SoK: A Consensus Taxonomy in the Blockchain Era

  • Juan GarayEmail author
  • Aggelos Kiayias
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12006)


Consensus is arguably one of the most fundamental problems in distributed computing, playing also an important role in the area of cryptographic protocols as the enabler of a secure broadcast functionality. While the problem has a long and rich history and has been analyzed from many different perspectives, recently, with the advent of blockchain protocols like Bitcoin, it has experienced renewed interest from a much wider community of researchers and has seen its application expand to various novel settings.

One of the main issues in consensus research is the many different variants of the problem that exist as well as the various ways the problem behaves when different setup, computational assumptions and network models are considered. In this work we perform a systematization of knowledge in the landscape of consensus research in the Byzantine failure model starting with the original formulation in the early 1980s up to the present blockchain-based new class of consensus protocols. Our work is a roadmap for studying the consensus problem under its many guises, classifying the way it operates in the various settings and highlighting the exciting new applications that have emerged in the blockchain era.


  1. 1.
    Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2007), Providence, RI, USA, 20–23 October 2007. IEEE Computer Society (2007)Google Scholar
  2. 2.
    Abraham, I., Dolev, D.: Byzantine agreement with optimal early stopping, optimal resilience and polynomial complexity. In: Servedio, R.A., Rubinfeld, R. (eds.) Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 605–614. ACM (2015)Google Scholar
  3. 3.
    Abraham, I., Dolev, D., Halpern, J.Y.: An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience. In: Bazzi, R.A., Patt-Shamir, B. (eds.) Proceedings of the Twenty-Seventh Annual ACM Symposium on Principles of Distributed Computing, PODC 2008, Toronto, Canada, 18–21 August 2008, pp. 405–414. ACM (2008)Google Scholar
  4. 4.
    Alchieri, E.A.P., Bessani, A.N., da Silva Fraga, J., Greve, F.: Byzantine consensus with unknown participants. In: Baker, T.P., Bui, A., Tixeuil, S. (eds.) OPODIS 2008. LNCS, vol. 5401, pp. 22–40. Springer, Heidelberg (2008). Scholar
  5. 5.
    Andrychowicz, M., Dziembowski, S.: PoW-based distributed cryptography with no trusted setup. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 379–399. Springer, Heidelberg (2015). Scholar
  6. 6.
    Aspnes, J., Jackson, C., Krishnamurthy, A.: Exposing computationally-challenged Byzantine impostors. Technical report YALEU/DCS/TR-1332, Yale University Department of Computer Science, July 2005Google Scholar
  7. 7.
    Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 913–930. ACM (2018)Google Scholar
  8. 8.
    Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz and Shacham [83], pp. 324–356Google Scholar
  9. 9.
    Bangalore, L., Choudhury, A., Patra, A.: Almost-surely terminating asynchronous byzantine agreement revisited. In: Newport, C., Keidar, I. (eds.) Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing, PODC 2018, Egham, United Kingdom, 23–27 July 2018, pp. 295–304. ACM (2018)Google Scholar
  10. 10.
    Bano, S., et al.: Consensus in the age of blockchains. CoRR, abs/1711.03936 (2017)Google Scholar
  11. 11.
    Bar-Noy, A., Dolev, D., Dwork, C., Strong, H.R.: Shifting gears: changing algorithms on the fly to expedite byzantine agreement. Inf. Comput. 97(2), 205–233 (1992)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: Miller [94], pp. 479–488Google Scholar
  13. 13.
    Beimel, A., Franklin, M.K.: Reliable communication over partially authenticated networks. Theor. Comput. Sci. 220(1), 185–210 (1999)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, 3–5 November 1993, pp. 62–73 (1993)Google Scholar
  15. 15.
    Ben-Or, M.: Another advantage of free choice: completely asynchronous agreement protocols (extended abstract). In: Probert, R.L., Lynch, N.A., Santoro, N. (eds.) PODC, pp. 27–30. ACM (1983)Google Scholar
  16. 16.
    Ben-Or, M., Canetti, R., Goldreich, O.: Asynchronous secure computation. In Kosaraju et al. [86], pp. 52–61Google Scholar
  17. 17.
    Ben-Or, M., El-Yaniv, R.: Resilient-optimal interactive consistency in constant time. Distrib. Comput. 16(4), 249–262 (2003)CrossRefGoogle Scholar
  18. 18.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract), pp. 1–10 (1988)Google Scholar
  19. 19.
    Bentov, I., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. IACR Cryptology ePrint Archive, 2016:919 (2016)Google Scholar
  20. 20.
    Berman, P., Garay, J.A., Perry, K.J.: Bit optimal distributed consensus. In: Baeza-Yates, R., Manber, U. (eds.) Computer Science, pp. 313–321. Springer, Boston (1992). Scholar
  21. 21.
    Berman, P., Garay, J.A., Perry, K.J.: Optimal early stopping in distributed consensus. In: Segall, A., Zaks, S. (eds.) WDAG 1992. LNCS, vol. 647, pp. 221–237. Springer, Heidelberg (1992). Scholar
  22. 22.
    Bitansky, N., Goldwasser, S., Jain, A., Paneth, O., Vaikuntanathan, V., Waters, B.: Time-lock puzzles from randomized encodings. In: Sudan, M. (ed.) Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science, Cambridge, MA, USA, 14–16 January 2016, pp. 345–356. ACM (2016)Google Scholar
  23. 23.
    Borcherding, M.: Levels of authentication in distributed agreement. In: Babaoğlu, Ö., Marzullo, K. (eds.) WDAG 1996. LNCS, vol. 1151, pp. 40–55. Springer, Heidelberg (1996). Scholar
  24. 24.
    Bracha, G.: An asynchronou [(n-1)/3]-resilient consensus protocol. In: Kameda, T., Misra, J., Peters, J.G., Santoro, N. (eds.) Proceedings of the Third Annual ACM Symposium on Principles of Distributed Computing, Vancouver, B. C., Canada, 27–29 August 1984, pp. 154–162. ACM (1984)Google Scholar
  25. 25.
    Cachin, C., Guerraoui, R., Rodrigues, L.: Introduction to Reliable and Secure Distributed Programming, 2nd edn. Springer, Heidelberg (2011). Scholar
  26. 26.
    Cachin, C., Kursawe, K., Petzold, F., Shoup, V.: Secure and efficient asynchronous broadcast protocols. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 524–541. Springer, Heidelberg (2001). Scholar
  27. 27.
    Cachin, C., Kursawe, K., Shoup, V.: Random oracles in constantinople: practical asynchronous byzantine agreement using cryptography. J. Cryptol. 18(3), 219–246 (2005)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Canetti, R.: Studies in secure multiparty computation and applications. Ph.D. thesis, Weizmann Institute of Science (1996)Google Scholar
  29. 29.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, 14–17 October 2001, pp. 136–145. IEEE Computer Society (2001)Google Scholar
  31. 31.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: Miller [94], pp. 639–648Google Scholar
  32. 32.
    Canetti, R., Pass, R., Shelat, A.: Cryptography from sunspots: how to use an imperfect reference string. In: 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2007), Providence, RI, USA, 20–23 October 2007, Proceedings [1], pp. 249–259Google Scholar
  33. 33.
    Canetti, R., Rabin, T.: Fast asynchronous byzantine agreement with optimal resilience. In: Kosaraju et al. [86], pp. 42–51Google Scholar
  34. 34.
    Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002)CrossRefGoogle Scholar
  35. 35.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  36. 36.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (abstract) (informal contribution), p. 462 (1987)Google Scholar
  37. 37.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, 2–4 May 1988, pp. 11–19. ACM (1988)Google Scholar
  38. 38.
    Chen, J., Micali, S.: Algorand: a secure and efficient distributed ledger. Theor. Comput. Sci. 777, 155–183 (2019)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Chor, B., Dwork, C.: Randomization in byzantine agreement. Adv. Comput. Res. 5, 443–497 (1989)Google Scholar
  40. 40.
    Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, 21–23 October 1985, pp. 383–395. IEEE Computer Society (1985)Google Scholar
  41. 41.
    Coan, B.A., Welch, J.L.: Modular construction of nearly optimal byzantine agreement protocols. In: Rudnicki, P. (ed.) Proceedings of the Eighth Annual ACM Symposium on Principles of Distributed Computing, Edmonton, Alberta, Canada, 14–16 August 1989, pp. 295–305. ACM (1989)Google Scholar
  42. 42.
    Cohen, R., Coretti, S., Garay, J., Zikas, V.: Probabilistic termination and composability of cryptographic protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 240–269. Springer, Heidelberg (2016). Scholar
  43. 43.
    Considine, J., Fitzi, M., Franklin, M., Levin, L.A., Maurer, U., Metcalf, D.: Byzantine agreement given partial broadcast. J. Cryptol. 18(3), 191–217 (2005)MathSciNetCrossRefGoogle Scholar
  44. 44.
    Coretti, S., Garay, J., Hirt, M., Zikas, V.: Constant-round asynchronous multi-party computation based on one-way functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 998–1021. Springer, Heidelberg (2016). Scholar
  45. 45.
    David, B., Gazi, P., Kiayias, A., Russell, A.: Ouroboros praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain. In: Nielsen and Rijmen [100], pp. 66–98Google Scholar
  46. 46.
    Dold, F., Grothoff, C.: Byzantine set-union consensus using efficient set reconciliation. EURASIP J. Inf. Secur. 2017(1), 14 (2017)CrossRefGoogle Scholar
  47. 47.
    Dolev, D., Reischuk, R.: Bounds on information exchange for byzantine agreement. J. ACM 32(1), 191–204 (1985)MathSciNetCrossRefGoogle Scholar
  48. 48.
    Dolev, D., Reischuk, R., Strong, H.R.: Early stopping in byzantine agreement. J. ACM 37(4), 720–741 (1990)MathSciNetCrossRefGoogle Scholar
  49. 49.
    Dolev, D., Strong, H.R.: Authenticated algorithms for Byzantine agreement. SIAM J. Comput. 12(4), 656–666 (1983)MathSciNetCrossRefGoogle Scholar
  50. 50.
    Dwork, C., Lynch, N.A., Stockmeyer, L.J.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988)MathSciNetCrossRefGoogle Scholar
  51. 51.
    Dwork, C., Moses, Y.: Knowledge and common knowledge in a byzantine environment: crash failures. Inf. Comput. 88(2), 156–186 (1990)MathSciNetCrossRefGoogle Scholar
  52. 52.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993). Scholar
  53. 53.
    Dwork, C., Peleg, D., Pippenger, N., Upfal, E.: Fault tolerance in networks of bounded degree. SIAM J. Comput. 17(5), 975–988 (1988)MathSciNetCrossRefGoogle Scholar
  54. 54.
    Feldman, P.: Optimal algorithms for Byzantine agreement. Ph.D. thesis, Massachusetts Institute of Technology (1988)Google Scholar
  55. 55.
    Feldman, P., Micali, S.: An optimal probabilistic protocol for synchronous Byzantine agreement. SIAM J. Comput. 26(4), 873–933 (1997)MathSciNetCrossRefGoogle Scholar
  56. 56.
    Fischer, M.J., Lynch, N.A.: A lower bound for the time to assure interactive consistency. Inf. Process. Lett. 14(4), 183–186 (1982)MathSciNetCrossRefGoogle Scholar
  57. 57.
    Fischer, M.J., Lynch, N.A., Merritt, M.: Easy impossibility proofs for distributed consensus problems. Distrib. Comput. 1(1), 26–39 (1986)CrossRefGoogle Scholar
  58. 58.
    Fischer, M.J., Lynch, N.A., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)MathSciNetCrossRefGoogle Scholar
  59. 59.
    Fitzi, M.: Generalized communication and security models in Byzantine agreement. Ph.D. thesis, ETH Zurich, Zürich, Switzerland (2003)Google Scholar
  60. 60.
    Fitzi, M., Garay, J.A.: Efficient player-optimal protocols for strong and differential consensus. In: PODC, pp. 211–220 (2003)Google Scholar
  61. 61.
    Fitzi, M., Hirt, M.: Optimally efficient multi-valued byzantine agreement. In: Ruppert, E., Malkhi, D. (eds.) Proceedings of the Twenty-Fifth Annual ACM Symposium on Principles of Distributed Computing, PODC 2006, Denver, CO, USA, 23–26 July 2006, pp. 163–168. ACM (2006)Google Scholar
  62. 62.
    Ganesh, C., Patra, A.: Broadcast extensions with optimal communication and round complexity. In: Giakkoupis, G. (ed.) Proceedings of the 2016 ACM Symposium on Principles of Distributed Computing, PODC 2016, Chicago, IL, USA, 25–28 July 2016, pp. 371–380. ACM (2016)Google Scholar
  63. 63.
    Garay, J.A., Katz, J., Koo, C., Ostrovsky, R.: Round complexity of authenticated broadcast with a dishonest majority. In: 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2007), Providence, RI, USA, 20–23 October 2007, Proceedings [1], pp. 658–668Google Scholar
  64. 64.
    Garay, J.A., Katz, J., Kumaresan, R., Zhou, H.: Adaptively secure broadcast, revisited. In: Gavoille, C., Fraigniaud, P. (eds.) Proceedings of the 30th Annual ACM Symposium on Principles of Distributed Computing, PODC 2011, San Jose, CA, USA, 6–8 June 2011, pp. 179–186. ACM (2011)Google Scholar
  65. 65.
    Garay, J.A., Kiayias, A.: SoK: a consensus taxonomy in the blockchain era. IACR Cryptology ePrint Archive, 2018:754 (2018)Google Scholar
  66. 66.
    Garay, J.A., Kiayias, A., Leonardos, N.: The Bitcoin Backbone Protocol: Analysis and Applications. IACR Cryptology ePrint Archive, 2014:765 (2014)Google Scholar
  67. 67.
    Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). Scholar
  68. 68.
    Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz and Shacham [83], pp. 291–323Google Scholar
  69. 69.
    Garay, J.A., Kiayias, A., Leonardos, N., Panagiotakos, G.: Bootstrapping the blockchain - directly. IACR Cryptology ePrint Archive, 2016:991 (2016)Google Scholar
  70. 70.
    Garay, J.A., Kiayias, A., Leonardos, N., Panagiotakos, G.: Bootstrapping the blockchain, with applications to consensus and fast PKI setup. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part II. LNCS, vol. 10770, pp. 465–495. Springer, Cham (2018). Scholar
  71. 71.
    Garay, J.A., Kiayias, A., Panagiotakos, G.: Proofs of work for blockchain protocols. IACR Cryptology ePrint Archive, 2017:775 (2017)Google Scholar
  72. 72.
    Garay, J.A., Moses, Y.: Fully polynomial byzantine agreement for n > 3t processors in t + 1 rounds. SIAM J. Comput. 27(1), 247–290 (1998)MathSciNetCrossRefGoogle Scholar
  73. 73.
    Garay, J.A., Perry, K.J.: A continuum of failure models for distributed computing. In: Segall, A., Zaks, S. (eds.) WDAG 1992. LNCS, vol. 647, pp. 153–165. Springer, Heidelberg (1992). Scholar
  74. 74.
    Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles, Shanghai, China, 28–31 October 2017, pp. 51–68. ACM (2017)Google Scholar
  75. 75.
    Golan-Gueta, G., et al.: SBFT: a scalable decentralized trust infrastructure for blockchains. CoRR, abs/1804.01626 (2018)Google Scholar
  76. 76.
    Goldreich, O.: The Foundations of Cryptography - Volume 1, Basic Techniques. Cambridge University Press, Cambridge (2001)Google Scholar
  77. 77.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract), pp. 174–187 (1986)Google Scholar
  78. 78.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, New York, USA, pp. 218–229. ACM (1987)Google Scholar
  79. 79.
    Halevi, S., Lindell, Y., Pinkas, B.: Secure computation on the web: computing without simultaneous interaction. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 132–150. Springer, Heidelberg (2011). Scholar
  80. 80.
    Hirt, M., Raykov, P.: Multi-valued byzantine broadcast: the t \(<\) n case. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874. Springer, Heidelberg (2014). Scholar
  81. 81.
    Hirt, M., Zikas, V.: Adaptively secure broadcast. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 466–485. Springer, Heidelberg (2010). Scholar
  82. 82.
    Katz, J., Koo, C.-Y.: On expected constant-round protocols for Byzantine agreement. J. Comput. Syst. Sci. 75(2), 91–112 (2009)MathSciNetCrossRefGoogle Scholar
  83. 83.
    Katz, J., Shacham, H. (eds.): CRYPTO 2017, Part I. LNCS, vol. 10401. Springer, Cham (2017). Scholar
  84. 84.
    Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz and Shacham [83], pp. 357–388Google Scholar
  85. 85.
    King, V., Saia, J.: Byzantine agreement in expected polynomial time. J. ACM 63(2), 13:1–13:21 (2016)MathSciNetCrossRefGoogle Scholar
  86. 86.
    Kosaraju, S.R., Johnson, D.S., Aggarwal, A. (eds.): Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, San Diego, CA, USA, 16–18 May 1993. ACM (1993)Google Scholar
  87. 87.
    Kursawe, K., Shoup, V.: Optimistic asynchronous atomic broadcast. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 204–215. Springer, Heidelberg (2005). Scholar
  88. 88.
    Lamport, L., Shostak, R.E., Pease, M.C.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)CrossRefGoogle Scholar
  89. 89.
    Lindell, Y., Lysyanskaya, A., Rabin, T.: On the composition of authenticated byzantine agreement. J. ACM 53(6), 881–917 (2006)MathSciNetCrossRefGoogle Scholar
  90. 90.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc., San Francisco (1996)zbMATHGoogle Scholar
  91. 91.
    Micali, S.: ALGORAND: the efficient and democratic ledger. CoRR, abs/1607.01341 (2016) Google Scholar
  92. 92.
    Miller, A., LaViola, J.J.: Anonymous Byzantine consensus from moderately-hard puzzles: a model for bitcoin. University of Central Florida. Tech report, CS-TR-14-01, April 2014Google Scholar
  93. 93.
    Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of BFT protocols. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 31–42. ACM (2016)Google Scholar
  94. 94.
    Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996. ACM (1996)Google Scholar
  95. 95.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008).
  96. 96.
    Nakamoto, S.: The proof-of-work chain is a solution to the Byzantine Generals’ problem. The Cryptography Mailing List, November 2008.
  97. 97.
    Nakamoto, S.: Bitcoin open source implementation of p2p currency, February 2009.
  98. 98.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, 14–17 May 1989, pp. 33–43. ACM (1989)Google Scholar
  99. 99.
    Neiger, G.: Distributed consensus revisited. Inf. Process. Lett. 49(4), 195–201 (1994)CrossRefGoogle Scholar
  100. 100.
    Nielsen, J.B., Rijmen, V. (eds.): EUROCRYPT 2018, Part II. LNCS, vol. 10821. Springer, Cham (2018). Scholar
  101. 101.
    Okun, M.: Agreement among unacquainted byzantine generals. In: Fraigniaud, P. (ed.) DISC 2005. LNCS, vol. 3724, pp. 499–500. Springer, Heidelberg (2005). Scholar
  102. 102.
    Okun, M.: Distributed computing among unacquainted processors in the presence of Byzantine failures. Ph.D. thesis, Hebrew University of Jerusalem (2005)Google Scholar
  103. 103.
    Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). Scholar
  104. 104.
    Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017). Scholar
  105. 105.
    Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen and Rijmen [100], pp. 3–33Google Scholar
  106. 106.
    Patra, A.: Error-free multi-valued broadcast and byzantine agreement with optimal communication complexity. In: Fernàndez Anta, A., Lipari, G., Roy, M. (eds.) OPODIS 2011. LNCS, vol. 7109, pp. 34–49. Springer, Heidelberg (2011). Scholar
  107. 107.
    Patra, A., Choudhury, A., Rangan, C.P.: Asynchronous byzantine agreement with optimal resilience. Distrib. Comput. 27(2), 111–146 (2014)MathSciNetCrossRefGoogle Scholar
  108. 108.
    Pease, M.C., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (1980)MathSciNetCrossRefGoogle Scholar
  109. 109.
    Pfitzmann, B., Waidner, M.: Unconditional byzantine agreement for any number of faulty processors. In: STACS, vol. 577, pp. 339–350. Springer, Heidelberg (1992)Google Scholar
  110. 110.
    Rabin, M.O.: Randomized byzantine generals. In: FOCS, pp. 403–409. IEEE Computer Society (1983)Google Scholar
  111. 111.
    Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. 22(4), 299–319 (1990)CrossRefGoogle Scholar
  112. 112.
    Stifter, N., Judmayer, A., Schindler, P., Zamyatin, A., Weippl, E.R.: Agreement with satoshi - on the formalization of nakamoto consensus. IACR Cryptology ePrint Archive, 2018:400 (2018)Google Scholar
  113. 113.
    Turpin, R., Coan, B.A.: Extending binary byzantine agreement to multivalued byzantine agreement. Inf. Process. Lett. 18(2), 73–76 (1984)CrossRefGoogle Scholar
  114. 114.
    Upfal, E.: Tolerating linear number of faults in networks of bounded degree. In: Hutchinson, N.C. (ed.) Proceedings of the Eleventh Annual ACM Symposium on Principles of Distributed Computing, Vancouver, British Columbia, Canada, 10–12 August 1992, pp. 83–89. ACM (1992)Google Scholar
  115. 115.
    Yao, A.C.-C.: Protocols for secure computations (extended abstract), pp. 160–164 (1982)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Texas A&M UniversityCollege StationUSA
  2. 2.University of Edinburgh and IOHKEdinburghUK

Personalised recommendations