Decentralized Thoughts is a group blog on decentralization, by decentralized thinkers, for decentralized thoughts, of decentralized matters. Decentralized Thoughts is a group blog on decentralization, by decentralized thinkers, for decentralized thoughts, of decentralized matters.

Verifiable Multi-Exponentiation and Multi-Scalar Multiplication (MSM)

Posted on February 14, 2025, by Benny Pinkas

Multi-exponentiations and multi-scalar multiplications (MSMs) are computations that are widely used in cryptographic proof systems, mostly in proof generation and proof verification. This note outlines an efficient method for verifying the results of these computations, which opens the door to outsourcing them. In particular, by employing this technique it is possible to have the prover in a cryptographic proof system perform a significant portion of the computation that is usually... [Read More]
Tags: MSM

Practical Byzantine Fault Tolerant Consensus (PBFT)

Posted on February 14, 2025, by Kartik Nayak, Ittai Abraham

In this post, we will present (a variant of) PBFT, which is the first practical solution to Byzantine fault tolerant state machine replication under partial synchrony. The protocol follows the key ideas presented in the previous post on partial synchrony. [Read More]
Tags: BFT dist101

Key Principles Underlying Partial Synchrony BFT

Posted on February 14, 2025, by Kartik Nayak, Ittai Abraham

Many blockchain protocols work under partial synchrony. Examples include PBFT, SBFT, Cosmos (Tendermint), Diem (DiemBFT), Jolteon, Espresso Systems (HotStuff), Dfinity (Internet Computer Consensus) and Ethereum (Casper). [Read More]
Tags: BFT dist101

The SAP theorem for storing secret keys

Posted on August 9, 2024, by Marwa Mouallem, Ittay Eyal, Ittai Abraham

Public key cryptography (PKC) is a fundamental technology that is a key enabler to the Internet and the whole client-server paradigm. Without public key cryptography there would be no cryptocurrencies, no online bank accounts, no online retail, etc. [Read More]
Tags: dist101 secret keys lowerbounds

What is Verifiable Information Dispersal?

Posted on August 8, 2024, by Ittai Abraham, Kartik Nayak, Ling Ren, Gilad Stern

Verifiable Information Dispersal (or VID) has its roots in the work of Michael Rabin, 1989 which introduced the notion of Information Dispersal (ID). Adding verifiability (referred to as binding in this post) to obtain VIDs was done by Garay, Gennaro, Jutla, and Rabin, 1998 (called SSRI). Cachin and Tessaro, 2004 introduced the notion of Asynchronous VID (or AVID). See LDDRVXG21 for the state-of-the-art. [Read More]
Tags: dist101 VID

Shoal++: High Throughput DAG-BFT Can Be Fast!

Posted on June 12, 2024, by Balaji Arun, Zekun Li, Florian Suri-Payer, Sourav Das, Alexander Spiegelman

TL;DR: Shoal++ is a novel DAG-BFT system that supercharges Shoal to achieve near-optimal theoretical latency while preserving the high throughput and robustness of state-of-the-art certified DAG BFT protocols. [Read More]
Tags: Consensus DAG

Sailfish: Improving the Latency of DAG-based BFT

Posted on May 23, 2024, by Nibesh Shrestha, Kartik Nayak

In this blog post, we will explain the core ideas behind Sailfish, a latency-efficient DAG-based protocol. In essence, Sailfish is a reliable-broadcast (RBC) based DAG protocol that supports leaders in every RBC round. It commits leader vertices within 1RBC + $\delta$ time and non-leader vertices within 2RBC + $\delta$ time, outperforming the state-of-the-art in terms of these latencies (where $\delta$ represents the actual network delay). [Read More]
Tags: Consensus DAG

Early Stopping is same but different: two rounds are needed even in failure free executions

Posted on January 28, 2024, by Ittai Abraham and Gilad Stern

Many systems try to optimize executions that are failure free. If we absolutely knew that there will be no failures, parties could simply send each other messages with our inputs and reach consensus by outputting, say, the majority value. Thus completing the protocol after one round. What happens if there may be a crash failure? Say you have 100 servers and at most one can crash, can you devise a... [Read More]
Tags: lowerbound

Gather with Binding and Verifiability

Posted on January 9, 2024, by Gilad Stern and Ittai Abraham

We extend the Gather protocol with two important properties: Binding and Verifiability. This post is based on and somewhat simplifies the information theoretic gather protocol in our recent ACS work with Gilad Asharov and Arpita Patra. [Read More]
Tags: asynchrony

Simpler Security proof for Nakamoto Consensus

Posted on October 30, 2023, by Ling Ren

Four years ago (time flies!), I made a post on a simple security proof for Nakamoto consensus. While the proof intuition, as outlined in that post, is still reasonably simple, the actual proof has become quite delicate and crafty over the years. What happened was that some colleagues – Chen Feng at UBC and Dongning Guo at Northwestern – identified very subtle flaws in the proof, and clever mathematical maneuvers... [Read More]
Tags: blockchain101

The Fast Fourier Transform over finite fields

Posted on September 1, 2023, by Ittai Abraham

The Fast Fourier Transform (FFT) developed by Cooley and Tukey in 1965 has its origins in the work of Gauss. The FFT, its variants and extensions to finite fields, are a fundamental algorithmic tool and a beautiful example of interplay between algebra and combinatorics. There are many great resources on FFT, see ingopedia’s curated list. [Read More]
Tags: polynomials