerHead: Leader Reputation for Dynamic Scheduling.” In <i>Proceedings - International Conference on Distributed Computing Systems</i>, 1377–87. IEEE, 2024. <a href=\"https://doi.org/10.1109/ICDCS60910.2024.00129\">https://doi.org/10.1109/ICDCS60910.2024.00129</a>.","ama":"Tsimos G, Kichidis A, Sonnino A, Kokoris Kogias E. HammerHead: Leader reputation for dynamic scheduling. In: <i>Proceedings - International Conference on Distributed Computing Systems</i>. IEEE; 2024:1377-1387. doi:<a href=\"https://doi.org/10.1109/ICDCS60910.2024.00129\">10.1109/ICDCS60910.2024.00129</a>","apa":"Tsimos, G., Kichidis, A., Sonnino, A., &#38; Kokoris Kogias, E. (2024). HammerHead: Leader reputation for dynamic scheduling. In <i>Proceedings - International Conference on Distributed Computing Systems</i> (pp. 1377–1387). Jersey City, NJ, United States: IEEE. <a href=\"https://doi.org/10.1109/ICDCS60910.2024.00129\">https://doi.org/10.1109/ICDCS60910.2024.00129</a>"},"quality_controlled":"1"},{"acknowledgement":"This work was mostly realized while Alberto Sonnino and Lefteris Kokoris-Kogias were employed at Meta. We gratefully acknowledge support for this project from ETH Zurich and Mysten Labs.","type":"conference","OA_place":"publisher","publication_identifier":{"isbn":["9798400704826"]},"status":"public","year":"2024","oa":1,"language":[{"iso":"eng"}],"file":[{"creator":"dernst","success":1,"access_level":"open_access","file_id":"18914","file_name":"2024_ACMAsiaCCS_Giuliari.pdf","date_updated":"2025-01-27T14:04:12Z","content_type":"application/pdf","file_size":951940,"checksum":"1e743ddf49d35390eb56e11eb0759150","relation":"main_file","date_created":"2025-01-27T14:04:12Z"}],"tmp":{"name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)","image":"/images/cc_by.png","legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode"},"doi":"10.1145/3634737.3656997","page":"1345-1360","conference":{"start_date":"2024-07-01","name":"ASIACCS: Asia Conference on Computer and Communications Security","location":"Singapore, Singapore","end_date":"2024-07-05"},"has_accepted_license":"1","month":"07","isi":1,"scopus_import":"1","department":[{"_id":"ElKo"}],"day":"01","_id":"18913","oa_version":"Published Version","article_processing_charge":"Yes (in subscription journal)","citation":{"ista":"Giuliari G, Sonnino A, Frei M, Streun F, Kokoris Kogias E, Perrig A. 2024. An empirical study of consensus protocols’ DoS resilience. Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. ASIACCS: Asia Conference on Computer and Communications Security, 1345–1360.","short":"G. Giuliari, A. Sonnino, M. Frei, F. Streun, E. Kokoris Kogias, A. Perrig, in:, Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ACM, 2024, pp. 1345–1360.","mla":"Giuliari, Giacomo, et al. “An Empirical Study of Consensus Protocols’ DoS Resilience.” <i>Proceedings of the 19th ACM Asia Conference on Computer and Communications Security</i>, ACM, 2024, pp. 1345–60, doi:<a href=\"https://doi.org/10.1145/3634737.3656997\">10.1145/3634737.3656997</a>.","ieee":"G. Giuliari, A. Sonnino, M. Frei, F. Streun, E. Kokoris Kogias, and A. Perrig, “An empirical study of consensus protocols’ DoS resilience,” in <i>Proceedings of the 19th ACM Asia Conference on Computer and Communications Security</i>, Singapore, Singapore, 2024, pp. 1345–1360.","ama":"Giuliari G, Sonnino A, Frei M, Streun F, Kokoris Kogias E, Perrig A. An empirical study of consensus protocols’ DoS resilience. In: <i>Proceedings of the 19th ACM Asia Conference on Computer and Communications Security</i>. ACM; 2024:1345-1360. doi:<a href=\"https://doi.org/10.1145/3634737.3656997\">10.1145/3634737.3656997</a>","apa":"Giuliari, G., Sonnino, A., Frei, M., Streun, F., Kokoris Kogias, E., &#38; Perrig, A. (2024). An empirical study of consensus protocols’ DoS resilience. In <i>Proceedings of the 19th ACM Asia Conference on Computer and Communications Security</i> (pp. 1345–1360). Singapore, Singapore: ACM. <a href=\"https://doi.org/10.1145/3634737.3656997\">https://doi.org/10.1145/3634737.3656997</a>","chicago":"Giuliari, Giacomo, Alberto Sonnino, Marc Frei, Fabio Streun, Eleftherios Kokoris Kogias, and Adrian Perrig. “An Empirical Study of Consensus Protocols’ DoS Resilience.” In <i>Proceedings of the 19th ACM Asia Conference on Computer and Communications Security</i>, 1345–60. ACM, 2024. <a href=\"https://doi.org/10.1145/3634737.3656997\">https://doi.org/10.1145/3634737.3656997</a>."},"quality_controlled":"1","ddc":["000"],"publisher":"ACM","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication_status":"published","file_date_updated":"2025-01-27T14:04:12Z","publication":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","OA_type":"hybrid","date_published":"2024-07-01T00:00:00Z","external_id":{"isi":["001283918100095"]},"date_created":"2025-01-27T13:57:00Z","title":"An empirical study of consensus protocols’ DoS resilience","author":[{"last_name":"Giuliari","first_name":"Giacomo","full_name":"Giuliari, Giacomo"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"first_name":"Marc","last_name":"Frei","full_name":"Frei, Marc"},{"full_name":"Streun, Fabio","first_name":"Fabio","last_name":"Streun"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Perrig, Adrian","first_name":"Adrian","last_name":"Perrig"}],"date_updated":"2025-09-09T12:07:28Z","abstract":[{"text":"With the proliferation of blockchain technology in high-value sectors, consensus protocols are becoming critical infrastructures. The rapid innovation cycle in Byzantine fault tolerant (BFT) consensus protocols has culminated in HotStuff, which provides linear message complexity in the partially synchronous setting. To achieve this, HotStuff leverages a leader that collects, aggregates, and broadcasts the messages of other validators. This paper analyzes the security implications of such approaches in practice, from the perspective of liveness and availability.\r\nBy implementing attacks in a globally-distributed testbed, we show that state-of-the-art leader-based protocols are vulnerable to denial-of-service (DoS) attacks on the leader. Our attacks, demonstrated on committees of up to 64 validators, manage to disrupt liveness within seconds, using only a few tens of Mbps of attack bandwidth per validator. Crucially, the cost and effectiveness of the attacks are independent of the committee size. Based on the outcome of these experiments, we then propose and test effective mitigations. Our findings show that advancements in both protocol design and network-layer defenses can greatly improve the practical resilience of BFT consensus protocols.","lang":"eng"}]},{"day":"09","oa_version":"Preprint","article_processing_charge":"No","_id":"18957","department":[{"_id":"ElKo"}],"publisher":"ACM","citation":{"ista":"Blackshear S, Chursin A, Danezis G, Kichidis A, Kokoris Kogias E, Li X, Logan M, Menon A, Nowacki T, Sonnino A, Williams B, Zhang L. 2024. Sui Lutris: A blockchain combining broadcast and consensus. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. CCS: Conference on Computer and Communications Security, 2606–2620.","mla":"Blackshear, Sam, et al. “Sui Lutris: A Blockchain Combining Broadcast and Consensus.” <i>Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security</i>, ACM, 2024, pp. 2606–20, doi:<a href=\"https://doi.org/10.1145/3658644.3670286\">10.1145/3658644.3670286</a>.","short":"S. Blackshear, A. Chursin, G. Danezis, A. Kichidis, E. Kokoris Kogias, X. Li, M. Logan, A. Menon, T. Nowacki, A. Sonnino, B. Williams, L. Zhang, in:, Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, ACM, 2024, pp. 2606–2620.","ieee":"S. Blackshear <i>et al.</i>, “Sui Lutris: A blockchain combining broadcast and consensus,” in <i>Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security</i>, Salt Lake City, UT, United States, 2024, pp. 2606–2620.","ama":"Blackshear S, Chursin A, Danezis G, et al. Sui Lutris: A blockchain combining broadcast and consensus. In: <i>Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security</i>. ACM; 2024:2606-2620. doi:<a href=\"https://doi.org/10.1145/3658644.3670286\">10.1145/3658644.3670286</a>","apa":"Blackshear, S., Chursin, A., Danezis, G., Kichidis, A., Kokoris Kogias, E., Li, X., … Zhang, L. (2024). Sui Lutris: A blockchain combining broadcast and consensus. In <i>Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security</i> (pp. 2606–2620). Salt Lake City, UT, United States: ACM. <a href=\"https://doi.org/10.1145/3658644.3670286\">https://doi.org/10.1145/3658644.3670286</a>","chicago":"Blackshear, Sam, Andrey Chursin, George Danezis, Anastasios Kichidis, Eleftherios Kokoris Kogias, Xun Li, Mark Logan, et al. “Sui Lutris: A Blockchain Combining Broadcast and Consensus.” In <i>Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security</i>, 2606–20. ACM, 2024. <a href=\"https://doi.org/10.1145/3658644.3670286\">https://doi.org/10.1145/3658644.3670286</a>."},"quality_controlled":"1","date_published":"2024-12-09T00:00:00Z","OA_type":"hybrid","publication_status":"published","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2310.18042"}],"date_updated":"2025-09-09T12:13:55Z","abstract":[{"lang":"eng","text":"Sui Lutris is the first smart-contract platform to sustainably achieve sub-second finality. It achieves this significant decrease by employing consensusless agreement not only for simple payments but for a large variety of transactions. Unlike prior work, Sui Lutris neither compromises expressiveness nor throughput and can run perpetually without restarts. Sui Lutris achieves this by safely integrating consensuless agreement with a high-throughput consensus protocol that is invoked out of the critical finality path but ensures that when a transaction is at risk of inconsistent concurrent accesses, its settlement is delayed until the total ordering is resolved. Building such a hybrid architecture is especially delicate during reconfiguration events, where the system needs to preserve the safety of the consensusless path without compromising the long-term liveness of potentially misconfigured clients. We thus develop a novel reconfiguration protocol, the first to provably show the safe and efficient reconfiguration of a consensusless blockchain. Sui Lutris is currently running in production and underpins the Sui smart-contract platform. Combined with the use of Objects instead of accounts it enables the safe execution of smart contracts that expose objects as a first-class resource. In our experiments Sui Lutris achieves latency lower than 0.5 seconds for throughput up to 5,000 certificates per second (150k ops/s with transaction blocks), compared to the state-of-the-art real-world consensus latencies of 3 seconds. Furthermore, it gracefully handles validators crash-recovery and does not suffer visible performance degradation during reconfiguration."}],"author":[{"full_name":"Blackshear, Sam","last_name":"Blackshear","first_name":"Sam"},{"full_name":"Chursin, Andrey","last_name":"Chursin","first_name":"Andrey"},{"first_name":"George","last_name":"Danezis","full_name":"Danezis, George"},{"full_name":"Kichidis, Anastasios","first_name":"Anastasios","last_name":"Kichidis"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"full_name":"Li, Xun","last_name":"Li","first_name":"Xun"},{"first_name":"Mark","last_name":"Logan","full_name":"Logan, Mark"},{"full_name":"Menon, Ashok","first_name":"Ashok","last_name":"Menon"},{"full_name":"Nowacki, Todd","first_name":"Todd","last_name":"Nowacki"},{"first_name":"Alberto","last_name":"Sonnino","full_name":"Sonnino, Alberto"},{"full_name":"Williams, Brandon","first_name":"Brandon","last_name":"Williams"},{"last_name":"Zhang","first_name":"Lu","full_name":"Zhang, Lu"}],"title":"Sui Lutris: A blockchain combining broadcast and consensus","date_created":"2025-01-29T12:42:21Z","external_id":{"arxiv":["2310.18042"],"isi":["001436367300178"]},"type":"conference","acknowledgement":"This work is funded by MystenLabs. We thank the Mysten Labs Engineering teams for valuable feedback broadly, and specifically Dmitry Perelman and Todd Fiala for managing the implementation effort. A number of folks contributed to specific aspects of the implementation of Sui Lutris (amongst many other contributions to the overall blockchain): Francois Garillot, Laura Makdah, Mingwei Tian, Andrew Schran, Sadhan Sood and William Smith implemented and optimized aspects of both Sui Lutris and Narwhal / Bullshark consensus; Alonso de Gortari oversaw the cryptoeconomics of the blockchain, and Emma Zhong, Ade Adepoju, Tim Zakia and Dario Russi designed and implemented staking and gas mechanisms. Adam Welc designed several Move tools and provided great feedback on the manuscript. We also extend our thanks to Patrick Kuo, Ge Gao, Chris Li, and Arun Koshy for their work on the Sui Lutris SDK, clients, and RPC layer; Kostas Chalkias, Jonas Lindstrøm, and Joy Wang built cryptographic components.","publication_identifier":{"isbn":["9798400706363"]},"status":"public","OA_place":"repository","page":"2606-2620","conference":{"start_date":"2024-10-14","name":"CCS: Conference on Computer and Communications Security","location":"Salt Lake City, UT, United States","end_date":"2024-10-18"},"doi":"10.1145/3658644.3670286","oa":1,"year":"2024","language":[{"iso":"eng"}],"arxiv":1,"isi":1,"month":"12"},{"status":"public","publication_identifier":{"issn":["1868-8969"],"isbn":["9783959773034"]},"volume":282,"type":"conference","acknowledgement":"Work done when all the authors were at Novi Research, Meta.","month":"10","has_accepted_license":"1","conference":{"start_date":"2023-10-23","name":"AFT: Conference on Advances in Financial Technologies","location":"Princeton, NJ, United States","end_date":"2023-10-25"},"doi":"10.4230/LIPIcs.AFT.2023.7","tmp":{"name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)","image":"/images/cc_by.png","legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode"},"language":[{"iso":"eng"}],"file":[{"date_created":"2023-11-13T08:44:34Z","relation":"main_file","file_size":793495,"content_type":"application/pdf","checksum":"c1f98831cb5149d6c030c41999e6e960","file_name":"2023_LIPIcs_Beaver.pdf","date_updated":"2023-11-13T08:44:34Z","file_id":"14521","access_level":"open_access","success":1,"creator":"dernst"}],"oa":1,"year":"2023","publisher":"Schloss Dagstuhl - Leibniz-Zentrum für Informatik","ddc":["000"],"quality_controlled":"1","citation":{"ista":"Beaver D, Kelkar M, Lewi K, Nikolaenko V, Sonnino A, Chalkias K, Kokoris Kogias E, Naurois LD, Roy A. 2023. STROBE: Streaming Threshold Random Beacons. 5th Conference on Advances in Financial Technologies. AFT: Conference on Advances in Financial Technologies, LIPIcs, vol. 282, 7.","ieee":"D. Beaver <i>et al.</i>, “STROBE: Streaming Threshold Random Beacons,” in <i>5th Conference on Advances in Financial Technologies</i>, Princeton, NJ, United States, 2023, vol. 282.","short":"D. Beaver, M. Kelkar, K. Lewi, V. Nikolaenko, A. Sonnino, K. Chalkias, E. Kokoris Kogias, L.D. Naurois, A. Roy, in:, 5th Conference on Advances in Financial Technologies, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023.","mla":"Beaver, Donald, et al. “STROBE: Streaming Threshold Random Beacons.” <i>5th Conference on Advances in Financial Technologies</i>, vol. 282, 7, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023, doi:<a href=\"https://doi.org/10.4230/LIPIcs.AFT.2023.7\">10.4230/LIPIcs.AFT.2023.7</a>.","ama":"Beaver D, Kelkar M, Lewi K, et al. STROBE: Streaming Threshold Random Beacons. In: <i>5th Conference on Advances in Financial Technologies</i>. Vol 282. Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2023. doi:<a href=\"https://doi.org/10.4230/LIPIcs.AFT.2023.7\">10.4230/LIPIcs.AFT.2023.7</a>","apa":"Beaver, D., Kelkar, M., Lewi, K., Nikolaenko, V., Sonnino, A., Chalkias, K., … Roy, A. (2023). STROBE: Streaming Threshold Random Beacons. In <i>5th Conference on Advances in Financial Technologies</i> (Vol. 282). Princeton, NJ, United States: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. <a href=\"https://doi.org/10.4230/LIPIcs.AFT.2023.7\">https://doi.org/10.4230/LIPIcs.AFT.2023.7</a>","chicago":"Beaver, Donald, Mahimna Kelkar, Kevin Lewi, Valeria Nikolaenko, Alberto Sonnino, Konstantinos Chalkias, Eleftherios Kokoris Kogias, Ladi De Naurois, and Arnab Roy. “STROBE: Streaming Threshold Random Beacons.” In <i>5th Conference on Advances in Financial Technologies</i>, Vol. 282. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023. <a href=\"https://doi.org/10.4230/LIPIcs.AFT.2023.7\">https://doi.org/10.4230/LIPIcs.AFT.2023.7</a>."},"article_processing_charge":"Yes","oa_version":"Published Version","_id":"14516","day":"01","department":[{"_id":"ElKo"}],"alternative_title":["LIPIcs"],"intvolume":"       282","scopus_import":"1","abstract":[{"text":"We revisit decentralized random beacons with a focus on practical distributed applications. Decentralized random beacons (Beaver and So, Eurocrypt'93) provide the functionality for n parties to generate an unpredictable sequence of bits in a way that cannot be biased, which is useful for any decentralized protocol requiring trusted randomness. Existing beacon constructions are highly inefficient in practical settings where protocol parties need to rejoin after crashes or disconnections, and more significantly where smart contracts may rely on arbitrary index points in high-volume streams. For this, we introduce a new notion of history-generating decentralized random beacons (HGDRBs). Roughly, the history-generation property of HGDRBs allows for previous beacon outputs to be efficiently generated knowing only the current value and the public key. At application layers, history-generation supports registering a sparser set of on-chain values if desired, so that apps like lotteries can utilize on-chain values without incurring high-frequency costs, enjoying all the benefits of DRBs implemented off-chain or with decoupled, special-purpose chains. Unlike rollups, HG is tailored specifically to recovering and verifying pseudorandom bit sequences and thus enjoys unique optimizations investigated in this work. We introduce STROBE: an efficient HGDRB construction which generalizes the original squaring-based RSA approach of Beaver and So. STROBE enjoys several useful properties that make it suited for practical applications that use beacons: 1) history-generating: it can regenerate and verify high-throughput beacon streams, supporting sparse (thus cost-effective) ledger entries; 2) concisely self-verifying: NIZK-free, with state and validation employing a single ring element; 3) eco-friendly: stake-based rather than work based; 4) unbounded: refresh-free, addressing limitations of Beaver and So; 5) delay-free: results are immediately available. 6) storage-efficient: the last beacon suffices to derive all past outputs, thus O(1) storage requirements for nodes serving the whole history.","lang":"eng"}],"main_file_link":[{"url":"https://eprint.iacr.org/2021/1643","open_access":"1"}],"date_updated":"2024-10-09T21:07:17Z","title":"STROBE: Streaming Threshold Random Beacons","author":[{"full_name":"Beaver, Donald","first_name":"Donald","last_name":"Beaver"},{"first_name":"Mahimna","last_name":"Kelkar","full_name":"Kelkar, Mahimna"},{"full_name":"Lewi, Kevin","last_name":"Lewi","first_name":"Kevin"},{"first_name":"Valeria","last_name":"Nikolaenko","full_name":"Nikolaenko, Valeria"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"full_name":"Chalkias, Konstantinos","first_name":"Konstantinos","last_name":"Chalkias"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"full_name":"Naurois, Ladi De","last_name":"Naurois","first_name":"Ladi De"},{"first_name":"Arnab","last_name":"Roy","full_name":"Roy, Arnab"}],"date_created":"2023-11-12T23:00:55Z","corr_author":"1","article_number":"7","date_published":"2023-10-01T00:00:00Z","publication":"5th Conference on Advances in Financial Technologies","file_date_updated":"2023-11-13T08:44:34Z","publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87"},{"month":"08","oa":1,"year":"2023","file":[{"access_level":"open_access","success":1,"creator":"dernst","file_id":"14621","file_size":704331,"checksum":"1a730765930138e23c6efd2575872641","content_type":"application/pdf","file_name":"2023_USENIX_Das.pdf","date_updated":"2023-11-28T09:14:34Z","date_created":"2023-11-28T09:14:34Z","relation":"main_file"}],"language":[{"iso":"eng"}],"conference":{"start_date":"2023-08-09","name":"USENIX Security Symposium","end_date":"2023-08-11","location":"Anaheim, CA, United States"},"has_accepted_license":"1","page":"5359-5376","volume":8,"publication_identifier":{"isbn":["9781713879497"]},"status":"public","acknowledgement":"The authors would like to thank Amit Agarwal, Andrew Miller, and Tom Yurek for the helpful discussions related to the paper. This work is funded in part by a VMware early career faculty grant, a Chainlink Labs Ph.D. fellowship, the National Science Foundation, and the Austrian Science Fund (FWF) F8512-N.","type":"conference","project":[{"grant_number":"F8512","name":"Security and Privacy by Design for Complex Systems","_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f"}],"author":[{"full_name":"Das, Sourav","first_name":"Sourav","last_name":"Das"},{"first_name":"Zhuolun","last_name":"Xiang","full_name":"Xiang, Zhuolun"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"last_name":"Ren","first_name":"Ling","full_name":"Ren, Ling"}],"title":"Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling","date_created":"2023-11-26T23:00:55Z","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2022/1389"}],"date_updated":"2025-04-15T08:16:55Z","abstract":[{"lang":"eng","text":"Distributed Key Generation (DKG) is a technique to bootstrap threshold cryptosystems without a trusted party. DKG is an essential building block to many decentralized protocols such as randomness beacons, threshold signatures, Byzantine consensus, and multiparty computation. While significant progress has been made recently, existing asynchronous DKG constructions are inefficient when the reconstruction threshold is larger than one-third of the total nodes. In this paper, we present a simple and concretely efficient asynchronous DKG (ADKG) protocol among n = 3t + 1 nodes that can tolerate up to t malicious nodes and support any reconstruction threshold ℓ ≥ t. Our protocol has an expected O(κn3) communication cost, where κ is the security parameter, and only assumes the hardness of the Discrete Logarithm. The\r\ncore ingredient of our ADKG protocol is an asynchronous protocol to secret share a random polynomial of degree ℓ ≥ t, which has other applications, such as asynchronous proactive secret sharing and asynchronous multiparty computation. We implement our high-threshold ADKG protocol and evaluate it using a network of up to 128 geographically distributed nodes. Our evaluation shows that our high-threshold ADKG protocol reduces the running time by 90% and bandwidth usage by 80% over the state-of-the-art."}],"publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication":"32nd USENIX Security Symposium","file_date_updated":"2023-11-28T09:14:34Z","date_published":"2023-08-15T00:00:00Z","corr_author":"1","quality_controlled":"1","citation":{"chicago":"Das, Sourav, Zhuolun Xiang, Eleftherios Kokoris Kogias, and Ling Ren. “Practical Asynchronous High-Threshold Distributed Key Generation and Distributed Polynomial Sampling.” In <i>32nd USENIX Security Symposium</i>, 8:5359–76. Usenix, 2023.","apa":"Das, S., Xiang, Z., Kokoris Kogias, E., &#38; Ren, L. (2023). Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. In <i>32nd USENIX Security Symposium</i> (Vol. 8, pp. 5359–5376). Anaheim, CA, United States: Usenix.","ama":"Das S, Xiang Z, Kokoris Kogias E, Ren L. Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. In: <i>32nd USENIX Security Symposium</i>. Vol 8. Usenix; 2023:5359-5376.","mla":"Das, Sourav, et al. “Practical Asynchronous High-Threshold Distributed Key Generation and Distributed Polynomial Sampling.” <i>32nd USENIX Security Symposium</i>, vol. 8, Usenix, 2023, pp. 5359–76.","short":"S. Das, Z. Xiang, E. Kokoris Kogias, L. Ren, in:, 32nd USENIX Security Symposium, Usenix, 2023, pp. 5359–5376.","ieee":"S. Das, Z. Xiang, E. Kokoris Kogias, and L. Ren, “Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling,” in <i>32nd USENIX Security Symposium</i>, Anaheim, CA, United States, 2023, vol. 8, pp. 5359–5376.","ista":"Das S, Xiang Z, Kokoris Kogias E, Ren L. 2023. Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling. 32nd USENIX Security Symposium. USENIX Security Symposium vol. 8, 5359–5376."},"ddc":["000"],"publisher":"Usenix","scopus_import":"1","department":[{"_id":"ElKo"}],"intvolume":"         8","day":"15","article_processing_charge":"No","oa_version":"Published Version","_id":"14609"},{"corr_author":"1","date_published":"2023-12-01T00:00:00Z","publication":"27th International Conference on Financial Cryptography and Data Security","publication_status":"published","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","abstract":[{"lang":"eng","text":"Scaling blockchain protocols to perform on par with the expected needs of Web3.0 has been proven to be a challenging task with almost a decade of research. In the forefront of the current solution is the idea of separating the execution of the updates encoded in a block from the ordering of blocks. In order to achieve this, a new class of protocols called rollups has emerged. Rollups have as input a total ordering of valid and invalid transactions and as output a new valid state-transition.\r\nIf we study rollups from a distributed computing perspective, we uncover that rollups take as input the output of a Byzantine Atomic Broadcast (BAB) protocol and convert it to a State Machine Replication (SMR) protocol. BAB and SMR, however, are considered equivalent as far as distributed computing is concerned and a solution to one can easily be retrofitted to solve the other simply by adding/removing an execution step before the validation of the input.\r\nThis “easy” step of retrofitting an atomic broadcast solution to implement an SMR has, however, been overlooked in practice. In this paper, we formalize the problem and show that after BAB is solved, traditional impossibility results for consensus no longer apply towards an SMR. Leveraging this we propose a distributed execution protocol that allows reduced execution and storage cost per executor (O(log2n/n)) without relaxing the network assumptions of the underlying BAB protocol and providing censorship-resistance. Finally, we propose efficient non-interactive light client constructions that leverage our efficient execution protocols and do not require any synchrony assumptions or expensive ZK-proofs."}],"main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2022/1554"}],"date_updated":"2025-09-09T14:07:16Z","title":"Executing and proving over dirty ledgers","author":[{"first_name":"Christos","last_name":"Stefo","id":"a20e8902-32b0-11ee-9fa8-b23fa638b793","full_name":"Stefo, Christos"},{"first_name":"Zhuolun","last_name":"Xiang","full_name":"Xiang, Zhuolun"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"}],"date_created":"2024-01-08T09:17:38Z","external_id":{"isi":["001150222600001"]},"project":[{"_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f","name":"Security and Privacy by Design for Complex Systems","grant_number":"F8512"}],"oa_version":"Preprint","article_processing_charge":"No","_id":"14735","day":"01","department":[{"_id":"ElKo"},{"_id":"GradSch"}],"alternative_title":["LNCS"],"intvolume":"     13950","scopus_import":"1","publisher":"Springer Nature","quality_controlled":"1","citation":{"apa":"Stefo, C., Xiang, Z., &#38; Kokoris Kogias, E. (2023). Executing and proving over dirty ledgers. In <i>27th International Conference on Financial Cryptography and Data Security</i> (Vol. 13950, pp. 3–20). Bol, Brac, Croatia: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-47754-6_1\">https://doi.org/10.1007/978-3-031-47754-6_1</a>","ama":"Stefo C, Xiang Z, Kokoris Kogias E. Executing and proving over dirty ledgers. In: <i>27th International Conference on Financial Cryptography and Data Security</i>. Vol 13950. Springer Nature; 2023:3-20. doi:<a href=\"https://doi.org/10.1007/978-3-031-47754-6_1\">10.1007/978-3-031-47754-6_1</a>","chicago":"Stefo, Christos, Zhuolun Xiang, and Eleftherios Kokoris Kogias. “Executing and Proving over Dirty Ledgers.” In <i>27th International Conference on Financial Cryptography and Data Security</i>, 13950:3–20. Springer Nature, 2023. <a href=\"https://doi.org/10.1007/978-3-031-47754-6_1\">https://doi.org/10.1007/978-3-031-47754-6_1</a>.","ista":"Stefo C, Xiang Z, Kokoris Kogias E. 2023. Executing and proving over dirty ledgers. 27th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13950, 3–20.","ieee":"C. Stefo, Z. Xiang, and E. Kokoris Kogias, “Executing and proving over dirty ledgers,” in <i>27th International Conference on Financial Cryptography and Data Security</i>, Bol, Brac, Croatia, 2023, vol. 13950, pp. 3–20.","short":"C. Stefo, Z. Xiang, E. Kokoris Kogias, in:, 27th International Conference on Financial Cryptography and Data Security, Springer Nature, 2023, pp. 3–20.","mla":"Stefo, Christos, et al. “Executing and Proving over Dirty Ledgers.” <i>27th International Conference on Financial Cryptography and Data Security</i>, vol. 13950, Springer Nature, 2023, pp. 3–20, doi:<a href=\"https://doi.org/10.1007/978-3-031-47754-6_1\">10.1007/978-3-031-47754-6_1</a>."},"page":"3-20","conference":{"end_date":"2023-05-05","location":"Bol, Brac, Croatia","name":"FC: Financial Cryptography and Data Security","start_date":"2023-05-01"},"doi":"10.1007/978-3-031-47754-6_1","language":[{"iso":"eng"}],"oa":1,"year":"2023","isi":1,"month":"12","type":"conference","acknowledgement":"Eleftherios Kokoris-Kogias is partially supported by Austrian Science Fund (FWF) grant No: F8512-N.","status":"public","publication_identifier":{"eissn":["0302-9743"],"issn":["1611-3349"],"isbn":["9783031477539"],"eisbn":["9783031477546"]},"volume":13950},{"_id":"14743","article_processing_charge":"No","oa_version":"Published Version","day":"01","department":[{"_id":"ElKo"}],"scopus_import":"1","publisher":"Association for Computing Machinery","quality_controlled":"1","citation":{"chicago":"Tennage, Pasindu, Cristina Basescu, Eleftherios Kokoris Kogias, Ewa Syta, Philipp Jovanovic, Vero Estrada-Galinanes, and Bryan Ford. “QuePaxa: Escaping the Tyranny of Timeouts in Consensus.” In <i>Proceedings of the 29th Symposium on Operating Systems Principles</i>, 281–97. Association for Computing Machinery, 2023. <a href=\"https://doi.org/10.1145/3600006.3613150\">https://doi.org/10.1145/3600006.3613150</a>.","apa":"Tennage, P., Basescu, C., Kokoris Kogias, E., Syta, E., Jovanovic, P., Estrada-Galinanes, V., &#38; Ford, B. (2023). QuePaxa: Escaping the tyranny of timeouts in consensus. In <i>Proceedings of the 29th Symposium on Operating Systems Principles</i> (pp. 281–297). Koblenz, Germany: Association for Computing Machinery. <a href=\"https://doi.org/10.1145/3600006.3613150\">https://doi.org/10.1145/3600006.3613150</a>","ama":"Tennage P, Basescu C, Kokoris Kogias E, et al. QuePaxa: Escaping the tyranny of timeouts in consensus. In: <i>Proceedings of the 29th Symposium on Operating Systems Principles</i>. Association for Computing Machinery; 2023:281-297. doi:<a href=\"https://doi.org/10.1145/3600006.3613150\">10.1145/3600006.3613150</a>","mla":"Tennage, Pasindu, et al. “QuePaxa: Escaping the Tyranny of Timeouts in Consensus.” <i>Proceedings of the 29th Symposium on Operating Systems Principles</i>, Association for Computing Machinery, 2023, pp. 281–97, doi:<a href=\"https://doi.org/10.1145/3600006.3613150\">10.1145/3600006.3613150</a>.","short":"P. Tennage, C. Basescu, E. Kokoris Kogias, E. Syta, P. Jovanovic, V. Estrada-Galinanes, B. Ford, in:, Proceedings of the 29th Symposium on Operating Systems Principles, Association for Computing Machinery, 2023, pp. 281–297.","ieee":"P. Tennage <i>et al.</i>, “QuePaxa: Escaping the tyranny of timeouts in consensus,” in <i>Proceedings of the 29th Symposium on Operating Systems Principles</i>, Koblenz, Germany, 2023, pp. 281–297.","ista":"Tennage P, Basescu C, Kokoris Kogias E, Syta E, Jovanovic P, Estrada-Galinanes V, Ford B. 2023. QuePaxa: Escaping the tyranny of timeouts in consensus. Proceedings of the 29th Symposium on Operating Systems Principles. SOSP: Symposium on Operating Systems Principles, 281–297."},"date_published":"2023-10-01T00:00:00Z","publication":"Proceedings of the 29th Symposium on Operating Systems Principles","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication_status":"published","abstract":[{"text":"Leader-based consensus algorithms are fast and efficient under normal conditions, but lack robustness to adverse conditions due to their reliance on timeouts for liveness. We present QuePaxa, the first protocol offering state-of-the-art normal-case efficiency without depending on timeouts. QuePaxa uses a novel randomized asynchronous consensus core to tolerate adverse conditions such as denial-of-service (DoS) attacks, while a one-round-trip fast path preserves the normal-case efficiency of Multi-Paxos or Raft. By allowing simultaneous proposers without destructive interference, and using short hedging delays instead of conservative timeouts to limit redundant effort, QuePaxa permits rapid recovery after leader failure without risking costly view changes due to false timeouts. By treating leader choice and hedging delay as a multi-armed-bandit optimization, QuePaxa achieves responsiveness to prevalent conditions, and can choose the best leader even if the current one has not failed. Experiments with a prototype confirm that QuePaxa achieves normal-case LAN and WAN performance of 584k and 250k cmd/sec in throughput, respectively, comparable to Multi-Paxos. Under conditions such as DoS attacks, misconfigurations, or slow leaders that severely impact existing protocols, we find that QuePaxa remains live with median latency under 380ms in WAN experiments.","lang":"eng"}],"date_updated":"2025-09-09T14:10:09Z","main_file_link":[{"url":"https://doi.org/10.1145/3600006.3613150","open_access":"1"}],"external_id":{"isi":["001135072900018"]},"date_created":"2024-01-08T12:54:35Z","author":[{"last_name":"Tennage","first_name":"Pasindu","full_name":"Tennage, Pasindu"},{"full_name":"Basescu, Cristina","first_name":"Cristina","last_name":"Basescu"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","last_name":"Kokoris Kogias","first_name":"Eleftherios"},{"full_name":"Syta, Ewa","last_name":"Syta","first_name":"Ewa"},{"last_name":"Jovanovic","first_name":"Philipp","full_name":"Jovanovic, Philipp"},{"full_name":"Estrada-Galinanes, Vero","last_name":"Estrada-Galinanes","first_name":"Vero"},{"last_name":"Ford","first_name":"Bryan","full_name":"Ford, Bryan"}],"title":"QuePaxa: Escaping the tyranny of timeouts in consensus","type":"conference","acknowledgement":"The authors would like to thank Marcos K. Aguilera, Pierluca Borsò, Aleksey Charapko, Rachid Guerraoui, Jovan Komatovic, Derek Leung, Louis-Henri Merino, Shailesh Mishra, Haochen Pan, Rodrigo Rodrigues, Lewis Tseng, and Haoqian Zhang for their helpful feedback on early drafts of this paper.","status":"public","publication_identifier":{"isbn":["9798400702297"]},"doi":"10.1145/3600006.3613150","page":"281-297","conference":{"name":"SOSP: Symposium on Operating Systems Principles","end_date":"2023-10-26","location":"Koblenz, Germany","start_date":"2023-10-23"},"language":[{"iso":"eng"}],"year":"2023","oa":1,"isi":1,"month":"10"},{"day":"01","article_processing_charge":"No","oa_version":"None","_id":"14744","scopus_import":"1","department":[{"_id":"ElKo"}],"alternative_title":["LNCS"],"intvolume":"     13892","publisher":"Springer Nature","quality_controlled":"1","citation":{"chicago":"Avarikioti, Zeta, Antoine Desjardins, Eleftherios Kokoris Kogias, and Roger Wattenhofer. “Divide &#38; Scale: Formalization and Roadmap to Robust Sharding.” In <i>30th International Colloquium on Structural Information and Communication Complexity</i>, 13892:199–245. Springer Nature, 2023. <a href=\"https://doi.org/10.1007/978-3-031-32733-9_10\">https://doi.org/10.1007/978-3-031-32733-9_10</a>.","apa":"Avarikioti, Z., Desjardins, A., Kokoris Kogias, E., &#38; Wattenhofer, R. (2023). Divide &#38; Scale: Formalization and roadmap to robust sharding. In <i>30th International Colloquium on Structural Information and Communication Complexity</i> (Vol. 13892, pp. 199–245). Alcalá de Henares, Spain: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-32733-9_10\">https://doi.org/10.1007/978-3-031-32733-9_10</a>","ama":"Avarikioti Z, Desjardins A, Kokoris Kogias E, Wattenhofer R. Divide &#38; Scale: Formalization and roadmap to robust sharding. In: <i>30th International Colloquium on Structural Information and Communication Complexity</i>. Vol 13892. Springer Nature; 2023:199-245. doi:<a href=\"https://doi.org/10.1007/978-3-031-32733-9_10\">10.1007/978-3-031-32733-9_10</a>","short":"Z. Avarikioti, A. Desjardins, E. Kokoris Kogias, R. Wattenhofer, in:, 30th International Colloquium on Structural Information and Communication Complexity, Springer Nature, 2023, pp. 199–245.","mla":"Avarikioti, Zeta, et al. “Divide &#38; Scale: Formalization and Roadmap to Robust Sharding.” <i>30th International Colloquium on Structural Information and Communication Complexity</i>, vol. 13892, Springer Nature, 2023, pp. 199–245, doi:<a href=\"https://doi.org/10.1007/978-3-031-32733-9_10\">10.1007/978-3-031-32733-9_10</a>.","ieee":"Z. Avarikioti, A. Desjardins, E. Kokoris Kogias, and R. Wattenhofer, “Divide &#38; Scale: Formalization and roadmap to robust sharding,” in <i>30th International Colloquium on Structural Information and Communication Complexity</i>, Alcalá de Henares, Spain, 2023, vol. 13892, pp. 199–245.","ista":"Avarikioti Z, Desjardins A, Kokoris Kogias E, Wattenhofer R. 2023. Divide &#38; Scale: Formalization and roadmap to robust sharding. 30th International Colloquium on Structural Information and Communication Complexity. SIROCCO: Structural Information and Communication Complexity, LNCS, vol. 13892, 199–245."},"date_published":"2023-06-01T00:00:00Z","publication_status":"published","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication":"30th International Colloquium on Structural Information and Communication Complexity","date_updated":"2025-09-09T14:10:46Z","abstract":[{"lang":"eng","text":"Sharding distributed ledgers is a promising on-chain solution for scaling blockchains but lacks formal grounds, nurturing skepticism on whether such complex systems can scale blockchains securely. We fill this gap by introducing the first formal framework as well as a roadmap to robust sharding. In particular, we first define the properties sharded distributed ledgers should fulfill. We build upon and extend the Bitcoin backbone protocol by defining consistency and scalability. Consistency encompasses the need for atomic execution of cross-shard transactions to preserve safety, whereas scalability encapsulates the speedup a sharded system can gain in comparison to a non-sharded system.\r\nUsing our model, we explore the limitations of sharding. We show that a sharded ledger with n participants cannot scale under a fully adaptive adversary, but it can scale up to m shards where n=c'm log m, under an epoch-adaptive adversary; the constant c' encompasses the trade-off between security and scalability. This is possible only if the sharded ledgers create succinct proofs of the valid state updates at every epoch. We leverage our results to identify the sufficient components for robust sharding, which we incorporate in a protocol abstraction termed Divide & Scale. To demonstrate the power of our framework, we analyze the most prominent sharded blockchains (Elastico, Monoxide, OmniLedger, RapidChain) and pinpoint where they fail to meet the desired properties."}],"author":[{"first_name":"Zeta","last_name":"Avarikioti","full_name":"Avarikioti, Zeta"},{"full_name":"Desjardins, Antoine","id":"06d0c166-aec1-11ee-a7c0-b96e840a602b","first_name":"Antoine","last_name":"Desjardins"},{"first_name":"Eleftherios","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"full_name":"Wattenhofer, Roger","last_name":"Wattenhofer","first_name":"Roger"}],"title":"Divide & Scale: Formalization and roadmap to robust sharding","external_id":{"isi":["001292782600010"]},"date_created":"2024-01-08T12:56:46Z","type":"conference","acknowledgement":"The work was partially supported by the Austrian Science Fund (FWF) through the project CoRaF (grant agreement 2020388).","publication_identifier":{"eissn":["1611-3349"],"eisbn":["9783031327339"],"isbn":["9783031327322"],"issn":["0302-9743"]},"status":"public","volume":13892,"page":"199-245","conference":{"location":"Alcalá de Henares, Spain","end_date":"2023-06-09","name":"SIROCCO: Structural Information and Communication Complexity","start_date":"2023-06-06"},"doi":"10.1007/978-3-031-32733-9_10","year":"2023","language":[{"iso":"eng"}],"isi":1,"month":"06"},{"quality_controlled":"1","citation":{"short":"S. Cohen, G. Goren, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, in:, 27th International Conference on Financial Cryptography and Data Security, Springer Nature, 2023, pp. 36–53.","mla":"Cohen, Shir, et al. “Proof of Availability and Retrieval in a Modular Blockchain Architecture.” <i>27th International Conference on Financial Cryptography and Data Security</i>, vol. 13951, Springer Nature, 2023, pp. 36–53, doi:<a href=\"https://doi.org/10.1007/978-3-031-47751-5_3\">10.1007/978-3-031-47751-5_3</a>.","ieee":"S. Cohen, G. Goren, E. Kokoris Kogias, A. Sonnino, and A. Spiegelman, “Proof of availability and retrieval in a modular blockchain architecture,” in <i>27th International Conference on Financial Cryptography and Data Security</i>, Bol, Brac, Croatia, 2023, vol. 13951, pp. 36–53.","ista":"Cohen S, Goren G, Kokoris Kogias E, Sonnino A, Spiegelman A. 2023. Proof of availability and retrieval in a modular blockchain architecture. 27th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13951, 36–53.","chicago":"Cohen, Shir, Guy Goren, Eleftherios Kokoris Kogias, Alberto Sonnino, and Alexander Spiegelman. “Proof of Availability and Retrieval in a Modular Blockchain Architecture.” In <i>27th International Conference on Financial Cryptography and Data Security</i>, 13951:36–53. Springer Nature, 2023. <a href=\"https://doi.org/10.1007/978-3-031-47751-5_3\">https://doi.org/10.1007/978-3-031-47751-5_3</a>.","ama":"Cohen S, Goren G, Kokoris Kogias E, Sonnino A, Spiegelman A. Proof of availability and retrieval in a modular blockchain architecture. In: <i>27th International Conference on Financial Cryptography and Data Security</i>. Vol 13951. Springer Nature; 2023:36-53. doi:<a href=\"https://doi.org/10.1007/978-3-031-47751-5_3\">10.1007/978-3-031-47751-5_3</a>","apa":"Cohen, S., Goren, G., Kokoris Kogias, E., Sonnino, A., &#38; Spiegelman, A. (2023). Proof of availability and retrieval in a modular blockchain architecture. In <i>27th International Conference on Financial Cryptography and Data Security</i> (Vol. 13951, pp. 36–53). Bol, Brac, Croatia: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-47751-5_3\">https://doi.org/10.1007/978-3-031-47751-5_3</a>"},"publisher":"Springer Nature","scopus_import":"1","intvolume":"     13951","department":[{"_id":"ElKo"}],"alternative_title":["LNCS"],"day":"01","_id":"14829","oa_version":"Submitted Version","article_processing_charge":"No","project":[{"_id":"34a4ce89-11ca-11ed-8bc3-8cc37fb6e11f","grant_number":"F8512","name":"Security and Privacy by Design for Complex Systems"}],"external_id":{"isi":["001150231600003"]},"date_created":"2024-01-18T07:41:12Z","author":[{"first_name":"Shir","last_name":"Cohen","full_name":"Cohen, Shir"},{"full_name":"Goren, Guy","last_name":"Goren","first_name":"Guy"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","last_name":"Kokoris Kogias","first_name":"Eleftherios"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"full_name":"Spiegelman, Alexander","last_name":"Spiegelman","first_name":"Alexander"}],"title":"Proof of availability and retrieval in a modular blockchain architecture","date_updated":"2025-09-09T14:22:38Z","main_file_link":[{"open_access":"1","url":"https://fc23.ifca.ai/preproceedings/150.pdf"}],"abstract":[{"lang":"eng","text":"This paper explores a modular design architecture aimed at helping blockchains (and other SMR implementation) to scale to a very large number of processes. This comes in contrast to existing monolithic architectures that interleave transaction dissemination, ordering, and execution in a single functionality. To achieve this we first split the monolith to multiple layers which can use existing distributed computing primitives. The exact specifications of the data dissemination part are formally defined by the Proof of Availability & Retrieval (PoA &R) abstraction. Solutions to the PoA &R problem contain two related sub-protocols: one that “pushes” information into the network and another that “pulls” this information. Regarding the latter, there is a dearth of research literature which is rectified in this paper. We present a family of pulling sub-protocols and rigorously analyze them. Extensive simulations support the theoretical claims of efficiency and robustness in case of a very large number of players. Finally, actual implementation and deployment on a small number of machines (roughly the size of several industrial systems) demonstrates the viability of the architecture’s paradigm."}],"user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication_status":"published","publication":"27th International Conference on Financial Cryptography and Data Security","date_published":"2023-12-01T00:00:00Z","volume":13951,"publication_identifier":{"eisbn":["9783031477515"],"isbn":["9783031477508"],"issn":["0302-9743"],"eissn":["1611-3349"]},"status":"public","acknowledgement":"This work is partially supported by Meta. Eleftherios Kokoris-Kogias is partially supported by Austrian Science Fund (FWF) grant No: F8512-N. Shir Cohen is supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities.","type":"conference","month":"12","isi":1,"year":"2023","oa":1,"language":[{"iso":"eng"}],"doi":"10.1007/978-3-031-47751-5_3","page":"36-53","conference":{"start_date":"2023-05-01","end_date":"2023-05-05","location":"Bol, Brac, Croatia","name":"FC: Financial Cryptography and Data Security"}},{"status":"public","publisher":"Internet Society","publication_identifier":{"isbn":["1891562835"]},"citation":{"ieee":"H. Malvai <i>et al.</i>, “Parakeet: Practical key transparency for end-to-end eEncrypted messaging,” in <i>Proceedings of the 2023 Network and Distributed System Security Symposium</i>, San Diego, CA, United States, 2023.","short":"H. Malvai, E. Kokoris Kogias, A. Sonnino, E. Ghosh, E. Oztürk, K. Lewi, S. Lawlor, in:, Proceedings of the 2023 Network and Distributed System Security Symposium, Internet Society, 2023.","mla":"Malvai, Harjasleen, et al. “Parakeet: Practical Key Transparency for End-to-End EEncrypted Messaging.” <i>Proceedings of the 2023 Network and Distributed System Security Symposium</i>, Internet Society, 2023, doi:<a href=\"https://doi.org/10.14722/ndss.2023.24545\">10.14722/ndss.2023.24545</a>.","ista":"Malvai H, Kokoris Kogias E, Sonnino A, Ghosh E, Oztürk E, Lewi K, Lawlor S. 2023. Parakeet: Practical key transparency for end-to-end eEncrypted messaging. Proceedings of the 2023 Network and Distributed System Security Symposium. NDSS: Network and Distributed Systems Security.","chicago":"Malvai, Harjasleen, Eleftherios Kokoris Kogias, Alberto Sonnino, Esha Ghosh, Ercan Oztürk, Kevin Lewi, and Sean Lawlor. “Parakeet: Practical Key Transparency for End-to-End EEncrypted Messaging.” In <i>Proceedings of the 2023 Network and Distributed System Security Symposium</i>. Internet Society, 2023. <a href=\"https://doi.org/10.14722/ndss.2023.24545\">https://doi.org/10.14722/ndss.2023.24545</a>.","apa":"Malvai, H., Kokoris Kogias, E., Sonnino, A., Ghosh, E., Oztürk, E., Lewi, K., &#38; Lawlor, S. (2023). Parakeet: Practical key transparency for end-to-end eEncrypted messaging. In <i>Proceedings of the 2023 Network and Distributed System Security Symposium</i>. San Diego, CA, United States: Internet Society. <a href=\"https://doi.org/10.14722/ndss.2023.24545\">https://doi.org/10.14722/ndss.2023.24545</a>","ama":"Malvai H, Kokoris Kogias E, Sonnino A, et al. Parakeet: Practical key transparency for end-to-end eEncrypted messaging. In: <i>Proceedings of the 2023 Network and Distributed System Security Symposium</i>. Internet Society; 2023. doi:<a href=\"https://doi.org/10.14722/ndss.2023.24545\">10.14722/ndss.2023.24545</a>"},"quality_controlled":"1","_id":"14989","type":"conference","article_processing_charge":"No","oa_version":"Published Version","day":"01","department":[{"_id":"ElKo"}],"acknowledgement":"This work is supported by the Novi team at Meta and funded in part by IC3 industry partners and NSF grant 1943499.","scopus_import":"1","abstract":[{"lang":"eng","text":"Encryption alone is not enough for secure end-to end encrypted messaging: a server must also honestly serve public keys to users. Key transparency has been presented as an efficient\r\nsolution for detecting (and hence deterring) a server that attempts to dishonestly serve keys. Key transparency involves two major components: (1) a username to public key mapping, stored and cryptographically committed to by the server, and, (2) an outof-band consistency protocol for serving short commitments to users. In the setting of real-world deployments and supporting production scale, new challenges must be considered for both of these components. We enumerate these challenges and provide solutions to address them. In particular, we design and implement a memory-optimized and privacy-preserving verifiable data structure for committing to the username to public key store.\r\nTo make this implementation viable for production, we also integrate support for persistent and distributed storage. We also propose a future-facing solution, termed “compaction”, as\r\na mechanism for mitigating practical issues that arise from dealing with infinitely growing server data structures. Finally, we implement a consensusless solution that achieves the minimum requirements for a service that consistently distributes commitments for a transparency application, providing a much more efficient protocol for distributing small and consistent\r\ncommitments to users. This culminates in our production-grade implementation of a key transparency system (Parakeet) which we have open-sourced, along with a demonstration of feasibility through our benchmarks."}],"date_updated":"2024-10-21T06:01:37Z","main_file_link":[{"url":"https://eprint.iacr.org/2023/081","open_access":"1"}],"date_created":"2024-02-14T14:20:40Z","title":"Parakeet: Practical key transparency for end-to-end eEncrypted messaging","author":[{"first_name":"Harjasleen","last_name":"Malvai","full_name":"Malvai, Harjasleen"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"last_name":"Ghosh","first_name":"Esha","full_name":"Ghosh, Esha"},{"first_name":"Ercan","last_name":"Oztürk","full_name":"Oztürk, Ercan"},{"first_name":"Kevin","last_name":"Lewi","full_name":"Lewi, Kevin"},{"last_name":"Lawlor","first_name":"Sean","full_name":"Lawlor, Sean"}],"month":"03","doi":"10.14722/ndss.2023.24545","conference":{"name":"NDSS: Network and Distributed Systems Security","end_date":"2023-03-03","location":"San Diego, CA, United States","start_date":"2023-02-27"},"date_published":"2023-03-01T00:00:00Z","language":[{"iso":"eng"}],"publication":"Proceedings of the 2023 Network and Distributed System Security Symposium","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","year":"2023","publication_status":"published","oa":1},{"month":"11","isi":1,"language":[{"iso":"eng"}],"year":"2022","conference":{"start_date":"2022-07-10","location":"Bologna, Italy","end_date":"2022-07-10","name":"ICDCSW: International Conference on Distributed Computing Systems Workshop"},"page":"45-52","doi":"10.1109/icdcsw56584.2022.00018","volume":2022,"status":"public","publication_identifier":{"eisbn":["9781665488792"],"eissn":["2332-5666"]},"type":"conference","title":"Hierarchical consensus: A horizontal scaling framework for blockchains","author":[{"last_name":"De la Rocha","first_name":"Alfonso","full_name":"De la Rocha, Alfonso"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"first_name":"Jorge M.","last_name":"Soares","full_name":"Soares, Jorge M."},{"first_name":"Marko","last_name":"Vukolic","full_name":"Vukolic, Marko"}],"external_id":{"isi":["000895984800009"]},"date_created":"2023-01-12T12:09:28Z","abstract":[{"lang":"eng","text":"We present the Filecoin Hierarchical Consensus framework, which aims to overcome the throughput challenges of blockchain consensus by horizontally scaling the network. Unlike traditional sharding designs, based on partitioning the state of the network, our solution centers on the concept of subnets -which are organized hierarchically- and can be spawned on-demand to manage new state. Child sub nets are firewalled from parent subnets, have their own specific policies, and run a different consensus algorithm, increasing the network capacity and enabling new applications. Moreover, they benefit from the security of parent subnets by periodically checkpointing state. In this paper, we introduce the overall system architecture, our detailed designs for cross-net transaction handling, and the open questions that we are still exploring."}],"date_updated":"2023-08-04T09:06:02Z","publication":"42nd International Conference on Distributed Computing Systems Workshops","publication_status":"published","user_id":"4359f0d1-fa6c-11eb-b949-802e58b17ae8","date_published":"2022-11-29T00:00:00Z","quality_controlled":"1","citation":{"ieee":"A. De la Rocha, E. Kokoris Kogias, J. M. Soares, and M. Vukolic, “Hierarchical consensus: A horizontal scaling framework for blockchains,” in <i>42nd International Conference on Distributed Computing Systems Workshops</i>, Bologna, Italy, 2022, vol. 2022, pp. 45–52.","mla":"De la Rocha, Alfonso, et al. “Hierarchical Consensus: A Horizontal Scaling Framework for Blockchains.” <i>42nd International Conference on Distributed Computing Systems Workshops</i>, vol. 2022, Institute of Electrical and Electronics Engineers, 2022, pp. 45–52, doi:<a href=\"https://doi.org/10.1109/icdcsw56584.2022.00018\">10.1109/icdcsw56584.2022.00018</a>.","short":"A. De la Rocha, E. Kokoris Kogias, J.M. Soares, M. Vukolic, in:, 42nd International Conference on Distributed Computing Systems Workshops, Institute of Electrical and Electronics Engineers, 2022, pp. 45–52.","ista":"De la Rocha A, Kokoris Kogias E, Soares JM, Vukolic M. 2022. Hierarchical consensus: A horizontal scaling framework for blockchains. 42nd International Conference on Distributed Computing Systems Workshops. ICDCSW: International Conference on Distributed Computing Systems Workshop vol. 2022, 45–52.","chicago":"De la Rocha, Alfonso, Eleftherios Kokoris Kogias, Jorge M. Soares, and Marko Vukolic. “Hierarchical Consensus: A Horizontal Scaling Framework for Blockchains.” In <i>42nd International Conference on Distributed Computing Systems Workshops</i>, 2022:45–52. Institute of Electrical and Electronics Engineers, 2022. <a href=\"https://doi.org/10.1109/icdcsw56584.2022.00018\">https://doi.org/10.1109/icdcsw56584.2022.00018</a>.","apa":"De la Rocha, A., Kokoris Kogias, E., Soares, J. M., &#38; Vukolic, M. (2022). Hierarchical consensus: A horizontal scaling framework for blockchains. In <i>42nd International Conference on Distributed Computing Systems Workshops</i> (Vol. 2022, pp. 45–52). Bologna, Italy: Institute of Electrical and Electronics Engineers. <a href=\"https://doi.org/10.1109/icdcsw56584.2022.00018\">https://doi.org/10.1109/icdcsw56584.2022.00018</a>","ama":"De la Rocha A, Kokoris Kogias E, Soares JM, Vukolic M. Hierarchical consensus: A horizontal scaling framework for blockchains. In: <i>42nd International Conference on Distributed Computing Systems Workshops</i>. Vol 2022. Institute of Electrical and Electronics Engineers; 2022:45-52. doi:<a href=\"https://doi.org/10.1109/icdcsw56584.2022.00018\">10.1109/icdcsw56584.2022.00018</a>"},"publisher":"Institute of Electrical and Electronics Engineers","department":[{"_id":"ElKo"}],"intvolume":"      2022","scopus_import":"1","oa_version":"None","article_processing_charge":"No","_id":"12160","day":"29"},{"isi":1,"arxiv":1,"month":"10","doi":"10.1007/978-3-031-18283-9_13","conference":{"start_date":"2022-05-02","end_date":"2022-05-06","location":"Grenada","name":"FC: Financial Cryptography and Data Security"},"page":"279-295","year":"2022","oa":1,"language":[{"iso":"eng"}],"publication_identifier":{"eisbn":["9783031182839"],"issn":["0302-9743"],"isbn":["9783031182822"],"eissn":["1611-3349"]},"status":"public","volume":13411,"OA_place":"repository","type":"conference","date_updated":"2025-09-10T09:48:54Z","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2110.00960"}],"abstract":[{"text":"Advances in blockchains have influenced the State-Machine-Replication (SMR) world and many state-of-the-art blockchain-SMR solutions are based on two pillars: Chaining and Leader-rotation. A predetermined round-robin mechanism used for Leader-rotation, however, has an undesirable behavior: crashed parties become designated leaders infinitely often, slowing down overall system performance. In this paper, we provide a new Leader-Aware SMR framework that, among other desirable properties, formalizes a Leader-utilization requirement that bounds the number of rounds whose leaders are faulty in crash-only executions.\r\nWe introduce Carousel, a novel, reputation-based Leader-rotation solution to achieve Leader-Aware SMR. The challenge in adaptive Leader-rotation is that it cannot rely on consensus to determine a leader, since consensus itself needs a leader. Carousel uses the available on-chain information to determine a leader locally and achieves Liveness despite this difficulty. A HotStuff implementation fitted with Carousel demonstrates drastic performance improvements: it increases throughput over 2x in faultless settings and provided a 20x throughput increase and 5x latency reduction in the presence of faults.","lang":"eng"}],"date_created":"2023-01-12T12:10:49Z","external_id":{"arxiv":["2110.00960"],"isi":["001423640200013"]},"author":[{"full_name":"Cohen, Shir","first_name":"Shir","last_name":"Cohen"},{"full_name":"Gelashvili, Rati","last_name":"Gelashvili","first_name":"Rati"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"},{"full_name":"Li, Zekun","last_name":"Li","first_name":"Zekun"},{"full_name":"Malkhi, Dahlia","last_name":"Malkhi","first_name":"Dahlia"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"last_name":"Spiegelman","first_name":"Alexander","full_name":"Spiegelman, Alexander"}],"title":"Be aware of your leaders","OA_type":"green","date_published":"2022-10-22T00:00:00Z","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","publication_status":"published","publication":"International Conference on Financial Cryptography and Data Security","publisher":"Springer Nature","citation":{"chicago":"Cohen, Shir, Rati Gelashvili, Eleftherios Kokoris Kogias, Zekun Li, Dahlia Malkhi, Alberto Sonnino, and Alexander Spiegelman. “Be Aware of Your Leaders.” In <i>International Conference on Financial Cryptography and Data Security</i>, 13411:279–95. Springer Nature, 2022. <a href=\"https://doi.org/10.1007/978-3-031-18283-9_13\">https://doi.org/10.1007/978-3-031-18283-9_13</a>.","ama":"Cohen S, Gelashvili R, Kokoris Kogias E, et al. Be aware of your leaders. In: <i>International Conference on Financial Cryptography and Data Security</i>. Vol 13411. Springer Nature; 2022:279-295. doi:<a href=\"https://doi.org/10.1007/978-3-031-18283-9_13\">10.1007/978-3-031-18283-9_13</a>","apa":"Cohen, S., Gelashvili, R., Kokoris Kogias, E., Li, Z., Malkhi, D., Sonnino, A., &#38; Spiegelman, A. (2022). Be aware of your leaders. In <i>International Conference on Financial Cryptography and Data Security</i> (Vol. 13411, pp. 279–295). Grenada: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-18283-9_13\">https://doi.org/10.1007/978-3-031-18283-9_13</a>","short":"S. Cohen, R. Gelashvili, E. Kokoris Kogias, Z. Li, D. Malkhi, A. Sonnino, A. Spiegelman, in:, International Conference on Financial Cryptography and Data Security, Springer Nature, 2022, pp. 279–295.","mla":"Cohen, Shir, et al. “Be Aware of Your Leaders.” <i>International Conference on Financial Cryptography and Data Security</i>, vol. 13411, Springer Nature, 2022, pp. 279–95, doi:<a href=\"https://doi.org/10.1007/978-3-031-18283-9_13\">10.1007/978-3-031-18283-9_13</a>.","ieee":"S. Cohen <i>et al.</i>, “Be aware of your leaders,” in <i>International Conference on Financial Cryptography and Data Security</i>, Grenada, 2022, vol. 13411, pp. 279–295.","ista":"Cohen S, Gelashvili R, Kokoris Kogias E, Li Z, Malkhi D, Sonnino A, Spiegelman A. 2022. Be aware of your leaders. International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 13411, 279–295."},"quality_controlled":"1","day":"22","_id":"12168","article_processing_charge":"No","oa_version":"Preprint","scopus_import":"1","intvolume":"     13411","department":[{"_id":"ElKo"}],"alternative_title":["LNCS"]},{"year":"2022","oa":1,"language":[{"iso":"eng"}],"doi":"10.1145/3548606.3559361","conference":{"start_date":"2022-11-07","name":"CCS: Conference on Computer and Communications Security","location":"Los Angeles, CA, United States","end_date":"2022-11-11"},"page":"2705–2718","month":"11","arxiv":1,"type":"conference","publication_identifier":{"isbn":["9781450394505"]},"status":"public","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication_status":"published","publication":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","date_published":"2022-11-01T00:00:00Z","external_id":{"arxiv":["2201.05677"]},"date_created":"2023-01-16T09:49:48Z","author":[{"full_name":"Spiegelman, Alexander","last_name":"Spiegelman","first_name":"Alexander"},{"first_name":"Neil","last_name":"Giridharan","full_name":"Giridharan, Neil"},{"full_name":"Sonnino, Alberto","first_name":"Alberto","last_name":"Sonnino"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios"}],"title":"Bullshark: DAG BFT protocols made practical","date_updated":"2025-07-10T11:50:26Z","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2201.05677"}],"abstract":[{"text":"We present Bullshark, the first directed acyclic graph (DAG) based asynchronous Byzantine Atomic Broadcast protocol that is optimized for the common synchronous case. Like previous DAG-based BFT protocols [19, 25], Bullshark requires no extra communication to achieve consensus on top of building the DAG. That is, parties can totally order the vertices of the DAG by interpreting their local view of the DAG edges. Unlike other asynchronous DAG-based protocols, Bullshark provides a practical low latency fast-path that exploits synchronous periods and deprecates the need for notoriously complex view-change and view-synchronization mechanisms. Bullshark achieves this while maintaining all the desired properties of its predecessor DAG-Rider [25]. Namely, it has optimal amortized communication complexity, it provides fairness and asynchronous liveness, and safety is guaranteed even under a quantum adversary.\r\n\r\nIn order to show the practicality and simplicity of our approach, we also introduce a standalone partially synchronous version of Bullshark, which we evaluate against the state of the art. The implemented protocol is embarrassingly simple (200 LOC on top of an existing DAG-based mempool implementation). It is highly efficient, achieving for example, 125,000 transactions per second with a 2 seconds latency for a deployment of 50 parties. In the same setting, the state of the art pays a steep 50% latency increase as it optimizes for asynchrony.","lang":"eng"}],"scopus_import":"1","department":[{"_id":"ElKo"}],"day":"01","_id":"12229","oa_version":"Preprint","article_processing_charge":"No","citation":{"chicago":"Spiegelman, Alexander, Neil Giridharan, Alberto Sonnino, and Eleftherios Kokoris Kogias. “Bullshark: DAG BFT Protocols Made Practical.” In <i>Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security</i>, 2705–2718. Association for Computing Machinery, 2022. <a href=\"https://doi.org/10.1145/3548606.3559361\">https://doi.org/10.1145/3548606.3559361</a>.","ama":"Spiegelman A, Giridharan N, Sonnino A, Kokoris Kogias E. Bullshark: DAG BFT protocols made practical. In: <i>Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security</i>. Association for Computing Machinery; 2022:2705–2718. doi:<a href=\"https://doi.org/10.1145/3548606.3559361\">10.1145/3548606.3559361</a>","apa":"Spiegelman, A., Giridharan, N., Sonnino, A., &#38; Kokoris Kogias, E. (2022). Bullshark: DAG BFT protocols made practical. In <i>Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security</i> (pp. 2705–2718). Los Angeles, CA, United States: Association for Computing Machinery. <a href=\"https://doi.org/10.1145/3548606.3559361\">https://doi.org/10.1145/3548606.3559361</a>","mla":"Spiegelman, Alexander, et al. “Bullshark: DAG BFT Protocols Made Practical.” <i>Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security</i>, Association for Computing Machinery, 2022, pp. 2705–2718, doi:<a href=\"https://doi.org/10.1145/3548606.3559361\">10.1145/3548606.3559361</a>.","short":"A. Spiegelman, N. Giridharan, A. Sonnino, E. Kokoris Kogias, in:, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, 2022, pp. 2705–2718.","ieee":"A. Spiegelman, N. Giridharan, A. Sonnino, and E. Kokoris Kogias, “Bullshark: DAG BFT protocols made practical,” in <i>Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security</i>, Los Angeles, CA, United States, 2022, pp. 2705–2718.","ista":"Spiegelman A, Giridharan N, Sonnino A, Kokoris Kogias E. 2022. Bullshark: DAG BFT protocols made practical. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS: Conference on Computer and Communications Security, 2705–2718."},"quality_controlled":"1","publisher":"Association for Computing Machinery"},{"publisher":"Springer Nature","quality_controlled":"1","citation":{"chicago":"Gelashvili, Rati, Eleftherios Kokoris Kogias, Alberto Sonnino, Alexander Spiegelman, and Zhuolun Xiang. “Jolteon and Ditto: Network-Adaptive Efficient Consensus with Asynchronous Fallback.” In <i>Financial Cryptography and Data Security</i>, 13411:296–315. Springer Nature, 2022. <a href=\"https://doi.org/10.1007/978-3-031-18283-9_14\">https://doi.org/10.1007/978-3-031-18283-9_14</a>.","ama":"Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. In: <i>Financial Cryptography and Data Security</i>. Vol 13411. Springer Nature; 2022:296-315. doi:<a href=\"https://doi.org/10.1007/978-3-031-18283-9_14\">10.1007/978-3-031-18283-9_14</a>","apa":"Gelashvili, R., Kokoris Kogias, E., Sonnino, A., Spiegelman, A., &#38; Xiang, Z. (2022). Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. In <i>Financial Cryptography and Data Security</i> (Vol. 13411, pp. 296–315). Radisson Grenada Beach Resort, Grenada: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-18283-9_14\">https://doi.org/10.1007/978-3-031-18283-9_14</a>","ieee":"R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, and Z. Xiang, “Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback,” in <i>Financial Cryptography and Data Security</i>, Radisson Grenada Beach Resort, Grenada, 2022, vol. 13411, pp. 296–315.","mla":"Gelashvili, Rati, et al. “Jolteon and Ditto: Network-Adaptive Efficient Consensus with Asynchronous Fallback.” <i>Financial Cryptography and Data Security</i>, vol. 13411, Springer Nature, 2022, pp. 296–315, doi:<a href=\"https://doi.org/10.1007/978-3-031-18283-9_14\">10.1007/978-3-031-18283-9_14</a>.","short":"R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, Z. Xiang, in:, Financial Cryptography and Data Security, Springer Nature, 2022, pp. 296–315.","ista":"Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. 2022. Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback. Financial Cryptography and Data Security. FC: Financial Cryptography, LNCS, vol. 13411, 296–315."},"oa_version":"Preprint","article_processing_charge":"No","_id":"12298","day":"22","department":[{"_id":"ElKo"}],"alternative_title":["LNCS"],"intvolume":"     13411","scopus_import":"1","abstract":[{"text":"Existing committee-based Byzantine state machine replication (SMR) protocols, typically deployed in production blockchains, face a clear trade-off: (1) they either achieve linear communication cost in the steady state, but sacrifice liveness during periods of asynchrony, or (2) they are robust (progress with probability one) but pay quadratic communication cost. We believe this trade-off is unwarranted since existing linear protocols still have asymptotic quadratic cost in the worst case. We design Ditto, a Byzantine SMR protocol that enjoys the best of both worlds: optimal communication on and off the steady state (linear and quadratic, respectively) and progress guarantee under asynchrony and DDoS attacks. We achieve this by replacing the view-synchronization of partially synchronous protocols with an asynchronous fallback mechanism at no extra asymptotic cost. Specifically, we start from HotStuff, a state-of-the-art linear protocol, and gradually build Ditto. As a separate contribution and an intermediate step, we design a 2-chain version of HotStuff, Jolteon, which leverages a quadratic view-change mechanism to reduce the latency of the standard 3-chain HotStuff. We implement and experimentally evaluate all our systems to prove that breaking the robustness-efficiency trade-off is in the realm of practicality.","lang":"eng"}],"main_file_link":[{"url":" https://doi.org/10.48550/arXiv.2106.10362","open_access":"1"}],"date_updated":"2025-09-10T09:52:23Z","author":[{"first_name":"Rati","last_name":"Gelashvili","full_name":"Gelashvili, Rati"},{"full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"full_name":"Spiegelman, Alexander","last_name":"Spiegelman","first_name":"Alexander"},{"first_name":"Zhuolun","last_name":"Xiang","full_name":"Xiang, Zhuolun"}],"title":"Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback","date_created":"2023-01-16T10:05:51Z","external_id":{"arxiv":["2106.10362"],"isi":["001423640200014"]},"date_published":"2022-10-22T00:00:00Z","publication":"Financial Cryptography and Data Security","publication_status":"published","user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","status":"public","publication_identifier":{"isbn":["9783031182822"],"issn":["0302-9743"],"eisbn":["9783031182839"],"eissn":["1611-3349"]},"volume":13411,"type":"conference","acknowledgement":"We thank our shepherd Aniket Kate and the anonymous reviewers at FC 2022 for their helpful feedback. This work is supported by the Novi team at Facebook. We also thank the Novi Research and Engineering teams for valuable feedback, and in particular Mathieu Baudet, Andrey Chursin, George Danezis, Zekun Li, and Dahlia Malkhi for discussions that shaped this work.","arxiv":1,"isi":1,"month":"10","conference":{"name":"FC: Financial Cryptography","location":"Radisson Grenada Beach Resort, Grenada","end_date":"2022-05-06","start_date":"2022-05-02"},"page":"296-315","doi":"10.1007/978-3-031-18283-9_14","language":[{"iso":"eng"}],"oa":1,"year":"2022"},{"main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2021/1591"}],"date_updated":"2023-02-16T07:43:53Z","abstract":[{"text":"Distributed Key Generation (DKG) is a technique to bootstrap threshold cryptosystems without a trusted third party and is a building block to decentralized protocols such as randomness beacons, threshold signatures, and general multiparty computation. Until recently, DKG protocols have assumed the synchronous model and thus are vulnerable when their underlying network assumptions do not hold. The recent advancements in asynchronous DKG protocols are insufficient as they either have poor efficiency or limited functionality, resulting in a lack of concrete implementations. In this paper, we present a simple and concretely efficient asynchronous DKG (ADKG) protocol. In a network of n nodes, our ADKG protocol can tolerate up to t<n/3 malicious nodes and have an expected O(κn3) communication cost, where κ is the security parameter. Our ADKG protocol produces a field element as the secret and is thus compatible with off-the-shelf threshold cryptosystems. We implement our ADKG protocol and evaluate it using a network of up to 128 nodes in geographically distributed AWS instances. Our evaluation shows that our protocol takes as low as 3 and 9.5 seconds to terminate for 32 and 64 nodes, respectively. Also, each node sends only 0.7 Megabytes and 2.9 Megabytes of data during the two experiments, respectively.","lang":"eng"}],"month":"07","author":[{"full_name":"Das, Sourav","first_name":"Sourav","last_name":"Das"},{"last_name":"Yurek","first_name":"Thomas","full_name":"Yurek, Thomas"},{"full_name":"Xiang, Zhuolun","last_name":"Xiang","first_name":"Zhuolun"},{"full_name":"Miller, Andrew","last_name":"Miller","first_name":"Andrew"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","first_name":"Eleftherios","last_name":"Kokoris Kogias"},{"full_name":"Ren, Ling","first_name":"Ling","last_name":"Ren"}],"title":"Practical asynchronous distributed key generation","date_created":"2023-01-16T10:06:11Z","date_published":"2022-07-27T00:00:00Z","page":"2518-2534","conference":{"name":"SP: Symposium on Security and Privacy","location":"San Francisco, CA, United States","end_date":"2022-05-26","start_date":"2022-05-23"},"doi":"10.1109/sp46214.2022.9833584","oa":1,"publication_status":"published","year":"2022","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","language":[{"iso":"eng"}],"publication":"2022 IEEE Symposium on Security and Privacy","publication_identifier":{"eissn":["2375-1207"],"eisbn":["9781665413169"]},"publisher":"Institute of Electrical and Electronics Engineers","status":"public","citation":{"mla":"Das, Sourav, et al. “Practical Asynchronous Distributed Key Generation.” <i>2022 IEEE Symposium on Security and Privacy</i>, Institute of Electrical and Electronics Engineers, 2022, pp. 2518–34, doi:<a href=\"https://doi.org/10.1109/sp46214.2022.9833584\">10.1109/sp46214.2022.9833584</a>.","short":"S. Das, T. Yurek, Z. Xiang, A. Miller, E. Kokoris Kogias, L. Ren, in:, 2022 IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers, 2022, pp. 2518–2534.","ieee":"S. Das, T. Yurek, Z. Xiang, A. Miller, E. Kokoris Kogias, and L. Ren, “Practical asynchronous distributed key generation,” in <i>2022 IEEE Symposium on Security and Privacy</i>, San Francisco, CA, United States, 2022, pp. 2518–2534.","ista":"Das S, Yurek T, Xiang Z, Miller A, Kokoris Kogias E, Ren L. 2022. Practical asynchronous distributed key generation. 2022 IEEE Symposium on Security and Privacy. SP: Symposium on Security and Privacy, 2518–2534.","chicago":"Das, Sourav, Thomas Yurek, Zhuolun Xiang, Andrew Miller, Eleftherios Kokoris Kogias, and Ling Ren. “Practical Asynchronous Distributed Key Generation.” In <i>2022 IEEE Symposium on Security and Privacy</i>, 2518–34. Institute of Electrical and Electronics Engineers, 2022. <a href=\"https://doi.org/10.1109/sp46214.2022.9833584\">https://doi.org/10.1109/sp46214.2022.9833584</a>.","ama":"Das S, Yurek T, Xiang Z, Miller A, Kokoris Kogias E, Ren L. Practical asynchronous distributed key generation. In: <i>2022 IEEE Symposium on Security and Privacy</i>. Institute of Electrical and Electronics Engineers; 2022:2518-2534. doi:<a href=\"https://doi.org/10.1109/sp46214.2022.9833584\">10.1109/sp46214.2022.9833584</a>","apa":"Das, S., Yurek, T., Xiang, Z., Miller, A., Kokoris Kogias, E., &#38; Ren, L. (2022). Practical asynchronous distributed key generation. In <i>2022 IEEE Symposium on Security and Privacy</i> (pp. 2518–2534). San Francisco, CA, United States: Institute of Electrical and Electronics Engineers. <a href=\"https://doi.org/10.1109/sp46214.2022.9833584\">https://doi.org/10.1109/sp46214.2022.9833584</a>"},"quality_controlled":"1","day":"27","oa_version":"Preprint","article_processing_charge":"No","type":"conference","_id":"12300","scopus_import":"1","acknowledgement":"The authors would like to thank Amit Agarwal, Adithya Bhat, Kobi Gurkan, Dakshita Khurana, Nibesh Shrestha, and Gilad Stern for the helpful discussions related to the paper.\r\nAlso, the authors would like to thank Sylvain Bellemare for helping with the hbACSS codebase and Nicolas Gailly for helping with running the Drand experiments.","department":[{"_id":"ElKo"}]},{"title":"Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus","author":[{"last_name":"Danezis","first_name":"George","full_name":"Danezis, George"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","last_name":"Kokoris Kogias","first_name":"Eleftherios"},{"first_name":"Alberto","last_name":"Sonnino","full_name":"Sonnino, Alberto"},{"full_name":"Spiegelman, Alexander","last_name":"Spiegelman","first_name":"Alexander"}],"external_id":{"arxiv":["2105.11827"],"isi":["000926506800003"]},"date_created":"2022-04-24T22:01:43Z","main_file_link":[{"url":" https://doi.org/10.48550/arXiv.2105.11827","open_access":"1"}],"date_updated":"2023-08-03T06:38:40Z","abstract":[{"lang":"eng","text":"We propose separating the task of reliable transaction dissemination from transaction ordering, to enable high-performance Byzantine fault-tolerant quorum-based consensus. We design and evaluate a mempool protocol, Narwhal, specializing in high-throughput reliable dissemination and storage of causal histories of transactions. Narwhal tolerates an asynchronous network and maintains high performance despite failures. Narwhal is designed to easily scale-out using multiple workers at each validator, and we demonstrate that there is no foreseeable limit to the throughput we can achieve.\r\nComposing Narwhal with a partially synchronous consensus protocol (Narwhal-HotStuff) yields significantly better throughput even in the presence of faults or intermittent loss of liveness due to asynchrony. However, loss of liveness can result in higher latency. To achieve overall good performance when faults occur we design Tusk, a zero-message overhead asynchronous consensus protocol, to work with Narwhal. We demonstrate its high performance under a variety of configurations and faults.\r\nAs a summary of results, on a WAN, Narwhal-Hotstuff achieves over 130,000 tx/sec at less than 2-sec latency compared with 1,800 tx/sec at 1-sec latency for Hotstuff. Additional workers increase throughput linearly to 600,000 tx/sec without any latency increase. Tusk achieves 160,000 tx/sec with about 3 seconds latency. Under faults, both protocols maintain high throughput, but Narwhal-HotStuff suffers from increased latency."}],"publication_status":"published","user_id":"4359f0d1-fa6c-11eb-b949-802e58b17ae8","publication":"Proceedings of the 17th European Conference on Computer Systems","date_published":"2022-03-28T00:00:00Z","quality_controlled":"1","citation":{"ista":"Danezis G, Kokoris Kogias E, Sonnino A, Spiegelman A. 2022. Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus. Proceedings of the 17th European Conference on Computer Systems. EuroSys: European Conference on Computer Systems, 34–50.","mla":"Danezis, George, et al. “Narwhal and Tusk: A DAG-Based Mempool and Efficient BFT Consensus.” <i>Proceedings of the 17th European Conference on Computer Systems</i>, Association for Computing Machinery, 2022, pp. 34–50, doi:<a href=\"https://doi.org/10.1145/3492321.3519594\">10.1145/3492321.3519594</a>.","short":"G. Danezis, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, in:, Proceedings of the 17th European Conference on Computer Systems, Association for Computing Machinery, 2022, pp. 34–50.","ieee":"G. Danezis, E. Kokoris Kogias, A. Sonnino, and A. Spiegelman, “Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus,” in <i>Proceedings of the 17th European Conference on Computer Systems</i>, Rennes, France, 2022, pp. 34–50.","apa":"Danezis, G., Kokoris Kogias, E., Sonnino, A., &#38; Spiegelman, A. (2022). Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus. In <i>Proceedings of the 17th European Conference on Computer Systems</i> (pp. 34–50). Rennes, France: Association for Computing Machinery. <a href=\"https://doi.org/10.1145/3492321.3519594\">https://doi.org/10.1145/3492321.3519594</a>","ama":"Danezis G, Kokoris Kogias E, Sonnino A, Spiegelman A. Narwhal and Tusk: A DAG-based mempool and efficient BFT consensus. In: <i>Proceedings of the 17th European Conference on Computer Systems</i>. Association for Computing Machinery; 2022:34-50. doi:<a href=\"https://doi.org/10.1145/3492321.3519594\">10.1145/3492321.3519594</a>","chicago":"Danezis, George, Eleftherios Kokoris Kogias, Alberto Sonnino, and Alexander Spiegelman. “Narwhal and Tusk: A DAG-Based Mempool and Efficient BFT Consensus.” In <i>Proceedings of the 17th European Conference on Computer Systems</i>, 34–50. Association for Computing Machinery, 2022. <a href=\"https://doi.org/10.1145/3492321.3519594\">https://doi.org/10.1145/3492321.3519594</a>."},"publisher":"Association for Computing Machinery","scopus_import":"1","department":[{"_id":"ElKo"}],"day":"28","oa_version":"Preprint","article_processing_charge":"No","_id":"11331","month":"03","arxiv":1,"isi":1,"oa":1,"year":"2022","language":[{"iso":"eng"}],"conference":{"name":"EuroSys: European Conference on Computer Systems","location":"Rennes, France","end_date":"2022-04-08","start_date":"2022-04-05"},"page":"34-50","doi":"10.1145/3492321.3519594","publication_identifier":{"isbn":["9781450391627"]},"status":"public","type":"conference"},{"publisher":"Association for Computing Machinery","citation":{"mla":"Gelashvili, Rati, et al. “Brief Announcement: Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol.” <i>Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing</i>, Association for Computing Machinery, 2021, pp. 187–90, doi:<a href=\"https://doi.org/10.1145/3465084.3467941\">10.1145/3465084.3467941</a>.","short":"R. Gelashvili, E. Kokoris Kogias, A. Spiegelman, Z. Xiang, in:, Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, Association for Computing Machinery, 2021, pp. 187–190.","ieee":"R. Gelashvili, E. Kokoris Kogias, A. Spiegelman, and Z. Xiang, “Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol,” in <i>Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing</i>, Virtual, Italy, 2021, pp. 187–190.","ista":"Gelashvili R, Kokoris Kogias E, Spiegelman A, Xiang Z. 2021. Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. PODC: Principles of Distributed Computing, 187–190.","chicago":"Gelashvili, Rati, Eleftherios Kokoris Kogias, Alexander Spiegelman, and Zhuolun Xiang. “Brief Announcement: Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol.” In <i>Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing</i>, 187–90. Association for Computing Machinery, 2021. <a href=\"https://doi.org/10.1145/3465084.3467941\">https://doi.org/10.1145/3465084.3467941</a>.","apa":"Gelashvili, R., Kokoris Kogias, E., Spiegelman, A., &#38; Xiang, Z. (2021). Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. In <i>Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing</i> (pp. 187–190). Virtual, Italy: Association for Computing Machinery. <a href=\"https://doi.org/10.1145/3465084.3467941\">https://doi.org/10.1145/3465084.3467941</a>","ama":"Gelashvili R, Kokoris Kogias E, Spiegelman A, Xiang Z. Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol. In: <i>Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing</i>. Association for Computing Machinery; 2021:187-190. doi:<a href=\"https://doi.org/10.1145/3465084.3467941\">10.1145/3465084.3467941</a>"},"quality_controlled":"1","_id":"10553","article_processing_charge":"No","oa_version":"Preprint","day":"21","department":[{"_id":"ElKo"}],"scopus_import":"1","abstract":[{"text":"The popularity of permissioned blockchain systems demands BFT SMR protocols that are efficient under good network conditions (synchrony) and robust under bad network conditions (asynchrony). The state-of-the-art partially synchronous BFT SMR protocols provide optimal linear communication cost per decision under synchrony and good leaders, but lose liveness under asynchrony. On the other hand, the state-of-the-art asynchronous BFT SMR protocols are live even under asynchrony, but always pay quadratic cost even under synchrony. In this paper, we propose a BFT SMR protocol that achieves the best of both worlds -- optimal linear cost per decision under good networks and leaders, optimal quadratic cost per decision under bad networks, and remains always live.","lang":"eng"}],"date_updated":"2023-09-04T11:42:10Z","main_file_link":[{"open_access":"1","url":"https://arxiv.org/abs/2103.03181"}],"date_created":"2021-12-16T13:20:19Z","external_id":{"arxiv":["2103.03181"],"isi":["000744439800018"]},"author":[{"full_name":"Gelashvili, Rati","first_name":"Rati","last_name":"Gelashvili"},{"last_name":"Kokoris Kogias","first_name":"Eleftherios","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30"},{"full_name":"Spiegelman, Alexander","first_name":"Alexander","last_name":"Spiegelman"},{"full_name":"Xiang, Zhuolun","first_name":"Zhuolun","last_name":"Xiang"}],"title":"Brief announcement: Be prepared when network goes bad: An asynchronous view-change protocol","date_published":"2021-07-21T00:00:00Z","publication":"Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication_status":"published","status":"public","publication_identifier":{"isbn":["9-781-4503-8548-0"]},"keyword":["optimal","state machine replication","fallback","asynchrony","byzantine faults"],"type":"conference","isi":1,"arxiv":1,"month":"07","doi":"10.1145/3465084.3467941","conference":{"start_date":"2021-07-26","end_date":"2021-07-30","location":"Virtual, Italy","name":"PODC: Principles of Distributed Computing"},"page":"187-190","language":[{"iso":"eng"}],"year":"2021","oa":1}]