Achieving low-latency consensus in geographically distributed systems remains a key challenge for blockchain and distributed database applications. To this end, there has been significant recent interest in State-Machine-Replication (SMR) protocols that achieve 2-round finality under the assumption that $5f+1\leq n$, where $n$ is the number of processors and $f$ bounds the number of processors that may exhibit Byzantine faults. In these protocols, instructions are organised into views, each led by a different designated leader, and 2-round finality means that a leader’s proposal can be finalised after just a single round of voting, meaning two rounds overall (one round for the proposal and one for voting).

In this paper, we introduce Minimmit, a Byzantine-fault-tolerant SMR protocol with lower latency than previous 2-round finality approaches.  Our key insight is that view progression and transaction finality can operate on different quorum thresholds without compromising safety or liveness. Experiments simulating a globally distributed network of 50 processors, uniformly assigned across ten virtual regions, show that the approach leads to a 17% reduction in transaction latency compared to the state-of-the-art.

Joint work with Brendan Kobayashi Chou and Patrick O’Grady.

Here is the pdf.

Snowman is the consensus protocol used by blockchains on Avalanche. Recent work of ours has shown both how to augment Snowman with a `liveness’ module called `Frosty’ that protects against liveness attacks, and also how to modify Snowman so as to be consistent in partial synchrony. Since Frosty assumes (a strong form of) synchrony, the aim of this note is to show how to modify Frosty to deal with the partially synchronous version of Snowman.

Joint work with Stephen Buttolph and Kevin Sekniqi. Here is the pdf.

This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the consequent proof-of-stake protocol also satisfies that property in the partially synchronous and quasi-permissionless setting (with the same fault-tolerance): consistency; liveness; optimistic responsiveness; every composable log-specific property; and message complexity of a given order. Moreover, our transformation ensures that the output protocol satisfies accountability (identifying culprits in the event of a consistency violation), whether or not the original permissioned protocol satisfied it.

Joint work with Jovan Komatovic, Joachim Neu, Tim Roughgarden, Ertem Nusret Tas

Here is the pdf (AFT 2025).

Grassroots platforms aim to offer an egalitarian alternative to global platforms — centralized/autocratic and decentralized/plutocratic alike. Within the grassroots architecture, consensus is needed to realize platforms that employ digital social contracts, which are like smart contracts except that they are among people not accounts and are executed by these people’s smartphones not by high-performance servers controlled by parties outside to the contract. Key envisioned grassroots platforms include sovereign democratic digital communities and federations, community banks and their grassroots cryptocurrencies, and digital cooperatives.
The grassroots architecture can benefit from a consensus protocol that is (i) quiescent, (ii) efficient during low- and high-throughput, (iii) responsive, (iv) blocklace-based, (v) UDP-ready, and (vi) grassroots. The Grassroots Consensus protocol addresses all these requirements while having competitive performance in both low- and high-throughput scenarios and being one of the most concise and elegant consensus protocols for partial synchrony. It achieves that by building on two cutting-edge consensus protocols — the quiescent high-performance Morpheus and the blocklace-based Cordial Miners, improving the latter’s dissemination protocol and making it UDP-ready, and extending the protocol with a constitution and a constitutional amendment component, making it grassroots.

Joint work with Idit Keidar and Ehud Shapiro. Here is the pdf.

Safety and liveness are the two classical security properties of consensus protocols. Recent works have strengthened safety with accountability: should any safety violation occur, a sizable fraction of adversary nodes can be proven to be protocol violators. This paper studies to what extent analogous accountability guarantees are achievable for liveness. To reveal the full complexity of this question, we introduce an interpolation between the classical synchronous and partially-synchronous models that we call the x-partially-synchronous network model in which, intuitively, at most an x fraction of the time steps in any sufficiently long interval are asynchronous (and, as with a partially-synchronous network, all time steps are synchronous following the passage of an unknown “global stablization time”). We prove a precise characterization of the parameter regime in which accountable liveness is achievable: if and only if x<1/2 and f<n/2, where n denotes the number of nodes and f the number of nodes controlled by an adversary. We further refine the problem statement and our analysis by parameterizing by the number of violating nodes identified following a liveness violation, and provide evidence that the guarantees achieved by our protocol are near-optimal (as a function of x and f). Our results provide rigorous foundations for liveness-accountability heuristics such as the “inactivity leaks” employed in Ethereum.

Joint work with Joachim Neu, Tim Roughgarden, Luca Zanolini.

Accountable liveness, pdf, (CCS 2025).

Byzantine fault-tolerant (BFT) state machine replication (SMR) protocols form the basis of modern blockchains as they maintain a consistent state across all blockchain nodes while tolerating a bounded number of Byzantine faults. We analyze BFT SMR in the excessive fault setting where the actual number of Byzantine faults surpasses a protocol’s tolerance. We start by devising the very first repair algorithm for linearly chained and quorum-based partially synchronous SMR to recover from faulty states caused by excessive faults. Such a procedure can be realized using any commission fault detection module — an algorithm that identifies the faulty replicas without falsely locating any correct replica. We achieve this with a slightly weaker liveness guarantee, as the original security notion is impossible to satisfy given excessive faults. We implement recoverable HotStuff in Rust. The throughput resumes to the normal level (without excessive faults) after recovery routines terminate for 7 replicas and is slightly reduced by ≤4.3% for 30 replicas. On average, it increases the latency by 12.87% for 7 replicas and 8.85% for 30 replicas. Aside from adopting existing detection modules, we also establish the sufficient condition for a general BFT SMR protocol to allow for complete and sound fault detection when up to (n−2) Byzantine replicas (out of n total replicas) attack safety. We start by providing the first closed-box fault detection algorithm for any SMR protocol without any extra rounds of communication. We then describe open-box instantiations of our fault detection routines in Tendermint and Hotstuff, further reducing the overhead, both asymptotically and concretely.

Joint work with Tiantian Gong, Gustavo Franco Camilo, Kartik Nayak, and Aniket Kate.

Here is the pdf (USENIX Security 2025).

Recent research in consensus has often focussed on protocols for State-Machine-Replication (SMR) that can handle high throughputs. Such state-of-the-art protocols (generally DAG-based) induce undue overhead when the needed throughput is low, or else exhibit unnecessarily-poor latency and communication complexity during periods of low throughput.

Here we present Morpheus Consensus, which naturally morphs from a quiescent low-throughput leaderless blockchain protocol to a high-throughput leader-based DAG protocol and back, excelling in latency and complexity in both settings. During high-throughout, Morpheus pars with state-of-the-art DAG-based protocols, including Autobahn.  During low-throughput, Morpheus exhibits competitive complexity and lower latency than standard protocols such as PBFT and Tendermint, which in turn do not perform well during high-throughput. 

The key idea of Morpheus is that as long as blocks do not conflict (due to Byzantine behaviour, network delays, or high-throughput simultaneous production) it produces a forkless blockchain, promptly finalizing each block upon arrival.  It assigns a leader only if one is needed to resolve conflicts, in a manner and with performance not unlike Autobahn.

Morpheus, pdf. This is joint work with Ehud Shapiro (OPODIS 25)

Snowman is the consensus protocol run by blockchains on Avalanche. Recent work of ours established a rigorous proof of probabilistic consistency for Snowman in the synchronous setting, under the simplifying assumption that correct processes execute sampling rounds in `lockstep’. In this paper, we describe a modification of the protocol that ensures consistency in the partially synchronous setting, and when correct processes carry out successive sampling rounds at their own speed, with the time between sampling rounds determined by local message delays.

Joint work with Aaron Buchwald, Stephen Buttolph, and Kevin Sekniqi.

Snowman for partial synchrony, pdf.