Accountability (1) Consensus (2) DAG (2) L2 (1) MEV (1) MPC (1) SMR (11) TEE (2) VID (1) VSS (1) accountability (1) accumulators (1) asynchrony (8) bilinear accumulators (1) bilinear maps (1) blockchain (15) blockchain 101 (1) blockchain databases (2) blockchain101 (12) blockchains (1) collision-resistance (1) collision-resistant-hash-function (1) consensus (5) crypto101 (2) cryptography (6) dist101 (60) encrypted search (2) ethereum (1) game_theory (2) hash-function (1) hashing (1) incentives (2) integrity (2) kzg (1) lowerbound (21) lowerbounds (1) merkle-hash-tree (1) models (5) non-equivocation (1) omission (3) one-wayness (1) paxos (1) permissionless (1) polynomials (3) privacy (3) private-set-intersection (3) raft (1) random-oracle (1) randomness (3) range-proofs (1) research (17) responsiveness (1) secret keys (1) secret sharing (5) speculation (1) synchronous protocols (3) workshop (2) zero-knowledge (2)

 Accountability (1)

BFT Protocol Forensics

 Consensus (2)

Shoal++: High Throughput DAG-BFT Can Be Fast!
Sailfish: Improving the Latency of DAG-based BFT

 DAG (2)

Shoal++: High Throughput DAG-BFT Can Be Fast!
Sailfish: Improving the Latency of DAG-based BFT

 L2 (1)

He-HTLC - Revisiting Incentives in HTLC

 MEV (1)

Decentralization of Ethereum Builder Market

 MPC (1)

Asynchronous Agreement on a Core Set

 SMR (11)

The CAP Theorem and why State Machine Replication for Two Servers and One Crash Failure is Impossible in Partial Synchrony
Consensus by Dfinity - Part I
Consensus by Dfinity - Part II (Internet Computer Consensus)
2-round BFT SMR with n=4, f=1
Good-case Latency of Byzantine Broadcast: a Complete Categorization
Resolving the Availability-Finality Dilemma
Commit-Notify Paradigm for Synchronous Consensus with Omission Faults
On the Optimality of Optimistic Responsiveness
Sync HotStuff, A Simple and Practical State Machine Replication
State Machine Replication for Two Servers and One Omission Failure is Impossible even in a lock-step model
Primary-Backup State Machine Replication for Crash Failures

 TEE (2)

Blockchains + TEEs Day 2 Summary
Blockchains + TEEs Day 1 Summary

 VID (1)

What is Verifiable Information Dispersal?

 VSS (1)

Asynchronous Fault Tolerant Computation with Optimal Resilience

 accountability (1)

Can we Obtain Player Replaceability and Forensic Support Simultaneously?

 accumulators (1)

Bilinear Accumulators for Cryptocurrency Enthusiasts

 asynchrony (8)

Gather with Binding and Verifiability
Asynchronous Agreement Part 5: Binary Byzantine Agreement from a strong common coin
Asynchronous Agreement Part 4: Crusader Agreement and Binding Crusader Agreement
Asynchronous Agreement Part Three: a Modern version of Ben-Or's protocol
Asynchronous Agreement Part Two: Ben-Or's protocol
Asynchronous Agreement Part One: Defining the problem
Living with Asynchrony: the Gather protocol
Living with Asynchrony: Bracha's Reliable Broadcast

 bilinear accumulators (1)

Bilinear Accumulators for Cryptocurrency Enthusiasts

 bilinear maps (1)

Bilinear Accumulators for Cryptocurrency Enthusiasts

 blockchain (15)

Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-II
Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-I
Blockchains + TEEs Day 2 Summary
Blockchains + TEEs Day 1 Summary
What is the difference between PBFT, Tendermint, HotStuff, and HotStuff-2?
What are Blockchains Useful for, Really?
Player Replaceability - Towards Adaptive Security and Sub-quadratic Communication Simultaneously (Part II)
Player Replaceability - Towards Adaptive Security and Sub-quadratic Communication Simultaneously (Part I)
He-HTLC - Revisiting Incentives in HTLC
Consensus by Dfinity - Part I
Consensus by Dfinity - Part II (Internet Computer Consensus)
EIP-1559 In Retrospect
Colordag: From always-almost to almost-always 50% selfish mining resilience
Blockchain Resource Pools and a CAP-esque Impossibility Result
Blockchain Selfish Mining

 blockchain 101 (1)

On the Optimality of Optimistic Responsiveness

 blockchain databases (2)

Encrypted Blockchain Databases (Part II)
Encrypted Blockchain Databases (Part I)

 blockchain101 (12)

Simpler Security proof for Nakamoto Consensus
What is a Blockchain?
Nakamoto's Longest-Chain Wins Protocol
Benign Hotstuff
Resolving the Availability-Finality Dilemma
The First Blockchain or How to Time-Stamp a Digital Document
Streamlet: A Simple Textbook Blockchain Protocol
Data, Consensus, Execution: Three Scalability Bottlenecks for State Machine Replication
Security proof for Nakamoto Consensus
A Payment Channel is a two person BFS-SMR system
Dont Trust. Verify. and Checkpoint?
Do Bitcoin and Ethereum have any trusted setup assumptions?

 blockchains (1)

Scaling Blockchains: the Power of Batching

 collision-resistance (1)

What is a Cryptographic Hash Function?

 collision-resistant-hash-function (1)

What is a Merkle Tree?

 consensus (5)

HotStuff-1 and the Prefix Speculation Dilemma in BFT Consensus
Asynchronous Agreement on a Core Set
A new Dolev-Reischuk style Lower Bound
DAG Meets BFT - The Next Generation of BFT Consensus
Safe Permissionless Consensus

 crypto101 (2)

A Simple and Succinct Zero Knowledge Proof
The Trusted Setup Phase

 cryptography (6)

Dining Cryptographers and the additivity of polynomial secret sharing
What is a Merkle Tree?
What is a Cryptographic Hash Function?
Private Set Intersection #2
Bilinear Accumulators for Cryptocurrency Enthusiasts
Private Set Intersection

 dist101 (60)

Divide and Conquer in Distributed Computing - synchronous BFT with quadratic communication via recursive phase king
HotStuff-1 and the Prefix Speculation Dilemma in BFT Consensus
The SAP theorem for storing secret keys
What is Verifiable Information Dispersal?
The CAP Theorem and why State Machine Replication for Two Servers and One Crash Failure is Impossible in Partial Synchrony
$3f+1$ is needed in Partial Synchrony even against a Rollback adversary
Randomization and Consensus - synchronous binary agreement for minority omission failures
Randomization and Consensus - synchronous binary agreement for crash failures with a perfect common coin
Responsiveness under omission failures
Set Replication - fault tolerance without total ordering
What is Responsiveness?
What about Validity?
Two Round HotStuff
Linear PBFT: a gentle introduction to Practical Byzantine Fault Tolerance
From Single-Shot Agreement to State Machine Replication
On Paxos from Recoverable Broadcast
Provable Broadcast
Crusader Broadcast
Phase-King through the lens of Gradecast: A simple unauthenticated synchronous Byzantine Agreement protocol
Approximate Agreement: definitions and the robust midpoint protocol
Asynchronous Agreement Part 5: Binary Byzantine Agreement from a strong common coin
Asynchronous Agreement Part 4: Crusader Agreement and Binding Crusader Agreement
Asynchronous Agreement Part Three: a Modern version of Ben-Or's protocol
Asynchronous Agreement Part Two: Ben-Or's protocol
Asynchronous Agreement Part One: Defining the problem
Consensus cheat sheet
The Ideal State Machine Model: Multiple Clients and Linearizability
Crusader Agreement with $\leq 1/3$ Error is Impossible for $n\leq 3f$ if the Adversary can Simulate
Distributed consensus made simple (for real this time!)
The round complexity of Reliable Broadcast
Information Theoretic HotStuff (IT-HS): Part One
Neither Non-equivocation nor Transferability alone is enough for tolerating minority corruptions in asynchrony
Benign Hotstuff
Living with Asynchrony: the Gather protocol
Raft does not Guarantee Liveness in the face of Network Faults
The Lock-Commit Paradigm: Multi-shot and Mixed Faults
The Lock-Commit Paradigm
Living with Asynchrony: Bracha's Reliable Broadcast
Broadcast from Agreement and Agreement from Broadcast
Commit-Notify Paradigm for Synchronous Consensus with Omission Faults
The Marvels of Polynomials over a Field
Dolev-Strong Authenticated Broadcast
The FLP Impossibility, Asynchronous Consensus Lower Bound via Uncommitted Configurations
Synchronous Consensus Lower Bound via Uncommitted Configurations
Consensus Lower Bounds via Uncommitted Configurations
Sync HotStuff, A Simple and Practical State Machine Replication
State Machine Replication for Two Servers and One Omission Failure is Impossible even in a lock-step model
Primary-Backup State Machine Replication for Crash Failures
A Payment Channel is a two person BFS-SMR system
Flavours of State Machine Replication
Consensus for State Machine Replication
Flavours of Partial Synchrony
The Dolev and Reischuk Lower Bound: Does Agreement need Quadratic Messages?
Byzantine Agreement is Impossible for $n \leq 3 f$ if the Adversary can Simulate
The Trusted Setup Phase
What is Consensus?
Byzantine Agreement is impossible for $n \leq 3 f$ under partial synchrony
The threshold adversary
The power of the adversary
Synchrony, Asynchrony and Partial synchrony
Encrypted Blockchain Databases (Part II)
Encrypted Blockchain Databases (Part I)

 ethereum (1)

EIP-1559 In Retrospect

 game_theory (2)

Colordag: From always-almost to almost-always 50% selfish mining resilience
Blockchain Selfish Mining

 hash-function (1)

What is a Cryptographic Hash Function?

 hashing (1)

What is a Cryptographic Hash Function?

 incentives (2)

He-HTLC - Revisiting Incentives in HTLC
EIP-1559 In Retrospect

 integrity (2)

What is a Merkle Tree?
What is a Cryptographic Hash Function?

 kzg (1)

Range Proofs from Polynomial Commitments, Re-explained

 lowerbound (21)

Consensus tolerating one mobile crash in synchrony or one crash is asynchrony must have infinite executions for the same simple reason
In between Crash and Omission failures
Early Stopping is same but different: two rounds are needed even in failure free executions
The CAP Theorem and why State Machine Replication for Two Servers and One Crash Failure is Impossible in Partial Synchrony
$3f+1$ is needed in Partial Synchrony even against a Rollback adversary
What about Validity?
A new Dolev-Reischuk style Lower Bound
Blockchain Resource Pools and a CAP-esque Impossibility Result
Crusader Agreement with $\leq 1/3$ Error is Impossible for $n\leq 3f$ if the Adversary can Simulate
The round complexity of Reliable Broadcast
Neither Non-equivocation nor Transferability alone is enough for tolerating minority corruptions in asynchrony
Good-case Latency of Byzantine Broadcast: the Synchronous Case
Good-case Latency of Byzantine Broadcast: a Complete Categorization
Asynchronous Fault Tolerant Computation with Optimal Resilience
The FLP Impossibility, Asynchronous Consensus Lower Bound via Uncommitted Configurations
Synchronous Consensus Lower Bound via Uncommitted Configurations
Consensus Lower Bounds via Uncommitted Configurations
State Machine Replication for Two Servers and One Omission Failure is Impossible even in a lock-step model
The Dolev and Reischuk Lower Bound: Does Agreement need Quadratic Messages?
Byzantine Agreement is Impossible for $n \leq 3 f$ if the Adversary can Simulate
Byzantine Agreement is impossible for $n \leq 3 f$ under partial synchrony

 lowerbounds (1)

The SAP theorem for storing secret keys

 merkle-hash-tree (1)

What is a Merkle Tree?

 models (5)

In between Crash and Omission failures
The Trusted Setup Phase
The threshold adversary
The power of the adversary
Synchrony, Asynchrony and Partial synchrony

 non-equivocation (1)

Neither Non-equivocation nor Transferability alone is enough for tolerating minority corruptions in asynchrony

 omission (3)

Responsiveness under omission failures
From Single-Shot Agreement to State Machine Replication
On Paxos from Recoverable Broadcast

 one-wayness (1)

What is a Cryptographic Hash Function?

 paxos (1)

Distributed consensus made simple (for real this time!)

 permissionless (1)

Safe Permissionless Consensus

 polynomials (3)

The Fast Fourier Transform over finite fields
Bilinear Accumulators for Cryptocurrency Enthusiasts
Range Proofs from Polynomial Commitments, Re-explained

 privacy (3)

Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-II
Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-I
Pairing-based Anonymous Credentials and the Power of Re-randomization

 private-set-intersection (3)

The Private Set Intersection (PSI) Protocol of the Apple CSAM Detection System
Private Set Intersection #2
Private Set Intersection

 raft (1)

Raft does not Guarantee Liveness in the face of Network Faults

 random-oracle (1)

What is a Cryptographic Hash Function?

 randomness (3)

Randomization and Consensus - synchronous binary agreement for minority omission failures
Randomization and Consensus - synchronous binary agreement for crash failures with a perfect common coin
Pairing-based Anonymous Credentials and the Power of Re-randomization

 range-proofs (1)

Range Proofs from Polynomial Commitments, Re-explained

 research (17)

Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-II
Can we Obtain Privacy in a Private Proof-of-Stake Blockchain? Part-I
Can we Obtain Player Replaceability and Forensic Support Simultaneously?
Asynchronous Agreement Part 5: Binary Byzantine Agreement from a strong common coin
Asynchronous Agreement Part 4: Crusader Agreement and Binding Crusader Agreement
Asynchronous Agreement Part Three: a Modern version of Ben-Or's protocol
Blockchain Resource Pools and a CAP-esque Impossibility Result
Good-case Latency of Rotating Leader Synchronous BFT
The round complexity of Reliable Broadcast
Optimal Communication Complexity of Authenticated Byzantine Agreement
2-round BFT SMR with n=4, f=1
Good-case Latency of Byzantine Broadcast: a Complete Categorization
BFT Protocol Forensics
Resolving the Availability-Finality Dilemma
On the Optimality of Optimistic Responsiveness
Sync HotStuff, A Simple and Practical State Machine Replication
What is the difference between PBFT, Tendermint, SBFT and HotStuff ?

 responsiveness (1)

Responsiveness under omission failures

 secret keys (1)

The SAP theorem for storing secret keys

 secret sharing (5)

Dining Cryptographers and the additivity of polynomial secret sharing
The BGW Verifiable Secret Sharing Protocol
Polynomial Secret Sharing with crash failures
Polynomial Secret Sharing and the Lagrange Basis
The Marvels of Polynomials over a Field

 speculation (1)

HotStuff-1 and the Prefix Speculation Dilemma in BFT Consensus

 synchronous protocols (3)

Good-case Latency of Rotating Leader Synchronous BFT
Optimal Communication Complexity of Authenticated Byzantine Agreement
Good-case Latency of Byzantine Broadcast: the Synchronous Case

 workshop (2)

Blockchains + TEEs Day 2 Summary
Blockchains + TEEs Day 1 Summary

 zero-knowledge (2)

A Simple and Succinct Zero Knowledge Proof
Range Proofs from Polynomial Commitments, Re-explained